~ ZHPDiag v2015.7.31.106 By Nicolas Coolman (2015/07/31) ~ Run by EIAD (Administrator) (2015/08/01 14:19:28) ~ Site: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Users\EIAD\Desktop\ZHPDiag.txt ~ Report: C:\Users\EIAD\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Activate ~ System startup: Normal (Normal boot) ~ Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Internet Browsers (2) - 0s MFIE: Mozilla Firefox 39.0 (x86 en-US) v39.0 MSIE: Internet Explorer v11.0.9600.16428 ---\\ Windows Product Information (4) - 40s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK Windows Automatic Updates : KO Windows Activation Technologies : KO ---\\ System protection software (1) - 2s ESET NOD32 Antivirus v7.0.302.26 ---\\ System optimization software (1) - 3s CCleaner v5.01 ---\\ Surveillance software (2) - 3s Adobe Flash Player 18 NPAPI Adobe Reader XI ---\\ Information on the system (6) - 0s ~ Operating System: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel ~ Operating System: 64-bit ~ Boot mode: Normal (Normal boot) Total RAM: 4123.312 MB (19% free) ~ System Restore: Activé (Enable) ~ System drive C: has 22 GB free of 101 GB ---\\ Connection to the system mode (3) - 0s ~ Computer Name: EIAD-PC ~ User Name: EIAD ~ Logged in as Administrator ---\\ Enumeration of the disk units (5) - 0s ~ Drive C: has 22 GB free of 101 GB (System) ~ Drive D: has 20 GB free of 181 GB ~ Drive E: has 13 GB free of 183 GB ~ Drive F: has 9 GB free of 131 GB ~ Drive H: has GB free of 6 GB ---\\ State of the Windows Security Center (11) - 0s [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ---\\ Search Generic System Files (23) - 4s [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2871808] [MD5.DD81D91FF3B0763C392422865C9AC12E] - (.Microsoft Corporation - Windows host process (Rundll32).) () -- C:\Windows\System32\rundll32.exe [45568] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) () -- C:\Windows\System32\Wininit.exe [129024] [MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\Windows\System32\wininet.dll [2332160] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) () -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) () -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\Windows\System32\drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) () -- C:\Windows\System32\drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\Windows\System32\drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) () -- C:\Windows\System32\drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\Windows\System32\drivers\volsnap.sys [295808] ---\\ Process running (27) - 5s [MD5.DABD4AB3D049ECA6AFFD61B63A997728] - (.Realtek Semiconductor - Realtek Audio Service.) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496] [PID.1264] [MD5.CAEEA721785050E43EE05BAD3B5E97B4] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600] [PID.1288] [MD5.C9646479FB4A5DB8330E246ECA9408C3] - (...) -- C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040] [PID.1300] [MD5.4CB575D97653FA91FFB02DA3105EB084] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752] [PID.2156] [MD5.18A1B092C7C4E71E38F195917D6D977B] - (.EnablerService - EnablerService.) -- C:\Program Files (x86)\Addon Enabler\EnablerService.exe [627200] [PID.2216] =>PUP.Optional.HDStreamer [MD5.A527E6181F1E58BDF9134DE04AAC2B02] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304] [PID.2264] [MD5.1EB4061EA92513FD8ECB8F0DB5B5D5CD] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392] [PID.2272] [MD5.5A2772DA712495F2A60348DE9F32D0A6] - (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456] [PID.2280] [MD5.804D2FD64AFA10ADC3C7D7995E1B572D] - (.TOSHIBA Corporation - TRCMan.exe.) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [718720] [PID.2344] [MD5.557D1714ABAC67714686173C6379D61E] - (.Intel® Corporation - Intel® PROSet/Wireless WiMAX Connection Uti.) -- C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112] [PID.2368] [MD5.DDDAFD371E2541DB3AFBB5EA481B4ADD] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056] [PID.2472] [MD5.A39D51B1A6A2DB8DB764601AED6165FB] - (.Nitro PDF Software - Nitro PDF Spool Service.) -- C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920] [PID.2640] [MD5.3CE0123A96A41588627C8E870020FACD] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\SysWOW64\NLSSRV32.EXE [69640] [PID.2680] [MD5.4358CA811E35BAB5C8E35E7E1BDB3684] - (...) -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [1609728] [PID.2796] [MD5.836266D31F9B7920ED04C4775E401FBC] - (.Pandora.TV - Pandora.TV service file.) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600] [PID.1840] [MD5.01B08D0C71661BE0B2C903B02AB2B72E] - (.PU-App - PU-App.) -- C:\Users\EIAD\AppData\Local\zfblvtytnek1bjl\zhblbzzwnf81dtl.exe [113083] [PID.1992] [MD5.FBA61BB4C484A01A655AFB18FF86C417] - (.Copyright 2004 - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632] [PID.3144] [MD5.A903E5C565A2677F3960E4AAB7B42280] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056] [PID.3820] [MD5.B2A9D4E3FA88F22DB1518B93D7AE8B9D] - (.Universal Updater © 2014 - Universal Updater.) -- C:\Program Files (x86)\Universal Updater\UpdaterService.exe [402872] [PID.3864] =>PUP.Optional.UniversalUpdater [MD5.F7A7AF65BAF707FC713912DDE4B22C95] - (...) -- C:\Program Files (x86)\My WIFI Router\bmser.exe [1656416] [PID.3956] [MD5.C4A7030F0D7409EC1816F45AC73D80A3] - (.Intel(R) Corporation - WiMAX SDK service for Intel(R) PROSet/Wirel.) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456] [PID.4016] [MD5.DFDEAFFB47094E80493114C874216809] - (.Red Bend Ltd. - Red Bend Device Management Service for Inte.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048] [PID.4076] [MD5.18CC3B3DB8840C6776A69E758A2B8A77] - (.TOSHIBA Corporation - TOSHIBA eco Utility Service.) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe [342464] [PID.3200] [MD5.360959BBD4F451E1AB811F4304232766] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2568120] [PID.4100] [MD5.544D66CE8C715EE5F18E2E4E7CAAE27E] - (.PandoraTV - .) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe [1798696] [PID.1240] [MD5.FB1096AB46B84957AAB9070994FF5202] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [121128] [PID.4216] [MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.5644] ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) (29) - 2s G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://ar.hao123.com/ =>PUP.Optional.Browser G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [aglknbjahjkcidaiepeaakeoechddghn] Facebook Emoticons 2013 G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [bpgpffljkgjmijjdmjbdppndoojdgboe] Facebook Secret Emoticons G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [dlkmfkjmlldmpanlblcdijbombpeenoi] Twitter Emoticons G2 - GCE: Preference [User Data\Default] [egaicdjagfbejjeihijpnelohejdhhjd] Custom Hangout Emoticons G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [fjbbjfdilbioabojmcplalojlmdngbjl] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [gdalhedleemkkdjddjgfjmcnbpejpapp] Facebook for Chrome G2 - GCE: Preference [User Data\Default] [gigempibmkmpklaojfkmgaeflckfdohp] Facebook One G2 - GCE: Preference [User Data\Default] [gighmmpiobklfepjocnamgkkbiglidom] AdBlock G2 - GCE: Preference [User Data\Default] [gponajbpomilcmbmfoipobkikeopjjhp] i2Symbol - Emoticons Smileys Symbols G2 - GCE: Preference [User Data\Default] [hbepadcdhpahlikldbochnhfleejiokp] hbepadcdhpahlikldbochnhfleejiokp G2 - GCE: Preference [User Data\Default] [hehijbfgiekmjfkfjpbkbammjbdenadd] IE Tab G2 - GCE: Preference [User Data\Default] [hkdlcejbjnnmjgajjjfenejacioiimpp] Facebook Emoticons G2 - GCE: Preference [User Data\Default] [igobkilpjmifphjheejimhghjnpnabmj] iKute Emoticons for Facebook Chat G2 - GCE: Preference [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module G2 - GCE: Preference [User Data\Default] [ldipcbpaocekfooobnbcddclnhejkcpn] __MSG_853__ G2 - GCE: Preference [User Data\Default] [lfpjkncokllnfokkgpkobnkbkmelfefj] Linkclump G2 - GCE: Preference [User Data\Default] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Click to Call G2 - GCE: Preference [User Data\Default] [ngpampappnmepgilojfohadhhmbhlaek] IDM Integration Module G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [obhlfmheblhjhkmacldlhdnbgbaiigba] APK Downloader G2 - GCE: Preference [User Data\Default] [oleglodmkonbpfmlffapjfednjopbeeh] {name:HD Streamerversion:1.1.7.0description:High d =>PUP.Optional.HDStreamer G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc. ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (26) - 5s M0 - MFSP: prefs.js [EIAD - x4s0ky9r.default] http://www.google.com.eg/ M1 - SPR:Search Page Redirection - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com P2 - EXT: (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppl3260.dll P2 - EXT: (.RealNetworks, Inc. - 6.0.12.46.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nprpjplug.dll P2 - EXT FILE: (...) -- C:\Users\EIAD\AppData\Roaming\Mozilla\Firefox\Profiles\x4s0ky9r.default\extensions\jid1-8J7ayxTha4KqKQ@jetpack.xpi P2 - EXT FILE: (...) -- C:\Users\EIAD\AppData\Roaming\Mozilla\Firefox\Profiles\x4s0ky9r.default\extensions\jsdeobfuscator@adblockplus.org.xpi P2 - EXT FILE: (...) -- C:\Users\EIAD\AppData\Roaming\Mozilla\Firefox\Profiles\x4s0ky9r.default\extensions\langpack-de@venkman.mozilla.org.xpi P2 - EXT FILE: (...) -- C:\Users\EIAD\AppData\Roaming\Mozilla\Firefox\Profiles\x4s0ky9r.default\extensions\multilinks@plugin.xpi P2 - EXT FILE: (...) -- C:\Users\EIAD\AppData\Roaming\Mozilla\Firefox\Profiles\x4s0ky9r.default\extensions\tinyjsdebugger@enigmail.net.xpi P2 - EXT FILE: (...) -- C:\Users\EIAD\AppData\Roaming\Mozilla\Firefox\Profiles\x4s0ky9r.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\amazondotcom.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bing.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\eBay.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\twitter.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia.xml P2 - EXT: (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo P2 - EXT: (.Mozilla - Default.) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} P2 - EXT: (.HD Streamer - HD Streamer.) -- C:\Users\EIAD\AppData\Roaming\Mozilla\Firefox\Profiles\x4s0ky9r.default\extensions\hd_streamer@iMedia P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll P2 - FPN: [HKLM] [@nitropdf.com/NitroPDF] - (.Nitro PDF.) -- C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.11.2852] - (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real Alternative\Browser\Plugins\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.46] - (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real Alternative\Browser\Plugins\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.1662] - (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real Alternative\Browser\Plugins\nprpjplug.dll P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.46] - (.RealNetworks, Inc..) -- C:\Program Files (x86)\Real Alternative\Browser\Plugins\nprpjplug.dll ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (15) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ar.hao123.com/ =>PUP.Optional.Browser R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer ---\\ Internet Explorer, Proxy Management (R5) (3) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) ---\\ Hosts file redirection (O1) (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (48) ---\\ Browser Helper Object (BHO) (O2) (3) - 1s O2 - BHO: IDM Helper [64Bits] - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll O2 - BHO: (no name) [64Bits] - {02478D38-C3F9-4efb-9B51-7695ECA05670} (Orphean) O2 - BHO: HD Streamer [64Bits] - {E6062A33-016E-4BDA-A6F1-890D989F8656} . (.HD Streamer - ScriptHost.) -- C:\Program Files (x86)\HD Streamer\ScriptHost64.dll =>PUP.Optional.HDStreamer ---\\ Auto loading programs from Registry and folders (O4) (10) - 1s O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe O4 - HKLM\..\Run: [Teco] %ProgramFiles%\TOSHIBA\TECO\Teco.exe O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-2941451498-3517355130-2503662560-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe ---\\ Global shortcuts Startup (O4G) (3) - 13s O4 - GS\Desktop [Administrator]: QQPlayer.lnk . (.Tencent Technology Company limited - QQ Player.) C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe =>PUP.Optional.TencentAddressBar O4 - GS\Desktop [EIAD]: QQPlayer.lnk . (.Tencent Technology Company limited - QQ Player.) C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe =>PUP.Optional.TencentAddressBar O4 - GS\Desktop [Guest]: QQPlayer.lnk . (.Tencent Technology Company limited - QQ Player.) C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe =>PUP.Optional.TencentAddressBar ---\\ Lop.com/Domain Hijackers (O17) (3) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (20) - 2s O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) . (...) - C:\Program Files\Atomic Alarm Clock\timeserv.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Ser (DMAgent) . (.Red Bend Ltd. - Red Bend Device Management Service for Inte.) - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O23 - Service: ESET Service (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Enabler Service (EnablerService) . (.EnablerService - EnablerService.) - C:\Program Files (x86)\Addon Enabler\EnablerService.exe =>PUP.Optional.HDStreamer O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) . (.Nitro PDF Software - Nitro PDF Spool Service.) - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) . (.Nalpeiron Ltd. - This service enables products that use the.) - C:\Windows\SysWOW64\NLSSRV32.EXE O23 - Service: NVIDIA Network Service (NvNetworkService) . (.NVIDIA Corporation - NVIDIA Network Service.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) . (.NVIDIA Corporation - NVIDIA Streamer Service.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.8.) - C:\Windows\system32\nvvsvc.exe O23 - Service: PandoraService (PanService) . (.Pandora.TV - Pandora.TV service file.) - C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) . (.Copyright 2004 - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe O23 - Service: Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor - Realtek Audio Service.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: TeamViewer 10 (TeamViewer) . (.TeamViewer GmbH - TeamViewer 10.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: TOSHIBA eco Utility Service (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation - TOSHIBA eco Utility Service.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: Universal Updater Service (UniversalUpdater) . (.Universal Updater © 2014 - Universal Updater.) - C:\Program Files (x86)\Universal Updater\UpdaterService.exe =>PUP.Optional.Salus O23 - Service: WIFIGXENDHCPSER (WIFIGXENDHCPSER) . (...) - C:\Program Files (x86)\My WIFI Router\bmser.exe O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) . (.Intel(R) Corporation - WiMAX SDK service for Intel(R) PROSet/Wirel.) - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe ---\\ Task Planned Automatically (O39) (70) - 8s [MD5.00000000000000000000000000000000] [APT] [54b401e8-a303-4041-98f8-5a2e48f84f3b-1] (...) -- C:\Program Files (x86)\Apps Hat\Apps Hat-codedownloader.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [54b401e8-a303-4041-98f8-5a2e48f84f3b-5] (...) -- C:\Program Files (x86)\Apps Hat\54b401e8-a303-4041-98f8-5a2e48f84f3b-5.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.E3FB05F33E1404AD606B1E1FE7C323C3] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104] [MD5.9B3355B29942AF67F014EA90CE1EA960] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [268976] [MD5.805210C8DB11D5799E7172923959BF98] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [5489944] [MD5.00000000000000000000000000000000] [APT] [Crossbrowse] (...) -- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe (.not file.) [0] =>PUP.Optional.CrossBrowse [MD5.00000000000000000000000000000000] [APT] [f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-6] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-6.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-7] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-7.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-10_user] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-10.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-3] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-3.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-4] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-4.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5_user] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-6] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-6.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-7] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-7.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core] (.Facebook Inc..) -- C:\Users\EIAD\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d010cc9c44dc5e] (.Facebook Inc..) -- C:\Users\EIAD\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1cf9247f16e6bd5] (.Google Inc..) -- C:\Users\EIAD\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0423da9c6f6b0] (.Google Inc..) -- C:\Users\EIAD\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0c01447ca7430] (.Google Inc..) -- C:\Users\EIAD\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1cf6aea87c2ceb2] (.Google Inc..) -- C:\Users\EIAD\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0423daa53a85f] (.Google Inc..) -- C:\Users\EIAD\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d08fb75bd7b784] (.Google Inc..) -- C:\Users\EIAD\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0c014486752bc] (.Google Inc..) -- C:\Users\EIAD\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [MD5.AB6818A7FF17230A6E5119F6CDD1F85B] [APT] [pLNMD5hEPKK4tJw5zgS0AihLT5j] (.Copyright 2001.) -- C:\Users\EIAD\AppData\Roaming\pLNMD5hEPKK4tJw5zgS0AihLT5j.exe [1246720] =>PUP.Optional.Pirrit [MD5.00000000000000000000000000000000] [APT] [temp_54b401e8-a303-4041-98f8-5a2e48f84f3b-2] (...) -- C:\Users\EIAD\AppData\Local\Temp\nse48C4.tmp\54b401e8-a303-4041-98f8-5a2e48f84f3b-2.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [temp_f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-10_user] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-10.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.00000000000000000000000000000000] [APT] [temp_f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-6] (...) -- C:\Program Files (x86)\CinemaP-1.9cV21.07\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-6.exe (.not file.) [0] =>PUP.Optional.CrossRider [MD5.8148E859A8C771ACFC8C13881A657C75] [APT] [{719E5B8C-1EE8-4531-B429-0F1C5331E6EA}] (.Google Inc..) -- c:\Users\EIAD\AppData\Local\Google\Chrome\application\chrome.exe [813896] O39 - APT: Adobe Flash Player Updater - (...) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830] O39 - APT: FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core - (...) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core.job [902] O39 - APT: FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d010cc9c44dc5e - (...) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d010cc9c44dc5e.job [924] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1cf9247f16e6bd5 - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1cf9247f16e6bd5.job [796] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0423da9c6f6b0 - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0423da9c6f6b0.job [796] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0c01447ca7430 - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0c01447ca7430.job [796] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1cf6aea87c2ceb2 - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1cf6aea87c2ceb2.job [848] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0423daa53a85f - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0423daa53a85f.job [848] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d08fb75bd7b784 - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d08fb75bd7b784.job [848] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0c014486752bc - (...) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0c014486752bc.job [848] O39 - APT: pLNMD5hEPKK4tJw5zgS0AihLT5j - (...) -- C:\Windows\Tasks\pLNMD5hEPKK4tJw5zgS0AihLT5j.job [1022] O39 - APT: 54b401e8-a303-4041-98f8-5a2e48f84f3b-1 - (...) -- C:\Windows\System32\Tasks\54b401e8-a303-4041-98f8-5a2e48f84f3b-1 [3424] =>PUP.Optional.CrossRider O39 - APT: 54b401e8-a303-4041-98f8-5a2e48f84f3b-5 - (...) -- C:\Windows\System32\Tasks\54b401e8-a303-4041-98f8-5a2e48f84f3b-5 [3496] =>PUP.Optional.CrossRider O39 - APT: Adobe Acrobat Update Task - (...) -- C:\Windows\System32\Tasks\Adobe Acrobat Update Task [3886] O39 - APT: Adobe Flash Player Updater - (...) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3768] O39 - APT: CCleanerSkipUAC - (...) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2770] O39 - APT: Crossbrowse - (...) -- C:\Windows\System32\Tasks\Crossbrowse [3082] =>PUP.Optional.CrossBrowse O39 - APT: f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-6 - (...) -- C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-6 [5166] =>PUP.Optional.CrossRider O39 - APT: f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-7 - (...) -- C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-7 [5502] =>PUP.Optional.CrossRider O39 - APT: f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-10_user - (...) -- C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-10_user [4132] =>PUP.Optional.CrossRider O39 - APT: f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-3 - (...) -- C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-3 [6522] =>PUP.Optional.CrossRider O39 - APT: f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-4 - (...) -- C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-4 [6186] =>PUP.Optional.CrossRider O39 - APT: f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5 - (...) -- C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5 [4474] =>PUP.Optional.CrossRider O39 - APT: f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5_user - (...) -- C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5_user [4466] =>PUP.Optional.CrossRider O39 - APT: f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-6 - (...) -- C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-6 [7890] =>PUP.Optional.CrossRider O39 - APT: f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-7 - (...) -- C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-7 [7546] =>PUP.Optional.CrossRider O39 - APT: FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core [3530] O39 - APT: FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d010cc9c44dc5e - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d010cc9c44dc5e [3898] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1cf9247f16e6bd5 - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1cf9247f16e6bd5 [3420] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0423da9c6f6b0 - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0423da9c6f6b0 [3420] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0c01447ca7430 - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000Core1d0c01447ca7430 [3420] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1cf6aea87c2ceb2 - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1cf6aea87c2ceb2 [3816] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0423daa53a85f - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0423daa53a85f [3816] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d08fb75bd7b784 - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d08fb75bd7b784 [3816] O39 - APT: GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0c014486752bc - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941451498-3517355130-2503662560-1000UA1d0c014486752bc [3816] O39 - APT: pLNMD5hEPKK4tJw5zgS0AihLT5j - (...) -- C:\Windows\System32\Tasks\pLNMD5hEPKK4tJw5zgS0AihLT5j [3050] O39 - APT: temp_54b401e8-a303-4041-98f8-5a2e48f84f3b-2 - (...) -- C:\Windows\System32\Tasks\temp_54b401e8-a303-4041-98f8-5a2e48f84f3b-2 [3330] O39 - APT: temp_f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-10_user - (...) -- C:\Windows\System32\Tasks\temp_f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-10_user [4132] O39 - APT: temp_f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-6 - (...) -- C:\Windows\System32\Tasks\temp_f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-6 [7210] O39 - APT: {719E5B8C-1EE8-4531-B429-0F1C5331E6EA} - (.Google Inc..) -- C:\Windows\System32\Tasks\{719E5B8C-1EE8-4531-B429-0F1C5331E6EA} [3172] O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\{82638733-3C24-484C-B191-E67C6D1A3EC0} [3168] ---\\ Software installed (O42) (125) - 26s O42 - Logiciel: Atomic Alarm Clock 6.20 - (.Drive Software Company.) [HKLM][64Bits] -- Atomic Alarm Clock_is1 O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner O42 - Logiciel: n-Track Studio 7 x64 - (.n-Track.) [HKLM][64Bits] -- n-Track Studio 7 O42 - Logiciel: Art Effects for PDR10 - (.NewBlue.) [HKLM][64Bits] -- NewBlue Art Effects for PDR10 O42 - Logiciel: Intel PROSet Wireless - (...) [HKLM][64Bits] -- ProInst O42 - Logiciel: SAM CoDeC Pack - (.www.SamLab.ws.) [HKLM][64Bits] -- SAM CoDeC Pack O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey O42 - Logiciel: Ut Video Codec Suite - (.UMEZAWA Takeshi.) [HKLM][64Bits] -- utvideo_is1 O42 - Logiciel: VLC media player 2.1.3 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player O42 - Logiciel: WinRAR 5.01 beta 1 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver O42 - Logiciel: Xvid MPEG-4 Video Codec - (...) [HKLM][64Bits] -- Xvid_is1 O42 - Logiciel: Nitro Pro 9 - (.Nitro.) [HKLM][64Bits] -- {02EB7080-8735-4D75-9380-A07D25DA06D2} O42 - Logiciel: Java 8 Update 51 (64-bit) - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F86418051F0} O42 - Logiciel: Intel® PROSet/Wireless WiMAX Software - (.Intel Corporation.) [HKLM][64Bits] -- {5F588B19-C575-4750-86FD-6ED2B76E61F1} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Access MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0015-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft Access MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0015-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft Excel MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0016-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft Excel MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0016-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft SharePoint Designer MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0017-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft PowerPoint MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0018-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft PowerPoint MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0018-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft Publisher MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0019-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft Publisher MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0019-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft Outlook MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001A-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft Outlook MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001A-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft Word MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001B-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft Word MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-001B-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft InfoPath MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0044-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft InfoPath MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0044-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft DCF MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0090-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft DCF MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0090-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft OneNote MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00A1-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft OneNote MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00A1-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft Groove MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00BA-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft Groove MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-00BA-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft X MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0101-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-0117-0409-1000-0000000FF1CE} O42 - Logiciel: Microsoft Lync MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-012B-0401-1000-0000000FF1CE} O42 - Logiciel: Microsoft Lync MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-012B-0409-1000-0000000FF1CE} O42 - Logiciel: TOSHIBA Desktop Assist - (.Toshiba Corporation.) [HKLM][64Bits] -- {95CCACF0-010D-45F0-82BF-858643D8BC02} O42 - Logiciel: TOSHIBA PC Health Monitor - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} O42 - Logiciel: CyberLink PowerDirector 10 - (.CyberLink Corp..) [HKLM][64Bits] -- {B0B4F6D2-F2AE-451A-9496-6F2F6A897B32} O42 - Logiciel: NVIDIA Graphics Driver 337.88 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver O42 - Logiciel: NVIDIA GeForce Experience 2.0.1 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience O42 - Logiciel: NVIDIA PhysX System Software 9.13.1220 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX O42 - Logiciel: NVIDIA HD Audio Driver 1.3.30.1 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {C14518AF-1A0F-4D39-8011-69BAA01CD380} O42 - Logiciel: TOSHIBA eco Utility - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9} O42 - Logiciel: KMP Service - (.KMP.) [HKLM][64Bits] -- 4F6D5E84-5826-4394-9F40-3A9A19165651_is1 O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR O42 - Logiciel: Adobe Flash Player 18 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI O42 - Logiciel: Adobe Shockwave Player 12.1 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player O42 - Logiciel: Advanced PDF Password Remover 5.0 - (.Avanced PDF Converter.) [HKLM][64Bits] -- Advanced PDF Password Remover O42 - Logiciel: Advanced RAR Repair v1.2 - (...) [HKLM][64Bits] -- Advanced RAR Repair v1.2 O42 - Logiciel: Autorun Virus Remover 3.2 - (.Autorun Remover.) [HKLM][64Bits] -- Autorun Virus Remover_is1 O42 - Logiciel: Cool Record Edit Deluxe - (.CoolRecordEdit Inc..) [HKLM][64Bits] -- Cool Record Edit Deluxe O42 - Logiciel: EaseUS Partition Master 9.3.0 - (.EaseUS.) [HKLM][64Bits] -- EaseUS Partition Master_is1 O42 - Logiciel: FormatFactory 3.7.0.0 - (.Format Factory.) [HKLM][64Bits] -- FormatFactory O42 - Logiciel: HD Streamer - (.HD Streamer.) [HKLM][64Bits] -- HD Streamer =>PUP.Optional.HDStreamer O42 - Logiciel: Hetman Partition Recovery 2.0 - (...) [HKLM][64Bits] -- Hetman Partition Recovery O42 - Logiciel: SmartSound Quicktracks 5 - (.SmartSound Software Inc..) [HKLM][64Bits] -- InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F} O42 - Logiciel: CyberLink WaveEditor - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3} O42 - Logiciel: CyberLink PowerDirector 10 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32} O42 - Logiciel: 18 WoS Across America - (.ValuSoft.) [HKLM][64Bits] -- InstallShield_{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0} O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380} O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM][64Bits] -- Internet Download Manager O42 - Logiciel: K-Lite Mega Codec Pack 9.7.0 - (...) [HKLM][64Bits] -- KLiteCodecPack_is1 O42 - Logiciel: Mac Blu-ray Player - (.Macgo Inc..) [HKLM][64Bits] -- Mac Blu-ray Player O42 - Logiciel: Mendeley Desktop 1.12.4 - (.Mendeley Ltd..) [HKLM][64Bits] -- Mendeley Desktop O42 - Logiciel: Mortal Kombat Komplete Edition - (.Warner Bros. Interactive Entertainment.) [HKLM][64Bits] -- Mortal Kombat Komplete Edition_is1 O42 - Logiciel: Mozilla Firefox 39.0 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 39.0 (x86 en-US) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService O42 - Logiciel: My WIFI Router 2014.05.20.001 - (.TX Network Inc..) [HKLM][64Bits] -- My WIFI Router O42 - Logiciel: n-Track Studio 7 - (.n-Track.) [HKLM][64Bits] -- n-Track Studio 7 O42 - Logiciel: Nero 11 - (...) [HKLM][64Bits] -- Nero 11 O42 - Logiciel: PDF Password Remover v3.1 - (.VeryPDF.com Inc.) [HKLM][64Bits] -- PDF Password Remover v3.1_is1 O42 - Logiciel: Pesgalaxy.com Patch 2015 - (.Pesgalaxy.) [HKLM][64Bits] -- Pesgalaxy.com Patch 2015 4.50 O42 - Logiciel: Pesgalaxy.com Patch 2015 DLC Installer - (.Pesgalaxy.) [HKLM][64Bits] -- Pesgalaxy.com Patch 2015 DLC Installer 4.00 O42 - Logiciel: post - (.mahmoud.) [HKLM][64Bits] -- post1.0 O42 - Logiciel: PowerISO - (.Power Software Ltd.) [HKLM][64Bits] -- PowerISO O42 - Logiciel: Raise Data Recovery for NTFS, version 5.15 - (.LLC "SysDev Laboratories".) [HKLM][64Bits] -- Raise Data Recovery for NTFS_is1 O42 - Logiciel: RAR Repair Tool v.4.0 - (.ZRT Labs.) [HKLM][64Bits] -- RAR Repair Tool_is1 O42 - Logiciel: Readiris Corporate 12 Middle East Edition - (...) [HKLM][64Bits] -- Readiris Corporate 12 Middle East Edition O42 - Logiciel: Real Alternative 1.8.0 - (...) [HKLM][64Bits] -- RealAlt_is1 O42 - Logiciel: Recover My Files - (.GetData Pty Ltd.) [HKLM][64Bits] -- Recover My Files v5_is1 O42 - Logiciel: Recovery Toolbox for RAR 1.1 - (.Recovery Toolbox, Inc..) [HKLM][64Bits] -- Recovery Toolbox for RAR_is1 O42 - Logiciel: ResearchSoft Direct Export Helper - (.Thomson Reuters.) [HKLM][64Bits] -- ResearchSoft Direct Export Helper O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- Steam O42 - Logiciel: TeamViewer 10 - (.TeamViewer.) [HKLM][64Bits] -- TeamViewer O42 - Logiciel: The KMPlayer (remove only) - (.PandoraTV.) [HKLM][64Bits] -- The KMPlayer O42 - Logiciel: Train Simulator 2014 Steam Edition version 0.0.0.9 - (.WaLMaRT.) [HKLM][64Bits] -- Train Simulator 2014 Steam Edition_is1 O42 - Logiciel: Pro Evolution Soccer 2015 - (...) [HKLM][64Bits] -- UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1 O42 - Logiciel: VLC media player 2.0.4 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player O42 - Logiciel: WebcamMax - (.COOLWAREMAX.) [HKLM][64Bits] -- WebcamMax O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM][64Bits] -- Winamp O42 - Logiciel: Microsoft Windows Media Video 9 VCM - (...) [HKLM][64Bits] -- WMV9_VCM O42 - Logiciel: Yahoo! Messenger - (.Yahoo! Inc..) [HKLM][64Bits] -- Yahoo! Messenger O42 - Logiciel: Visual C++ 9.0 CRT (x86) WinSXS MSM - (.Microsoft Corporation.) [HKLM][64Bits] -- {0138F525-6C8A-333F-A105-14AE030B9A54} O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM][64Bits] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7} O42 - Logiciel: Google Books Downloader version 2.3 - (.GBOOKSDOWNLOADER.COM.) [HKLM][64Bits] -- {216729B6-014A-F413-814F-F17F74FBA113}_is1 O42 - Logiciel: Skype™ 7.6 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7} O42 - Logiciel: Java 8 Update 51 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83218051F0} O42 - Logiciel: SmartSound Quicktracks 5 - (.SmartSound Software Inc..) [HKLM][64Bits] -- {2F8BA3FD-1FA9-4279-B696-712ABB12F09F} O42 - Logiciel: CyberLink WaveEditor - (.CyberLink Corp..) [HKLM][64Bits] -- {324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3} O42 - Logiciel: Aid file recovery software professional version 3.6.7.2 - (.Mitusoft, Inc..) [HKLM][64Bits] -- {456B239A-C1E0-4178-810E-8E8F09B06877}_is1 O42 - Logiciel: Visual C++ 9.0 CRT (x86) WinSXS MSM - (.Microsoft Corporation.) [HKLM][64Bits] -- {50FC30FE-9758-3B08-B886-7BAABC047B61} O42 - Logiciel: System Requirements Lab Detection - (.Husdawg, LLC.) [HKLM][64Bits] -- {5629F0ED-1A39-4C61-9656-ABDC8FF93757} O42 - Logiciel: TOSHIBA Web Camera Application - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {5E6F6CF3-BACC-4144-868C-E14622C658F3} O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726} O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM][64Bits] -- {6D1221A9-17BF-4EC0-81F2-27D30EC30701} O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM][64Bits] -- {80407BA7-7763-4395-AB98-5233F1B34E65} O42 - Logiciel: EndNote X7 - (.Thomson Reuters.) [HKLM][64Bits] -- {86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C} O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} O42 - Logiciel: Etisalat USB modem - (.Etisalat.) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D} O42 - Logiciel: System Requirements Lab - (.Husdawg, LLC.) [HKLM][64Bits] -- {A92D0DBB-834A-4CAD-A434-F2232C692516} O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824147215} O42 - Logiciel: Adobe Reader XI (11.0.12) - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AB0000000001} O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {B92C2C6C-F70E-497B-88A7-1FEF9888272B} O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: Lagarith Lossless Codec (1.3.27) - (...) [HKLM][64Bits] -- {F59AC46C-10C3-4023-882C-4212A92283B3}_is1 O42 - Logiciel: TOSHIBA Remote Control Manager - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {FEB650EB-7639-444E-9FC2-C33EE6ED1A37} O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU][64Bits] -- Google Chrome O42 - Logiciel: QQ??3.7 - (.????(??)????.) [HKCU][64Bits] -- QQPlayer ---\\ HKCU & HKLM Software Keys (219) - 26s HKLM\SOFTWARE\Wow6432Node\Adobe HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies HKLM\SOFTWARE\Wow6432Node\AMD HKLM\SOFTWARE\Wow6432Node\AppDataLow HKLM\SOFTWARE\Wow6432Node\Apple Inc. HKLM\SOFTWARE\Wow6432Node\ArenaHD =>PUP.Optional.CrossRider HKLM\SOFTWARE\Wow6432Node\Auslogics HKLM\SOFTWARE\Wow6432Node\AviSynth HKLM\SOFTWARE\Wow6432Node\Baidu HKLM\SOFTWARE\Wow6432Node\Baidu Security HKLM\SOFTWARE\Wow6432Node\Baidu_Drp_pos HKLM\SOFTWARE\Wow6432Node\Black Sea Studios HKLM\SOFTWARE\Wow6432Node\Caphyon HKLM\SOFTWARE\Wow6432Node\ccktr.exe HKLM\SOFTWARE\Wow6432Node\CDDB HKLM\SOFTWARE\Wow6432Node\Crossbrowse =>PUP.Optional.CrossBrowse HKLM\SOFTWARE\Wow6432Node\CyberLink HKLM\SOFTWARE\Wow6432Node\EASEUS HKLM\SOFTWARE\Wow6432Node\ESET HKLM\SOFTWARE\Wow6432Node\Etisalat HKLM\SOFTWARE\Wow6432Node\EVP HKLM\SOFTWARE\Wow6432Node\GlobalUpdate =>PUP.Optional.GlobalUpdate HKLM\SOFTWARE\Wow6432Node\GN2 HKLM\SOFTWARE\Wow6432Node\GNU HKLM\SOFTWARE\Wow6432Node\Google HKLM\SOFTWARE\Wow6432Node\GRETECH HKLM\SOFTWARE\Wow6432Node\HaaliMkx HKLM\SOFTWARE\Wow6432Node\HighDefAction =>PUP.Optional.CrossRider HKLM\SOFTWARE\Wow6432Node\I.R.I.S. HKLM\SOFTWARE\Wow6432Node\IM Providers HKLM\SOFTWARE\Wow6432Node\InstallShield HKLM\SOFTWARE\Wow6432Node\Intel HKLM\SOFTWARE\Wow6432Node\Internet Download Manager HKLM\SOFTWARE\Wow6432Node\InterVideo HKLM\SOFTWARE\Wow6432Node\ISI ResearchSoft HKLM\SOFTWARE\Wow6432Node\JavaSoft HKLM\SOFTWARE\Wow6432Node\JreMetrics HKLM\SOFTWARE\Wow6432Node\Khronos HKLM\SOFTWARE\Wow6432Node\KLCodecPack HKLM\SOFTWARE\Wow6432Node\KMPlayer HKLM\SOFTWARE\Wow6432Node\KONAMI HKLM\SOFTWARE\Wow6432Node\lameme HKLM\SOFTWARE\Wow6432Node\LAV HKLM\SOFTWARE\Wow6432Node\Licenses HKLM\SOFTWARE\Wow6432Node\Macromedia HKLM\SOFTWARE\Wow6432Node\McAfee.com HKLM\SOFTWARE\Wow6432Node\mcafeeupdater HKLM\SOFTWARE\Wow6432Node\Mendeley Ltd. HKLM\SOFTWARE\Wow6432Node\Mozilla HKLM\SOFTWARE\Wow6432Node\mozilla.org HKLM\SOFTWARE\Wow6432Node\MozillaPlugins HKLM\SOFTWARE\Wow6432Node\n-Track7 HKLM\SOFTWARE\Wow6432Node\Nalpeiron HKLM\SOFTWARE\Wow6432Node\Nero HKLM\SOFTWARE\Wow6432Node\Nitro HKLM\SOFTWARE\Wow6432Node\Nuance HKLM\SOFTWARE\Wow6432Node\Nullsoft HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation HKLM\SOFTWARE\Wow6432Node\ODBC HKLM\SOFTWARE\Wow6432Node\Pandora.TV HKLM\SOFTWARE\Wow6432Node\PowerISO HKLM\SOFTWARE\Wow6432Node\PowerPivot HKLM\SOFTWARE\Wow6432Node\R-TT HKLM\SOFTWARE\Wow6432Node\RealAlternative HKLM\SOFTWARE\Wow6432Node\RealNetworks HKLM\SOFTWARE\Wow6432Node\Realtek HKLM\SOFTWARE\Wow6432Node\Remo Software HKLM\SOFTWARE\Wow6432Node\Rocket Division Software HKLM\SOFTWARE\Wow6432Node\Rockstar Games HKLM\SOFTWARE\Wow6432Node\Skype HKLM\SOFTWARE\Wow6432Node\SmartSound Software HKLM\SOFTWARE\Wow6432Node\SourceTec HKLM\SOFTWARE\Wow6432Node\Stellar Data Recovery HKLM\SOFTWARE\Wow6432Node\Symantec HKLM\SOFTWARE\Wow6432Node\SystemSafe HKLM\SOFTWARE\Wow6432Node\TeamViewer HKLM\SOFTWARE\Wow6432Node\Tencent =>PUP.Optional.TencentAddressBar HKLM\SOFTWARE\Wow6432Node\TOSHIBA HKLM\SOFTWARE\Wow6432Node\TOSHIBA Corporation HKLM\SOFTWARE\Wow6432Node\Trymedia Systems =>PUP.Optional.Trymedia HKLM\SOFTWARE\Wow6432Node\TuneUp HKLM\SOFTWARE\Wow6432Node\Universal HKLM\SOFTWARE\Wow6432Node\ValuSoft HKLM\SOFTWARE\Wow6432Node\Valve HKLM\SOFTWARE\Wow6432Node\VideoLAN HKLM\SOFTWARE\Wow6432Node\VST HKLM\SOFTWARE\Wow6432Node\WebcamMax HKLM\SOFTWARE\Wow6432Node\WIBU-SYSTEMS HKLM\SOFTWARE\Wow6432Node\Wise Solutions HKLM\SOFTWARE\Wow6432Node\Yahoo HKLM\SOFTWARE\Wow6432Node\YorkNewCin =>PUP.Optional.CrossRider HKLM\SOFTWARE\Wow6432Node\ZTEUSBDriverFlag HKLM\SOFTWARE\Wow6432Node\RegisteredApplications HKCU\SOFTWARE\3rd Eye Solutions HKCU\SOFTWARE\8.1 HKCU\SOFTWARE\A0 Digital Audio HKCU\SOFTWARE\AC3Filter HKCU\SOFTWARE\ACE Compression Software HKCU\SOFTWARE\Active@ File Preview HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\Aidfile recovery professional HKCU\SOFTWARE\AnchorFree HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\apple HKCU\SOFTWARE\Apple Computer, Inc. HKCU\SOFTWARE\ARAR HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKCU\SOFTWARE\AtomicAlarmClock60 HKCU\SOFTWARE\Baidu HKCU\SOFTWARE\Baidu Security HKCU\SOFTWARE\BugSplat HKCU\SOFTWARE\Camfrog HKCU\SOFTWARE\Cheat Engine HKCU\SOFTWARE\Chromium HKCU\SOFTWARE\Cineform HKCU\SOFTWARE\CinemaP-1.9cV21.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\CoinisRS =>PUP.Optional.InstallCore HKCU\SOFTWARE\Cool Record Edit Deluxe HKCU\SOFTWARE\CoreAAC HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse HKCU\SOFTWARE\CyberLink HKCU\SOFTWARE\DashSignature.com HKCU\SOFTWARE\DirectShow HKCU\SOFTWARE\DownloadManager HKCU\SOFTWARE\drpsu HKCU\SOFTWARE\DRPSu Updater HKCU\SOFTWARE\DSP-worx HKCU\SOFTWARE\EaseUS HKCU\SOFTWARE\Epic MegaGames HKCU\SOFTWARE\ESET HKCU\SOFTWARE\Facebook HKCU\SOFTWARE\Flash Player Pro HKCU\SOFTWARE\FLT HKCU\SOFTWARE\FreeTime HKCU\SOFTWARE\Gabest HKCU\SOFTWARE\GameHouse HKCU\SOFTWARE\GameSpy HKCU\SOFTWARE\GetData HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate HKCU\SOFTWARE\GN2 HKCU\SOFTWARE\GNU HKCU\SOFTWARE\Google HKCU\SOFTWARE\GRETECH HKCU\SOFTWARE\Haali HKCU\SOFTWARE\Hetman Software HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKCU\SOFTWARE\Icaros HKCU\SOFTWARE\IE Tab HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\Intel HKCU\SOFTWARE\Iris HKCU\SOFTWARE\ISI ResearchSoft HKCU\SOFTWARE\Jae Lee productions HKCU\SOFTWARE\JavaSoft HKCU\SOFTWARE\kde.org HKCU\SOFTWARE\KMPlayer HKCU\SOFTWARE\KraiSoft HKCU\SOFTWARE\Licenses HKCU\SOFTWARE\Loons HKCU\SOFTWARE\MacGo HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\MCAFEE HKCU\SOFTWARE\MediaInfo HKCU\SOFTWARE\Mendeley Ltd. HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\MPC-BE HKCU\SOFTWARE\MPC-HC HKCU\SOFTWARE\n-Track7 HKCU\SOFTWARE\Nero HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\NewBlue HKCU\SOFTWARE\Nitro HKCU\SOFTWARE\Nitro PDF HKCU\SOFTWARE\NVIDIA Corporation HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\PlayfulAge HKCU\SOFTWARE\PowerISO HKCU\SOFTWARE\QuickPar HKCU\SOFTWARE\R-TT HKCU\SOFTWARE\RealNetworks HKCU\SOFTWARE\Realtek HKCU\SOFTWARE\Recovery Toolbox for RAR HKCU\SOFTWARE\RegisteredApplications HKCU\SOFTWARE\RLZer HKCU\SOFTWARE\SamLab.ws HKCU\SOFTWARE\Sierra On-Line HKCU\SOFTWARE\skype HKCU\SOFTWARE\SkypeRS HKCU\SOFTWARE\Softonic =>PUP.Optional.Softonic HKCU\SOFTWARE\SourceTec HKCU\SOFTWARE\Stellar HKCU\SOFTWARE\Synaptics HKCU\SOFTWARE\System Requirements Lab HKCU\SOFTWARE\SystemSafe HKCU\SOFTWARE\TeamViewer HKCU\SOFTWARE\Tencent =>PUP.Optional.TencentAddressBar HKCU\SOFTWARE\TOSHIBA HKCU\SOFTWARE\Trolltech HKCU\SOFTWARE\TrongCorp HKCU\SOFTWARE\TuneUp HKCU\SOFTWARE\Unity HKCU\SOFTWARE\Ut Video Codec Suite HKCU\SOFTWARE\ValuSoft HKCU\SOFTWARE\Valve HKCU\SOFTWARE\VST HKCU\SOFTWARE\Winamp HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\Yahoo HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\ZRT Labs HKCU\SOFTWARE\AppDataLow\Software HKCU\SOFTWARE\AppDataLow\Software\Adobe HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider HKCU\SOFTWARE\AppDataLow\Software\JavaSoft HKCU\SOFTWARE\AppDataLow\Software\Yahoo ---\\ Contents of the Common Files folders (O43) (322) - 21s O43 - CFD: 2014/09/13 08:00:23 - [] D -- C:\Program Files (x86)\18 WoS Across America O43 - CFD: 2014/06/09 22:57:20 - [] D -- C:\Program Files (x86)\Addon Enabler =>PUP.Optional.HDStreamer O43 - CFD: 2014/01/30 22:38:37 - [] D -- C:\Program Files (x86)\Adobe O43 - CFD: 2013/12/20 10:32:06 - [] D -- C:\Program Files (x86)\Advanced PDF Password Remover 5.0 O43 - CFD: 2014/04/21 12:58:23 - [0] D -- C:\Program Files (x86)\AGEIA Technologies O43 - CFD: 2015/01/05 20:16:47 - [] D -- C:\Program Files (x86)\Aid file recovery Professional O43 - CFD: 2015/02/20 23:15:03 - [] D -- C:\Program Files (x86)\ARAR O43 - CFD: 2013/12/25 22:10:23 - [] D -- C:\Program Files (x86)\AutorunRemover O43 - CFD: 2013/12/13 14:20:23 - [] D -- C:\Program Files (x86)\Babylon =>PUP.Optional.Babylon O43 - CFD: 2014/12/15 21:31:17 - [] D -- C:\Program Files (x86)\baidu O43 - CFD: 2014/04/20 22:32:10 - [] D -- C:\Program Files (x86)\Baidu Security O43 - CFD: 2015/01/27 23:24:49 - [0] D -- C:\Program Files (x86)\Cheatbook Database 2011 O43 - CFD: 2015/01/25 14:28:18 - [] D -- C:\Program Files (x86)\CodeMeter O43 - CFD: 2015/08/01 13:31:20 - [] D -- C:\Program Files (x86)\Common Files O43 - CFD: 2014/03/06 21:34:52 - [] D -- C:\Program Files (x86)\Cool Record Edit Deluxe O43 - CFD: 2014/12/07 14:48:20 - [] D -- C:\Program Files (x86)\Cyberlink O43 - CFD: 2014/08/01 22:19:54 - [] D -- C:\Program Files (x86)\Data Recovery O43 - CFD: 2014/03/08 20:48:13 - [] D -- C:\Program Files (x86)\DriverUninstall O43 - CFD: 2015/07/20 00:47:43 - [] D -- C:\Program Files (x86)\EaseUS O43 - CFD: 2015/07/02 21:46:48 - [] D -- C:\Program Files (x86)\EndNote X7 O43 - CFD: 2015/07/19 19:02:26 - [] D -- C:\Program Files (x86)\Etisalat USB modem O43 - CFD: 2013/11/22 00:11:01 - [] D -- C:\Program Files (x86)\FreeTime O43 - CFD: 2015/01/25 14:28:04 - [] D -- C:\Program Files (x86)\GetData O43 - CFD: 2015/07/23 00:18:11 - [] D -- C:\Program Files (x86)\globalUpdate =>PUP.Optional.GlobalUpdate O43 - CFD: 2014/02/18 00:12:26 - [] D -- C:\Program Files (x86)\Google Books Downloader O43 - CFD: 2014/12/11 21:41:49 - [0] D -- C:\Program Files (x86)\GRETECH O43 - CFD: 2014/04/29 20:38:08 - [] D -- C:\Program Files (x86)\HD Streamer =>PUP.Optional.HDStreamer O43 - CFD: 2015/01/27 14:08:53 - [] D -- C:\Program Files (x86)\Hetman Software O43 - CFD: 2014/12/07 14:51:35 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 2013/11/22 22:44:54 - [0] D -- C:\Program Files (x86)\Intel O43 - CFD: 2015/05/30 12:22:24 - [] D -- C:\Program Files (x86)\Internet Download Manager O43 - CFD: 2013/11/16 23:39:59 - [] D -- C:\Program Files (x86)\Internet Explorer O43 - CFD: 2015/08/01 13:32:03 - [] D -- C:\Program Files (x86)\Java O43 - CFD: 2014/06/27 21:54:43 - [] D -- C:\Program Files (x86)\K-Lite Codec Pack O43 - CFD: 2015/07/05 16:28:31 - [] D -- C:\Program Files (x86)\MacGo O43 - CFD: 2015/03/17 00:11:47 - [] D -- C:\Program Files (x86)\Martial.Arts.Capoeira-KaOs O43 - CFD: 2014/12/13 21:56:27 - [] D -- C:\Program Files (x86)\Mendeley Desktop O43 - CFD: 2013/11/23 10:52:56 - [] D -- C:\Program Files (x86)\Microsoft Analysis Services O43 - CFD: 2013/11/23 10:52:37 - [] D -- C:\Program Files (x86)\Microsoft Office O43 - CFD: 2013/11/22 19:34:39 - [] D -- C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 2013/11/23 10:57:23 - [] D -- C:\Program Files (x86)\Microsoft SQL Server O43 - CFD: 2013/11/23 10:57:23 - [] D -- C:\Program Files (x86)\Microsoft.NET O43 - CFD: 2015/07/09 20:44:23 - [] D -- C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 2015/07/09 20:44:23 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service O43 - CFD: 2009/07/14 07:32:38 - [] D -- C:\Program Files (x86)\MSBuild O43 - CFD: 2013/12/04 22:14:52 - [] D -- C:\Program Files (x86)\MSECache O43 - CFD: 2015/07/29 00:47:01 - [] D -- C:\Program Files (x86)\My WIFI Router O43 - CFD: 2014/03/31 20:38:01 - [] D -- C:\Program Files (x86)\n-Track O43 - CFD: 2014/03/08 19:43:39 - [] D -- C:\Program Files (x86)\Nero O43 - CFD: 2013/11/22 00:14:13 - [] D -- C:\Program Files (x86)\Nitro O43 - CFD: 2014/07/25 23:32:48 - [] D -- C:\Program Files (x86)\NVIDIA Corporation O43 - CFD: 2013/11/23 14:14:13 - [] D -- C:\Program Files (x86)\PANDORA.TV O43 - CFD: 2014/04/17 20:31:32 - [] D -- C:\Program Files (x86)\PDF Password Remover v3.1 O43 - CFD: 2015/07/23 01:30:01 - [] D -- C:\Program Files (x86)\PicosmosTools O43 - CFD: 2015/02/19 12:00:59 - [] D -- C:\Program Files (x86)\R-Studio O43 - CFD: 2015/01/27 13:14:23 - [] D -- C:\Program Files (x86)\R.G. Mechanics O43 - CFD: 2015/02/27 00:11:16 - [] D -- C:\Program Files (x86)\Rar Repair Tool O43 - CFD: 2014/03/01 15:23:13 - [] D -- C:\Program Files (x86)\Readiris Corporate 12 Middle East Edition O43 - CFD: 2014/06/27 21:46:21 - [] D -- C:\Program Files (x86)\Real Alternative O43 - CFD: 2013/11/22 22:46:13 - [] D -- C:\Program Files (x86)\Realtek O43 - CFD: 2015/02/26 22:07:20 - [] D -- C:\Program Files (x86)\Recovery Toolbox for RAR O43 - CFD: 2009/07/14 07:32:38 - [] D -- C:\Program Files (x86)\Reference Assemblies O43 - CFD: 2013/11/22 19:32:19 - [] D -- C:\Program Files (x86)\SAM CoDeC Pack O43 - CFD: 2015/07/09 03:27:14 - [] RD -- C:\Program Files (x86)\Skype O43 - CFD: 2014/12/07 14:47:04 - [] D -- C:\Program Files (x86)\SmartSound Software O43 - CFD: 2014/01/28 11:05:15 - [0] D -- C:\Program Files (x86)\SourceTec O43 - CFD: 2015/08/01 13:21:54 - [] D -- C:\Program Files (x86)\Steam O43 - CFD: 2015/02/27 00:08:15 - [] D -- C:\Program Files (x86)\Stronghold Crusader 2 O43 - CFD: 2015/04/24 15:46:09 - [] D -- C:\Program Files (x86)\SystemRequirementsLab O43 - CFD: 2015/07/24 16:57:04 - [] D -- C:\Program Files (x86)\TeamViewer O43 - CFD: 2014/12/17 22:05:38 - [] D -- C:\Program Files (x86)\Tencent =>PUP.Optional.TencentAddressBar O43 - CFD: 2014/09/08 09:32:08 - [] D -- C:\Program Files (x86)\The KMPlayer O43 - CFD: 2013/11/22 22:43:48 - [] D -- C:\Program Files (x86)\TOSHIBA O43 - CFD: 2009/07/14 06:57:06 - [0] HD -- C:\Program Files (x86)\Uninstall Information O43 - CFD: 2014/04/20 22:52:25 - [] D -- C:\Program Files (x86)\Universal Updater =>PUP.Optional.UniversalUpdater O43 - CFD: 2014/09/09 03:08:31 - [] D -- C:\Program Files (x86)\Valusoft O43 - CFD: 2014/06/27 21:54:52 - [] D -- C:\Program Files (x86)\VideoLAN O43 - CFD: 2015/01/27 14:42:15 - [] D -- C:\Program Files (x86)\WebcamMax O43 - CFD: 2013/11/23 22:39:22 - [] D -- C:\Program Files (x86)\Winamp O43 - CFD: 2013/11/16 23:55:48 - [] D -- C:\Program Files (x86)\Windows Defender O43 - CFD: 2013/04/20 21:25:28 - [] D -- C:\Program Files (x86)\Windows Mail O43 - CFD: 2013/04/20 21:25:28 - [] D -- C:\Program Files (x86)\Windows Media Player O43 - CFD: 2009/07/14 07:32:38 - [] D -- C:\Program Files (x86)\Windows NT O43 - CFD: 2013/04/20 21:25:28 - [] D -- C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 2010/11/21 05:31:38 - [] D -- C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 2013/04/20 21:25:28 - [] D -- C:\Program Files (x86)\Windows Sidebar O43 - CFD: 2014/12/31 14:37:09 - [] D -- C:\Program Files (x86)\Yahoo! O43 - CFD: 2014/05/24 16:44:58 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default) O43 - CFD: 2014/09/13 07:59:19 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Across America O43 - CFD: 2013/11/17 00:19:48 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2013/11/16 23:24:17 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2013/12/20 10:30:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PDF Password Remover 5.0 O43 - CFD: 2015/02/20 23:14:59 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair O43 - CFD: 2015/01/05 20:16:47 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aid file recovery Professional O43 - CFD: 2013/12/09 19:02:17 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atomic Alarm Clock O43 - CFD: 2013/12/25 22:10:23 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutorunRemover O43 - CFD: 2014/12/30 14:45:07 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 2014/12/07 14:46:26 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10 O43 - CFD: 2014/08/01 22:19:54 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Recovery O43 - CFD: 2015/07/20 00:48:08 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.3.0 O43 - CFD: 2015/07/02 21:46:49 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote O43 - CFD: 2013/11/23 12:20:11 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET O43 - CFD: 2014/03/08 20:48:28 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Etisalat USB modem O43 - CFD: 2014/06/23 22:43:52 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 2014/02/18 00:12:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader O43 - CFD: 2015/02/19 12:00:32 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTASAConsole O43 - CFD: 2015/03/28 14:47:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Egypt O43 - CFD: 2015/01/27 14:09:04 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hetman Software O43 - CFD: 2013/11/22 19:59:20 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless O43 - CFD: 2015/05/30 12:21:09 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 2014/11/05 20:26:47 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java O43 - CFD: 2014/06/27 21:54:42 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack O43 - CFD: 2009/07/14 06:57:09 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2014/12/13 21:56:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop O43 - CFD: 2013/11/23 10:58:53 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 O43 - CFD: 2013/11/22 19:35:42 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight O43 - CFD: 2015/05/31 13:41:08 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat Komplete Edition O43 - CFD: 2014/03/08 19:44:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 11 O43 - CFD: 2014/12/07 14:47:39 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue O43 - CFD: 2013/11/22 23:20:13 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation O43 - CFD: 2013/11/23 14:14:14 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV O43 - CFD: 2014/04/17 20:29:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Password Remover v3.1 O43 - CFD: 2014/07/03 11:14:35 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2013 Patch O43 - CFD: 2015/07/15 02:52:52 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015 O43 - CFD: 2015/07/15 02:03:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pesgalaxy.com Patch 2015 DLC Installer O43 - CFD: 2014/12/11 22:33:48 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\post O43 - CFD: 2013/11/21 23:43:24 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO O43 - CFD: 2015/02/26 23:35:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar O43 - CFD: 2015/02/27 00:11:16 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rar Repair Tool O43 - CFD: 2014/06/27 21:46:21 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative O43 - CFD: 2015/02/26 22:07:20 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Toolbox for RAR O43 - CFD: 2013/11/22 19:32:19 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAM CoDeC Pack O43 - CFD: 2014/12/01 20:20:09 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 2015/05/30 21:18:19 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 2015/05/15 01:17:51 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam O43 - CFD: 2011/04/12 10:28:08 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 2013/11/22 22:42:12 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA O43 - CFD: 2014/09/09 01:53:22 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valusoft O43 - CFD: 2014/09/26 19:42:16 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN O43 - CFD: 2015/01/27 14:42:12 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebcamMax O43 - CFD: 2013/11/22 00:12:48 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 2014/01/03 22:29:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger O43 - CFD: 2014/01/30 22:38:40 - [] D -- C:\ProgramData\Adobe O43 - CFD: 2015/01/27 14:42:16 - [] D -- C:\ProgramData\APN =>Toolbar.Ask O43 - CFD: 2009/07/14 07:08:56 - [0] SHD -- C:\ProgramData\Application Data O43 - CFD: 2014/06/23 23:44:04 - [] D -- C:\ProgramData\Auslogics O43 - CFD: 2015/02/24 00:27:12 - [0] D -- C:\ProgramData\Babylon =>PUP.Optional.Babylon O43 - CFD: 2014/12/15 21:30:24 - [] D -- C:\ProgramData\Baidu O43 - CFD: 2014/05/22 11:22:07 - [] D -- C:\ProgramData\Baidu Security O43 - CFD: 2013/11/22 22:39:36 - [] D -- C:\ProgramData\Blio O43 - CFD: 2014/04/21 00:42:12 - [] D -- C:\ProgramData\BlueStacksSetup O43 - CFD: 2014/12/07 14:43:26 - [] D -- C:\ProgramData\CLSK O43 - CFD: 2014/11/07 13:24:54 - [] HD -- C:\ProgramData\Common Files O43 - CFD: 2014/12/07 16:03:32 - [] D -- C:\ProgramData\CyberLink O43 - CFD: 2009/07/14 07:08:56 - [0] SHD -- C:\ProgramData\Desktop O43 - CFD: 2009/07/14 07:08:56 - [0] SHD -- C:\ProgramData\Documents O43 - CFD: 2014/12/07 14:47:04 - [] D -- C:\ProgramData\eSellerate O43 - CFD: 2013/11/23 12:20:11 - [] D -- C:\ProgramData\ESET O43 - CFD: 2009/07/14 07:08:56 - [0] SHD -- C:\ProgramData\Favorites O43 - CFD: 2015/01/23 14:38:13 - [] D -- C:\ProgramData\Firefly Studios O43 - CFD: 2013/11/22 00:05:32 - [0] D -- C:\ProgramData\IDM O43 - CFD: 2013/11/22 20:00:55 - [] D -- C:\ProgramData\Intel O43 - CFD: 2014/11/20 21:01:41 - [] D -- C:\ProgramData\KONAMI O43 - CFD: 2014/04/20 22:51:29 - [0] D -- C:\ProgramData\Log O43 - CFD: 2014/01/31 14:22:17 - [] D -- C:\ProgramData\McAfee O43 - CFD: 2015/06/10 22:29:57 - [] SD -- C:\ProgramData\Microsoft O43 - CFD: 2015/03/28 14:44:15 - [] D -- C:\ProgramData\Microsoft Help O43 - CFD: 2015/03/19 11:44:02 - [] D -- C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS O43 - CFD: 2013/11/22 00:21:14 - [] D -- C:\ProgramData\Mozilla O43 - CFD: 2013/11/22 00:14:12 - [] D -- C:\ProgramData\Nitro O43 - CFD: 2015/01/02 20:37:22 - [] D -- C:\ProgramData\NVIDIA O43 - CFD: 2014/07/25 23:37:50 - [] D -- C:\ProgramData\NVIDIA Corporation O43 - CFD: 2015/08/01 13:32:09 - [] D -- C:\ProgramData\Oracle O43 - CFD: 2015/07/15 02:01:58 - [] D -- C:\ProgramData\Package Cache O43 - CFD: 2014/12/22 20:19:32 - [] D -- C:\ProgramData\PlayFirst O43 - CFD: 2014/12/31 13:25:23 - [] D -- C:\ProgramData\PlayfulAge O43 - CFD: 2014/06/27 21:46:16 - [0] D -- C:\ProgramData\Real O43 - CFD: 2013/11/23 10:56:48 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 2015/07/09 03:27:01 - [] D -- C:\ProgramData\Skype O43 - CFD: 2014/12/07 14:47:30 - [] D -- C:\ProgramData\SmartSound Software Inc O43 - CFD: 2009/07/14 07:08:56 - [0] SHD -- C:\ProgramData\Start Menu O43 - CFD: 2014/11/20 21:00:55 - [] D -- C:\ProgramData\Steam O43 - CFD: 2014/02/02 21:41:46 - [] D -- C:\ProgramData\Sun O43 - CFD: 2015/04/24 16:09:43 - [] D -- C:\ProgramData\SystemRequirementsLab O43 - CFD: 2015/02/23 23:47:33 - [] AD -- C:\ProgramData\Temp O43 - CFD: 2009/07/14 07:08:56 - [0] SHD -- C:\ProgramData\Templates O43 - CFD: 2015/01/05 20:28:15 - [] D -- C:\ProgramData\Tencent =>PUP.Optional.TencentAddressBar O43 - CFD: 2015/07/02 21:47:15 - [] D -- C:\ProgramData\Thomson.ResearchSoft.Installers O43 - CFD: 2015/07/31 11:59:58 - [] D -- C:\ProgramData\ToolsUpdatePlatform O43 - CFD: 2014/09/09 01:56:15 - [] D -- C:\ProgramData\Trymedia =>PUP.Optional.Trymedia O43 - CFD: 2014/11/08 18:33:55 - [] D -- C:\ProgramData\TuneUp Software O43 - CFD: 2013/12/25 22:10:46 - [] D -- C:\ProgramData\USBSecurity O43 - CFD: 2015/01/27 14:42:31 - [] D -- C:\ProgramData\WebcamMax O43 - CFD: 2014/12/31 14:37:09 - [] D -- C:\ProgramData\Yahoo! O43 - CFD: 2014/11/07 13:36:25 - [] SHD -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} O43 - CFD: 2014/05/18 12:43:54 - [] D -- C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 2014/01/30 22:38:36 - [] D -- C:\Program Files (x86)\Common Files\Adobe AIR O43 - CFD: 2014/09/13 07:58:33 - [] D -- C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 2015/08/01 13:31:20 - [] D -- C:\Program Files (x86)\Common Files\Java O43 - CFD: 2014/08/01 22:19:21 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 2014/03/08 19:44:44 - [] D -- C:\Program Files (x86)\Common Files\Nero O43 - CFD: 2013/11/22 00:14:13 - [] D -- C:\Program Files (x86)\Common Files\Nitro O43 - CFD: 2014/03/31 20:39:10 - [] D -- C:\Program Files (x86)\Common Files\Propellerhead Software O43 - CFD: 2013/11/23 22:36:59 - [] D -- C:\Program Files (x86)\Common Files\PX Storage Engine O43 - CFD: 2015/07/02 21:47:11 - [] D -- C:\Program Files (x86)\Common Files\Risxtd O43 - CFD: 2009/07/14 05:20:08 - [] D -- C:\Program Files (x86)\Common Files\Services O43 - CFD: 2014/12/01 20:20:08 - [] D -- C:\Program Files (x86)\Common Files\Skype O43 - CFD: 2009/07/14 05:20:08 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 2015/06/07 19:28:11 - [] D -- C:\Program Files (x86)\Common Files\Steam O43 - CFD: 2014/08/01 22:19:21 - [] D -- C:\Program Files (x86)\Common Files\System O43 - CFD: 2015/07/02 21:44:20 - [] D -- C:\Program Files (x86)\Common Files\Wise Installation Wizard O43 - CFD: 2014/01/30 22:38:19 - [] D -- C:\Users\EIAD\AppData\Roaming\Adobe O43 - CFD: 2015/01/03 12:32:37 - [] D -- C:\Users\EIAD\AppData\Roaming\Alawar O43 - CFD: 2014/08/01 22:19:54 - [] D -- C:\Users\EIAD\AppData\Roaming\Atomic Alarm Clock 6 O43 - CFD: 2015/02/24 00:27:12 - [] D -- C:\Users\EIAD\AppData\Roaming\Babylon =>PUP.Optional.Babylon O43 - CFD: 2014/12/15 21:30:09 - [] D -- C:\Users\EIAD\AppData\Roaming\baidu O43 - CFD: 2014/04/20 22:51:38 - [] D -- C:\Users\EIAD\AppData\Roaming\Baidu Security O43 - CFD: 2015/02/03 21:39:51 - [0] D -- C:\Users\EIAD\AppData\Roaming\Black Sea Studios O43 - CFD: 2014/01/30 22:38:44 - [] D -- C:\Users\EIAD\AppData\Roaming\com.wiziq.wiziqdesktop O43 - CFD: 2014/03/31 20:23:00 - [] D -- C:\Users\EIAD\AppData\Roaming\Cool Record Edit Deluxe O43 - CFD: 2014/12/01 20:22:06 - [] D -- C:\Users\EIAD\AppData\Roaming\CrystalIdea Software O43 - CFD: 2015/06/28 21:05:50 - [] D -- C:\Users\EIAD\AppData\Roaming\CyberLink O43 - CFD: 2015/08/01 13:38:28 - [] D -- C:\Users\EIAD\AppData\Roaming\DMCache O43 - CFD: 2013/11/22 00:10:21 - [] D -- C:\Users\EIAD\AppData\Roaming\Downloaded Installations O43 - CFD: 2014/12/31 14:28:56 - [0] D -- C:\Users\EIAD\AppData\Roaming\DRPSu O43 - CFD: 2015/07/04 23:07:33 - [] D -- C:\Users\EIAD\AppData\Roaming\EndNote O43 - CFD: 2013/11/21 23:41:23 - [] D -- C:\Users\EIAD\AppData\Roaming\Identities O43 - CFD: 2015/07/23 16:43:51 - [] D -- C:\Users\EIAD\AppData\Roaming\IDM O43 - CFD: 2013/11/22 22:39:57 - [] D -- C:\Users\EIAD\AppData\Roaming\InstallShield O43 - CFD: 2013/11/22 00:04:45 - [] D -- C:\Users\EIAD\AppData\Roaming\Macromedia O43 - CFD: 2011/04/12 10:28:08 - [0] D -- C:\Users\EIAD\AppData\Roaming\Media Center Programs O43 - CFD: 2015/02/08 18:42:16 - [0] D -- C:\Users\EIAD\AppData\Roaming\Media Player Classic O43 - CFD: 2015/07/04 13:37:26 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft O43 - CFD: 2015/05/31 14:00:15 - [] D -- C:\Users\EIAD\AppData\Roaming\MKKE O43 - CFD: 2013/11/22 00:21:26 - [] D -- C:\Users\EIAD\AppData\Roaming\Mozilla O43 - CFD: 2013/11/23 22:07:04 - [] D -- C:\Users\EIAD\AppData\Roaming\MPC-HC O43 - CFD: 2014/12/22 20:17:12 - [] D -- C:\Users\EIAD\AppData\Roaming\My Games O43 - CFD: 2014/03/31 20:53:40 - [] D -- C:\Users\EIAD\AppData\Roaming\n-Track Drums O43 - CFD: 2014/03/31 20:53:41 - [] D -- C:\Users\EIAD\AppData\Roaming\n-Track Software Data O43 - CFD: 2014/04/20 21:17:45 - [] D -- C:\Users\EIAD\AppData\Roaming\n-Track Studio 7 O43 - CFD: 2014/03/08 19:44:19 - [] D -- C:\Users\EIAD\AppData\Roaming\Nero O43 - CFD: 2015/06/14 19:18:19 - [] D -- C:\Users\EIAD\AppData\Roaming\Nitro O43 - CFD: 2015/06/26 14:21:49 - [] D -- C:\Users\EIAD\AppData\Roaming\Nitro PDF O43 - CFD: 2014/05/24 17:17:14 - [] D -- C:\Users\EIAD\AppData\Roaming\NVIDIA O43 - CFD: 2014/05/22 22:28:46 - [] D -- C:\Users\EIAD\AppData\Roaming\OpenCandy =>PUP.Optional.OpenCandy O43 - CFD: 2014/08/30 20:59:15 - [] D -- C:\Users\EIAD\AppData\Roaming\Oracle O43 - CFD: 2014/12/22 20:19:32 - [] D -- C:\Users\EIAD\AppData\Roaming\PlayFirst O43 - CFD: 2013/11/21 23:48:02 - [] D -- C:\Users\EIAD\AppData\Roaming\PowerISO O43 - CFD: 2015/02/14 14:38:48 - [] D -- C:\Users\EIAD\AppData\Roaming\R-TT O43 - CFD: 2015/03/12 14:14:34 - [] D -- C:\Users\EIAD\AppData\Roaming\Real O43 - CFD: 2015/08/01 13:23:25 - [] D -- C:\Users\EIAD\AppData\Roaming\Skype O43 - CFD: 2014/12/31 13:35:16 - [] D -- C:\Users\EIAD\AppData\Roaming\smc O43 - CFD: 2015/01/23 14:38:12 - [] D -- C:\Users\EIAD\AppData\Roaming\Steam O43 - CFD: 2015/01/03 12:42:46 - [] D -- C:\Users\EIAD\AppData\Roaming\SunRay Games O43 - CFD: 2014/11/07 14:03:53 - [] D -- C:\Users\EIAD\AppData\Roaming\SysDev Laboratories O43 - CFD: 2015/03/30 23:14:49 - [] D -- C:\Users\EIAD\AppData\Roaming\TeamViewer O43 - CFD: 2015/01/05 20:28:15 - [] D -- C:\Users\EIAD\AppData\Roaming\Tencent =>PUP.Optional.TencentAddressBar O43 - CFD: 2013/12/15 02:01:15 - [] D -- C:\Users\EIAD\AppData\Roaming\Toshiba O43 - CFD: 2014/11/07 14:44:41 - [] D -- C:\Users\EIAD\AppData\Roaming\TuneUp Software O43 - CFD: 2015/02/17 22:40:38 - [] D -- C:\Users\EIAD\AppData\Roaming\vlc O43 - CFD: 2015/01/27 14:42:22 - [] D -- C:\Users\EIAD\AppData\Roaming\WebcamMax O43 - CFD: 2013/11/23 22:39:58 - [] D -- C:\Users\EIAD\AppData\Roaming\Winamp O43 - CFD: 2013/11/22 19:58:02 - [] D -- C:\Users\EIAD\AppData\Roaming\WinBatch O43 - CFD: 2013/11/22 00:15:47 - [] D -- C:\Users\EIAD\AppData\Roaming\WinRAR O43 - CFD: 2014/04/27 21:11:42 - [] D -- C:\Users\EIAD\AppData\Roaming\Yahoo! O43 - CFD: 2015/08/01 14:20:46 - [] D -- C:\Users\EIAD\AppData\Roaming\ZHP O43 - CFD: 2015/05/30 19:31:26 - [] D -- C:\Users\EIAD\AppData\Local\Adobe O43 - CFD: 2014/04/20 22:53:23 - [0] D -- C:\Users\EIAD\AppData\Local\Alnaddy =>PUP.Optional.Alnaddy O43 - CFD: 2013/11/21 23:41:08 - [0] D -- C:\Users\EIAD\AppData\Local\Application Data O43 - CFD: 2014/05/22 13:19:06 - [] D -- C:\Users\EIAD\AppData\Local\cache O43 - CFD: 2015/07/22 13:10:03 - [] D -- C:\Users\EIAD\AppData\Local\Crossbrowse =>PUP.Optional.CrossBrowse O43 - CFD: 2015/07/14 18:44:15 - [0] D -- C:\Users\EIAD\AppData\Local\Diagnostics O43 - CFD: 2013/11/22 22:38:22 - [] D -- C:\Users\EIAD\AppData\Local\Downloaded Installations O43 - CFD: 2013/11/28 01:01:02 - [] D -- C:\Users\EIAD\AppData\Local\ESET O43 - CFD: 2014/12/07 13:51:45 - [] D -- C:\Users\EIAD\AppData\Local\Facebook O43 - CFD: 2015/05/31 14:00:41 - [] D -- C:\Users\EIAD\AppData\Local\FLT O43 - CFD: 2015/07/22 00:13:21 - [] D -- C:\Users\EIAD\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate O43 - CFD: 2014/01/24 18:57:26 - [] D -- C:\Users\EIAD\AppData\Local\Google O43 - CFD: 2014/04/29 20:39:34 - [0] D -- C:\Users\EIAD\AppData\Local\HD Streamer =>PUP.Optional.HDStreamer O43 - CFD: 2013/11/21 23:41:08 - [0] D -- C:\Users\EIAD\AppData\Local\History O43 - CFD: 2015/04/14 13:46:34 - [] D -- C:\Users\EIAD\AppData\Local\IE Tab O43 - CFD: 2015/07/05 16:29:17 - [] D -- C:\Users\EIAD\AppData\Local\MacGo O43 - CFD: 2013/11/22 19:23:51 - [] D -- C:\Users\EIAD\AppData\Local\Macromedia O43 - CFD: 2014/12/13 21:56:31 - [] D -- C:\Users\EIAD\AppData\Local\Mendeley Ltd O43 - CFD: 2014/12/12 22:10:31 - [] D -- C:\Users\EIAD\AppData\Local\Microsoft O43 - CFD: 2015/04/05 14:29:23 - [] D -- C:\Users\EIAD\AppData\Local\Microsoft Help O43 - CFD: 2014/12/30 14:52:42 - [0] DC -- C:\Users\EIAD\AppData\Local\MigWiz O43 - CFD: 2014/12/15 21:00:27 - [] D -- C:\Users\EIAD\AppData\Local\MiniService O43 - CFD: 2014/05/22 14:34:16 - [] D -- C:\Users\EIAD\AppData\Local\Mobogenie =>PUP.Optional.Mobogenie O43 - CFD: 2013/12/18 00:14:14 - [] D -- C:\Users\EIAD\AppData\Local\Mozilla O43 - CFD: 2014/01/07 20:21:48 - [] D -- C:\Users\EIAD\AppData\Local\NVIDIA O43 - CFD: 2014/07/25 23:37:54 - [] D -- C:\Users\EIAD\AppData\Local\NVIDIA Corporation O43 - CFD: 2013/11/22 00:03:18 - [] D -- C:\Users\EIAD\AppData\Local\Programs O43 - CFD: 2015/02/26 23:36:26 - [] D -- C:\Users\EIAD\AppData\Local\QuickPar O43 - CFD: 2014/06/27 21:46:16 - [0] D -- C:\Users\EIAD\AppData\Local\Real O43 - CFD: 2014/12/01 20:20:17 - [] D -- C:\Users\EIAD\AppData\Local\Skype O43 - CFD: 2015/02/24 23:23:42 - [] D -- C:\Users\EIAD\AppData\Local\Steam O43 - CFD: 2015/08/01 14:21:25 - [] D -- C:\Users\EIAD\AppData\Local\Temp O43 - CFD: 2013/11/21 23:41:08 - [0] D -- C:\Users\EIAD\AppData\Local\Temporary Internet Files O43 - CFD: 2014/05/20 00:06:50 - [] D -- C:\Users\EIAD\AppData\Local\VirtualStore O43 - CFD: 2015/07/02 00:41:42 - [] D -- C:\Users\EIAD\AppData\Local\zexlbzzvng41czk O43 - CFD: 2015/07/22 19:41:40 - [] D -- C:\Users\EIAD\AppData\Local\zfblvtytnek1bjl O43 - CFD: 2009/07/14 06:54:32 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2015/07/22 19:10:26 - [] RD -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/02/20 23:14:59 - [0] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair O43 - CFD: 2014/03/06 21:34:46 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool Record Edit Deluxe O43 - CFD: 2014/12/07 14:48:29 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor O43 - CFD: 2015/07/18 18:26:50 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory O43 - CFD: 2015/02/18 13:41:21 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 2015/01/06 23:28:45 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 2015/01/27 14:09:04 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hetman Software O43 - CFD: 2015/05/30 12:21:09 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 2015/07/05 16:28:58 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macgo Windows Blu-ray Player O43 - CFD: 2009/07/14 06:49:38 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/01/04 23:34:32 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My WIFI Router O43 - CFD: 2014/03/01 15:23:13 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Readiris Corporate 12 Middle East Edition O43 - CFD: 2015/01/25 14:28:20 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v5 O43 - CFD: 2015/08/01 13:31:03 - [] RD -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 2014/12/17 22:05:59 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent =>PUP.Optional.TencentAddressBar O43 - CFD: 2013/11/23 14:14:03 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer O43 - CFD: 2013/11/22 00:12:48 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 2015/03/17 00:08:40 - [] D -- C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMV9 VCM ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) (25) - 2s O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O53 - SMSR:HKLM\...\startupreg\AtomicAlarmClock6 [Key] . (...) -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O53 - SMSR:HKLM\...\startupreg\autodetect [Key] . (...) -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\AutorunRemover.exe [Key] . (...) -- C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe O53 - SMSR:HKLM\...\startupreg\Babylon Client [Key] . (...) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (.not file.) =>PUP.Optional.Babylon O53 - SMSR:HKLM\...\startupreg\CCleaner Monitoring [Key] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe O53 - SMSR:HKLM\...\startupreg\DrvUpdater [Key] . (...) -- C:\Users\EIAD\AppData\Roaming\DRPSu\DrvUpdater.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Facebook Update [Key] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\EIAD\AppData\Local\Facebook\Update\FacebookUpdate.exe O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - Google Installer.) -- C:\Users\EIAD\AppData\Local\Google\Update\GoogleUpdate.exe O53 - SMSR:HKLM\...\startupreg\IntelWirelessWiMAX [Key] . (.Intel® Corporation - Intel® PROSet/Wireless WiMAX Connection Uti.) -- C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe O53 - SMSR:HKLM\...\startupreg\Messenger (Yahoo!) [Key] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon [Key] . (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Optional.Mobogenie O53 - SMSR:HKLM\...\startupreg\NvBackend [Key] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe O53 - SMSR:HKLM\...\startupreg\Nvtmru [Key] . (...) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\PWRISOVM.EXE [Key] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.EXE O53 - SMSR:HKLM\...\startupreg\RtHDVCpl [Key] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O53 - SMSR:HKLM\...\startupreg\ShadowPlay [Key] . (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O53 - SMSR:HKLM\...\startupreg\Steam [Key] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O53 - SMSR:HKLM\...\startupreg\TosNC [Key] . (...) -- %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\TosWaitSrv [Key] . (...) -- %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\TRCMan [Key] . (.TOSHIBA Corporation - TRCMan.exe.) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe O53 - SMSR:HKLM\...\startupreg\TWebCamera [Key] . (.TOSHIBA CORPORATION. - .) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe O53 - SMSR:HKLM\...\startupreg\WebcamMaxAutoRun [Key] . (...) -- C:\Program Files (x86)\WebcamMax\wcmmon.exe ---\\ System Drivers List (SDL) (O58) (76) - 51s O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] O58 - SDL:2009/07/14 03:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] O58 - SDL:2011/03/11 08:41:12 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] O58 - SDL:2009/07/14 03:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] O58 - SDL:2011/03/11 08:41:12 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] O58 - SDL:2009/06/10 22:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] O58 - SDL:2012/07/03 15:10:00 A . (.Intel Corporation - Intel® WiMax Link 5050 Series Enumerator.) -- C:\Windows\System32\drivers\bpenum.sys [84480] O58 - SDL:2012/07/03 15:10:10 A . (.Intel Corporation - Intel® WiMax Link 5050 Series Driver.) -- C:\Windows\System32\drivers\bpmp.sys [182272] O58 - SDL:2012/07/03 15:10:02 A . (.Intel Corporation - Intel® WiMax Link 5050 Series Function Driv.) -- C:\Windows\System32\drivers\bpusb.sys [84992] O58 - SDL:2009/06/10 22:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] O58 - SDL:2009/06/10 22:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] O58 - SDL:2009/07/14 03:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] O58 - SDL:2009/06/10 22:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] O58 - SDL:2009/07/14 03:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] O58 - SDL:2009/06/10 22:35:09 A . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserializ.) -- C:\Windows\System32\drivers\E1G6032E.sys [145792] O58 - SDL:2013/09/17 15:17:38 A . (.ESET - Amon monitor.) -- C:\Windows\System32\drivers\eamonm.sys [239320] O58 - SDL:2013/09/17 15:17:38 A . (.ESET - Devmon monitor.) -- C:\Windows\System32\drivers\edevmon.sys [239296] O58 - SDL:2013/09/17 15:17:38 A . (.ESET - ESET Helper driver.) -- C:\Windows\System32\drivers\ehdrv.sys [168256] O58 - SDL:2009/07/14 03:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] O58 - SDL:2013/09/17 15:17:38 A . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\System32\drivers\epfwwfpr.sys [157432] O58 - SDL:2009/06/10 22:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] O58 - SDL:2009/06/10 22:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] O58 - SDL:2013/02/19 10:59:38 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\HECIx64.sys [57848] O58 - SDL:2010/11/21 05:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] O58 - SDL:2013/09/20 14:41:20 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\Windows\System32\drivers\iaStorA.sys [630632] O58 - SDL:2013/09/20 14:41:16 A . (.Intel Corporation - Intel Rapid Storage Technology Filter drive.) -- C:\Windows\System32\drivers\iaStorF.sys [28008] O58 - SDL:2011/03/11 08:41:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] O58 - SDL:2015/05/20 14:55:54 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys [197616] O58 - SDL:2009/07/14 03:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] O58 - SDL:2013/07/17 23:43:40 A . (.Intel Corporation - Intel(R) USB 3.0 Host Controller Switch Dri.) -- C:\Windows\System32\drivers\iusb3hcs.sys [20464] O58 - SDL:2013/04/26 09:40:22 A . (.JMicron Technology Corporation - JMicron PCIe Flash Media Controller Driver.) -- C:\Windows\System32\drivers\jmcr.sys [176880] O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] O58 - SDL:2011/03/26 10:37:12 A . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\drivers\massfilter.sys [11776] O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] O58 - SDL:2013/05/29 04:10:52 A . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\System32\drivers\NETwsw00.sys [11524096] O58 - SDL:2009/07/14 03:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] O58 - SDL:2013/03/01 03:49:12 A . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\drivers\npf.sys [36600] O58 - SDL:2013/11/28 15:38:18 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\System32\drivers\nvhda64v.sys [197408] O58 - SDL:2014/05/20 04:44:03 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\System32\drivers\nvlddmkm.sys [12688328] O58 - SDL:2011/03/11 08:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] O58 - SDL:2011/03/11 08:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] O58 - SDL:2014/03/31 18:42:44 A . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) -- C:\Windows\System32\drivers\nvvad64v.sys [40392] O58 - SDL:2009/06/22 17:06:38 A . (.TOSHIBA Corporation - TOSHIBA Universal Camera Filter Driver.) -- C:\Windows\System32\drivers\PGEffect.sys [35008] O58 - SDL:2009/07/14 03:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] O58 - SDL:2009/07/14 03:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] O58 - SDL:2013/08/27 12:08:42 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Dri.) -- C:\Windows\System32\drivers\Rt64win7.sys [883928] O58 - SDL:2013/10/22 18:38:24 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RTKVHD64.sys [3692632] O58 - SDL:2013/10/23 16:11:22 A . (.Power Software Ltd - PowerISO Virtual Drive.) -- C:\Windows\System32\drivers\scdemu.sys [129944] O58 - SDL:2009/06/10 22:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] O58 - SDL:2009/07/14 02:00:40 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\serial.sys [94208] O58 - SDL:2009/07/14 03:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] O58 - SDL:2009/07/14 03:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] O58 - SDL:2009/07/14 03:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] O58 - SDL:2010/03/10 18:51:32 A . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\System32\drivers\SynTP.sys [316464] O58 - SDL:2014/05/17 02:42:38 A . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\drivers\taphss6.sys [42184] O58 - SDL:2009/06/29 08:16:20 A . (.TOSHIBA Corporation - TOSHIBA HDD Protection - Shock Sensor Drive.) -- C:\Windows\System32\drivers\Thpevm.sys [14784] O58 - SDL:2009/06/19 19:15:22 A . (.TOSHIBA Corporation - TOSHIBA TVALZ Filter Driver for x64.) -- C:\Windows\System32\drivers\TVALZFL.sys [14472] O58 - SDL:2009/07/14 13:31:18 A . (.TOSHIBA Corporation - TOSHIBA ACPI-Based Value Added Logical and.) -- C:\Windows\System32\drivers\TVALZ_O.SYS [26840] O58 - SDL:2009/07/14 03:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] O58 - SDL:2009/07/14 03:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] O58 - SDL:2011/03/26 10:37:12 A . (.ZTE Incorporated - USB Modem/Serial Device Driver.) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [123520] O58 - SDL:2011/03/26 10:37:12 A . (.ZTE Incorporated - USB Modem/Serial Device Driver.) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [123520] O58 - SDL:2011/03/26 10:37:12 A . (.ZTE Incorporated - USB Modem/Serial Device Driver.) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [123520] O58 - SDL:2013/03/07 09:49:18 A . (...) -- C:\Windows\System32\epmntdrv.sys [17480] O58 - SDL:2013/03/07 09:49:18 A . (...) -- C:\Windows\System32\EuGdiDrv.sys [9800] ---\\ Last modified or created user files (O61) (20) - 100s O61 - LFC: 2015/07/31 23:42:20 A . (..) -- C:\Users\EIAD\Documents\KONAMI\Pro Evolution Soccer 2015\save\CUP 01.bin [6044898] O61 - LFC: 2015/07/31 23:42:20 A . (..) -- C:\Users\EIAD\Documents\KONAMI\Pro Evolution Soccer 2015\save\SYSTEM.bin [136577] O61 - LFC: 2015/08/01 13:21:29 A . (.Tonec Inc..) -- C:\Users\EIAD\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2.dll [332824] O61 - LFC: 2015/08/01 13:21:29 A . (.Tonec Inc..) -- C:\Users\EIAD\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2_64.dll [460824] O61 - LFC: 2015/08/01 13:21:29 A . (.Tonec Inc..) -- C:\Users\EIAD\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc.dll [34216] O61 - LFC: 2015/08/01 13:21:29 A . (.Tonec Inc..) -- C:\Users\EIAD\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc64.dll [28512] O61 - LFC: 2015/08/01 13:21:25 A . (.Tonec Inc..) -- C:\Users\EIAD\AppData\Roaming\IDM\idmmzcc5\components12\idmmzcc.dll [26648] O61 - LFC: 2015/08/01 13:21:27 A . (.Tonec Inc..) -- C:\Users\EIAD\AppData\Roaming\IDM\idmmzcc5\components12\idmmzcc64.dll [31768] O61 - LFC: 2015/08/01 13:21:25 A . (.Tonec Inc..) -- C:\Users\EIAD\AppData\Roaming\IDM\idmmzcc5\components\idmmzcc.dll [34216] O61 - LFC: 2015/07/29 14:30:14 A . (..) -- C:\Users\EIAD\AppData\Local\NVIDIA\NvBackend\UMDShim\nvcoproc.bin [5125685] O61 - LFC: 2015/07/29 18:21:01 A . (..) -- C:\Users\EIAD\AppData\Local\NVIDIA\NvBackend\Packages\00007b9c\DAO.19811313.exe [5918368] O61 - LFC: 2015/07/29 18:20:28 A . (..) -- C:\Users\EIAD\AppData\Local\NVIDIA\NvBackend\Packages\00007b99\CoProc update.19811111.exe [515016] O61 - LFC: 2015/07/24 18:35:00 A . (..) -- C:\Users\EIAD\AppData\Local\Google\Update\Install\{A77BC0FE-BE70-419A-9520-E38E6C47703A}\44.0.2403.107_44.0.2403.89_chrome_updater.exe [1070160] O61 - LFC: 2015/07/29 19:51:48 A . (..) -- C:\Users\EIAD\AppData\Local\Google\Update\Install\{96D12479-680A-4D94-B1E6-8E0AD8470588}\44.0.2403.125_44.0.2403.107_chrome_updater.exe [794192] O61 - LFC: 2015/07/29 19:51:48 A . (..) -- C:\Users\EIAD\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.125\44.0.2403.125_44.0.2403.107_chrome_updater.exe [794192] O61 - LFC: 2015/08/01 13:22:54 A . (..) -- C:\Users\EIAD\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849] O61 - LFC: 2015/07/25 10:46:40 A . (..) -- C:\Users\EIAD\AppData\Local\Google\Chrome\Application\44.0.2403.125\libexif.dll [310088] O61 - LFC: 2015/07/25 09:09:50 A . (..) -- C:\Users\EIAD\AppData\Local\Google\Chrome\Application\44.0.2403.125\natives_blob.bin [396173] O61 - LFC: 2015/07/25 09:09:51 A . (..) -- C:\Users\EIAD\AppData\Local\Google\Chrome\Application\44.0.2403.125\snapshot_blob.bin [436812] O61 - LFC: 2015/07/25 10:46:43 A . (..) -- C:\Users\EIAD\AppData\Local\Google\Chrome\Application\44.0.2403.125\PepperFlash\pepflashplayer.dll [16308040] ---\\ File Associations Shell Spawning (O67) (1) - 0s O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe ---\\ Start Menu Internet (SMI) (O68) (12) - 1s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\EIAD\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Users\EIAD\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Users\EIAD\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Users\EIAD\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe ---\\ Search Browser Infection (SBI) (O69) (1) - 6s O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ ---\\ Search Svchost Services (SSS) (O83) (33) - 2s O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [236032] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [777728] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [859648] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [679424] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [64512] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [680960] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [2428952] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [569344] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70144] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [156672] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [67584] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [121856] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136704] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [1110016] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [90624] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [209920] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [44544] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [193536] ---\\ Firewall Active Exception List (FirewallRules) (O87) (40) - 5s O87 - FAEL: "{B696751E-FE32-4E7D-979E-E085ACDC81E5}" [In-None-P6-TRUE] .(.Intel(R) Corporation - WiMAX SDK service for Intel(R) PROSet/Wirel.) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe O87 - FAEL: "{1BF958E9-4230-4309-A269-76A962B20F57}" [In-None-P6-TRUE] .(.Red Bend Ltd. - Red Bend Device Management Service for Inte.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O87 - FAEL: "{CD0FC881-E79E-41BD-9524-252B611DDC32}" [In-None-P17-TRUE] .(.Intel(R) Corporation - WiMAX SDK service for Intel(R) PROSet/Wirel.) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe O87 - FAEL: "{36426860-24C7-409C-A8FC-D738E8045DB1}" [In-None-P17-TRUE] .(.Red Bend Ltd. - Red Bend Device Management Service for Inte.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O87 - FAEL: "{1528E808-43BA-48E5-91F3-0461F37EAFE7}" [In-None-P6-TRUE] .(.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe O87 - FAEL: "{2C4DDA6C-874C-4126-8A95-D25384BBAF3D}" [In-None-P17-TRUE] .(.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe O87 - FAEL: "{CB6A23B2-6D27-489A-A8CB-4314235A2BE1}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Tango\Tango.exe (.not file.) O87 - FAEL: "{3AFBC7E2-8072-412A-8462-0EF2D0694951}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Tango\Tango.exe (.not file.) O87 - FAEL: "{5FC8D4A7-FA53-4FAD-B361-7DE0FBFFF35B}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exe (.not file.) O87 - FAEL: "{2CF6315D-D816-4584-B354-BDF4F8C8AB7D}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exe (.not file.) O87 - FAEL: "{FCA084D1-5557-45AD-9A14-8018BC2D6E09}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exe (.not file.) O87 - FAEL: "{7E8C96BD-297B-4657-9DC0-AE2A907ABEB8}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exe (.not file.) O87 - FAEL: "{9684AC55-1217-43B4-B9C1-32CD9F315AF7}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2015\PES2015.exe (.not file.) O87 - FAEL: "{975257EC-0931-4819-98C5-7298E9A2540D}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2015\PES2015.exe (.not file.) O87 - FAEL: "{67D40152-3ADF-46A3-9A52-2BF6DFDCE25D}" [In-None-P6-FALSE] .(...) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2015\PES2015.exe (.not file.) O87 - FAEL: "{F9E4FC14-5E61-4E6A-81BC-AE1F7B5ED452}" [In-None-P17-FALSE] .(...) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2015\PES2015.exe (.not file.) O87 - FAEL: "{CE038004-1FD4-458A-8A5F-0A801AC230A1}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll (.not file.) O87 - FAEL: "{28443067-2276-4539-B806-316BC655BA83}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll (.not file.) O87 - FAEL: "{92B70020-3837-4316-A110-E032DCD96011}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe O87 - FAEL: "{1C18E270-BB39-49CD-95C0-D8ADAF36F4A0}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe O87 - FAEL: "{2AE09628-8BCC-4BC6-BE65-A710DA8653A5}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe O87 - FAEL: "{D6D15F90-FAD6-44E1-9F48-C3E7BADE7DF5}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe O87 - FAEL: "{92A4059E-DBED-4CA5-A0D9-71EFACF20C65}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe O87 - FAEL: "{54B17BFD-C2A5-4A01-B7A0-414D240B7108}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe O87 - FAEL: "{4CD70C9F-6132-4CB6-AFA6-614FDACD9DBB}" [In-None-P6-TRUE] .(.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O87 - FAEL: "{1CE2E9E4-273C-4D51-95FD-4C2DD000785B}" [In-None-P17-TRUE] .(.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O87 - FAEL: "{DB65FC03-D960-4B98-A110-C956843A40D2}" [In-None-P6-TRUE] .(.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe O87 - FAEL: "{AFB72E72-5A82-43A8-A354-B00AC935516E}" [In-None-P17-TRUE] .(.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe O87 - FAEL: "{2D540835-DF59-4509-A7FA-C2377F25DFBB}" [In-None-P6-TRUE] .(.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O87 - FAEL: "{CAE0C55B-84BF-4DC7-B3E6-592A35CB915C}" [In-None-P17-TRUE] .(.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O87 - FAEL: "{30860A4E-FAEC-4D06-ABB2-20D321B5EC0A}" [In-None-P6-TRUE] .(.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O87 - FAEL: "{C59E26CB-177C-4121-B4EA-4E403C7088E2}" [In-None-P17-TRUE] .(.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O87 - FAEL: "{200E4A90-792F-4927-8495-998D753BC389}" [In-None-P6-TRUE] .(.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe O87 - FAEL: "{A447B2F0-83CD-44F1-9A72-6404B57F6216}" [In-None-P17-TRUE] .(.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe O87 - FAEL: "{701DB759-4BAA-4A6E-802E-C717AF76DA6A}" [In-None-P6-TRUE] .(.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O87 - FAEL: "{4CB65CE0-4646-4830-969A-E7F42B76AD97}" [In-None-P17-TRUE] .(.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O87 - FAEL: "{FE2A311C-98D5-4791-AFF9-DFA6B312AD7D}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe O87 - FAEL: "{6BBE0646-8500-4C41-A4EF-73BF687F5F5B}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe O87 - FAEL: "{C9E88D01-817F-4173-AA1A-B2B01DA2386E}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe O87 - FAEL: "{FA85AB14-18E4-4E50-8678-A931939A24EC}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe ---\\ Search Tracing Registry Key (O100) (2) - 2s HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32 =>PUP.Optional.Babylon HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS =>PUP.Optional.Babylon ---\\ Additional Scan (O88) (62) - 0s C:\Program Files (x86)\Addon Enabler\EnablerService.exe =>PUP.Optional.HDStreamer C:\Program Files (x86)\Universal Updater\UpdaterService.exe =>PUP.Optional.UniversalUpdater C:\Users\EIAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleglodmkonbpfmlffapjfednjopbeeh C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo C:\Program Files (x86)\HD Streamer\ScriptHost64.dll =>PUP.Optional.HDStreamer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6062A33-016E-4BDA-A6F1-890D989F8656} =>PUP.Optional.HDStreamer HKLM\SYSTEM\CurrentControlSet\Services\EnablerService =>PUP.Optional.HDStreamer HKLM\SYSTEM\CurrentControlSet\Services\UniversalUpdater =>PUP.Optional.Salus C:\Program Files (x86)\Universal Updater\UpdaterService.exe =>PUP.Optional.Salus C:\Users\EIAD\AppData\Roaming\pLNMD5hEPKK4tJw5zgS0AihLT5j.exe =>PUP.Optional.Pirrit C:\Windows\System32\Tasks\54b401e8-a303-4041-98f8-5a2e48f84f3b-1 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\54b401e8-a303-4041-98f8-5a2e48f84f3b-5 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\Crossbrowse =>PUP.Optional.CrossBrowse C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-6 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-1-7 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-10_user =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-3 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-4 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-5_user =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-6 =>PUP.Optional.CrossRider C:\Windows\System32\Tasks\f2fd4710-26e9-4477-abba-8e3c2fe5a0fe-7 =>PUP.Optional.CrossRider HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HD Streamer =>PUP.Optional.HDStreamer HKLM\SOFTWARE\Wow6432Node\ArenaHD =>PUP.Optional.CrossRider HKLM\SOFTWARE\Wow6432Node\Crossbrowse =>PUP.Optional.CrossBrowse HKLM\SOFTWARE\Wow6432Node\GlobalUpdate =>PUP.Optional.GlobalUpdate HKLM\SOFTWARE\Wow6432Node\HighDefAction =>PUP.Optional.CrossRider HKLM\SOFTWARE\Wow6432Node\Tencent =>PUP.Optional.TencentAddressBar HKLM\SOFTWARE\Wow6432Node\Trymedia Systems =>PUP.Optional.Trymedia HKLM\SOFTWARE\Wow6432Node\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKCU\SOFTWARE\CinemaP-1.9cV21.07-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\CoinisRS =>PUP.Optional.InstallCore HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKCU\SOFTWARE\Softonic =>PUP.Optional.Softonic HKCU\SOFTWARE\Tencent =>PUP.Optional.TencentAddressBar HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider =>PUP.Optional.CrossRider C:\Program Files (x86)\Addon Enabler =>PUP.Optional.HDStreamer C:\Program Files (x86)\Babylon =>PUP.Optional.Babylon C:\Program Files (x86)\globalUpdate =>PUP.Optional.GlobalUpdate C:\Program Files (x86)\HD Streamer =>PUP.Optional.HDStreamer C:\Program Files (x86)\Tencent =>PUP.Optional.TencentAddressBar C:\Program Files (x86)\Universal Updater =>PUP.Optional.UniversalUpdater C:\ProgramData\APN =>Toolbar.Ask C:\ProgramData\Babylon =>PUP.Optional.Babylon C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS C:\ProgramData\Tencent =>PUP.Optional.TencentAddressBar C:\ProgramData\Trymedia =>PUP.Optional.Trymedia C:\Users\EIAD\AppData\Roaming\Babylon =>PUP.Optional.Babylon C:\Users\EIAD\AppData\Roaming\OpenCandy =>PUP.Optional.OpenCandy C:\Users\EIAD\AppData\Roaming\Tencent =>PUP.Optional.TencentAddressBar C:\Users\EIAD\AppData\Local\Alnaddy =>PUP.Optional.Alnaddy C:\Users\EIAD\AppData\Local\Crossbrowse =>PUP.Optional.CrossBrowse C:\Users\EIAD\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate C:\Users\EIAD\AppData\Local\HD Streamer =>PUP.Optional.HDStreamer C:\Users\EIAD\AppData\Local\Mobogenie =>PUP.Optional.Mobogenie C:\Users\EIAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent =>PUP.Optional.TencentAddressBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32 =>PUP.Optional.Babylon HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS =>PUP.Optional.Babylon ---\\ Summary of the elements found on your workstation (19) - 0s http://www.nicolascoolman.fr/pup-hdstreamer/ =>PUP.Optional.HDStreamer http://www.nicolascoolman.fr/blog =>PUP.Optional.UniversalUpdater http://www.nicolascoolman.fr/hijacker-browsers/ =>PUP.Optional.Browser http://www.nicolascoolman.fr/blog =>PUP.Optional.BDYahoo http://www.nicolascoolman.fr/adware-tencentaddressbar/ =>PUP.Optional.TencentAddressBar http://www.nicolascoolman.fr/pup-salus/ =>PUP.Optional.Salus http://www.nicolascoolman.fr/pup-crossrider/ =>PUP.Optional.CrossRider http://www.nicolascoolman.fr/blog =>PUP.Optional.CrossBrowse http://www.nicolascoolman.fr/pup-pirritsuggestor/ =>PUP.Optional.Pirrit http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate http://www.nicolascoolman.fr/adware-trymedia/ =>PUP.Optional.Trymedia http://www.nicolascoolman.fr/adware-installcore/ =>PUP.Optional.InstallCore http://www.nicolascoolman.fr/blog =>PUP.Optional.Softonic http://www.nicolascoolman.fr/pup-babylon/ =>PUP.Optional.Babylon http://www.nicolascoolman.fr/toolbar-ask/ =>Toolbar.Ask http://www.nicolascoolman.fr/trojan-autokms/ =>HackTool.AutoKMS http://www.nicolascoolman.fr/adware-opencandy/ =>PUP.Optional.OpenCandy http://www.nicolascoolman.fr/hijacker-alnaddy/ =>PUP.Optional.Alnaddy http://www.nicolascoolman.fr/pup-mobogenie/ =>PUP.Optional.Mobogenie ~ End of the scan, 37008 items in 411 seconds (1265)(0)()