~ ZHPDiag v2015.10.22.154 By Nicolas Coolman (2015/10/22) ~ Run by MOMAIB (Administrator) (2015/10/24 14:18:18) ~ Web: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Users\MOMAIB\Desktop\ZHPDiag.txt ~ Report: C:\Users\MOMAIB\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Activate ~ System startup: Normal (Normal boot) Windows 10 Pro, 32-bit (Build 10240) ---\\ Internet Browsers (3) - 0s GCIE: Google Chrome v45.0.2454.101 MFIE: Mozilla Firefox 39.0.3 (x86 en-US) v39.0.3 MSIE: Internet Explorer v11.0.10240.16431 ---\\ Windows Product Information (3) - 3s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK Windows Automatic Updates : OK ---\\ System protection software (3) - 3s Malwarebytes Anti-Malware version 2.1.8.1057 Microsoft Security Client v4.8.0204.0 Windows Defender (Deactivate) ---\\ System optimization software (1) - 3s CCleaner v5.03 ---\\ Surveillance software (2) - 3s Adobe Flash Player 19 NPAPI Adobe Acrobat Reader DC - Français ---\\ Information on the system (6) - 0s ~ Operating System: x86 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) Total RAM: 3089.728 MB (39% free) ~ System Restore: Activé (Enable) ~ System drive C: has 22 GB free of 204 GB ---\\ Connection to the system mode (3) - 0s ~ Computer Name: MOMAIB-PC ~ User Name: MOMAIB ~ Logged in as Administrator ---\\ Enumeration of the disk units (2) - 0s ~ Drive C: has 22 GB free of 204 GB (System) ~ Drive D: has 0 GB free of 272 GB ---\\ State of the Windows Security Center (7) - 0s [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK ---\\ Search Generic System Files (23) - 5s [MD5.B3F90790F991A5A21113B58EE50FA696] - (.Microsoft Corporation - Windows Explorer.) () -- C:\WINDOWS\Explorer.exe [4048808] © [MD5.543C8A2961F38C20438A61B9455E914C] - (.Microsoft Corporation - Windows host process (Rundll32).) () -- C:\WINDOWS\System32\rundll32.exe [53760] © [MD5.43A465F658A66CF051C443947420B3E8] - (.Microsoft Corporation - Windows Start-Up Application.) () -- C:\WINDOWS\System32\Wininit.exe [191144] © [MD5.73FC0143E518D8DB7AFE9675F4AF8063] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\WINDOWS\System32\wininet.dll [2207232] © [MD5.72BABD33125885F826CE9CFCCF012CC4] - (.Microsoft Corporation - Windows Logon Application.) () -- C:\WINDOWS\System32\Winlogon.exe [490496] © [MD5.109CCF5163D6C397CF2E39408431B402] - (.Microsoft Corporation - Software Licensing Library.) () -- C:\WINDOWS\System32\sppcomapi.dll [419328] © [MD5.BB5BBD0E4D04047585E4ED0F07AA51E7] - (.Microsoft Corporation - DNS Client API DLL.) () -- C:\WINDOWS\System32\dnsapi.dll [534064] © [MD5.C5E1DEF4FE031F6CD59AF5E46165F5A8] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\WINDOWS\System32\drivers\AFD.sys [479072] © [MD5.8A2FA4E32D4949DA60D900BF495D5801] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\WINDOWS\System32\drivers\atapi.sys [23392] © [MD5.45825ED9F218A1601253620BF516171E] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\WINDOWS\System32\drivers\Cdfs.sys [74752] © [MD5.F9859843E5ABAB82E63CC3AA0FC50CF0] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\WINDOWS\System32\drivers\Cdrom.sys [130560] © [MD5.FF2FAE24F70AC0501C59C20136A333DD] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\WINDOWS\System32\drivers\DfsC.sys [104960] © [MD5.D102A17D9A1B5D6205D9945835DCE21E] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\WINDOWS\System32\drivers\HDAudBus.sys [72704] © [MD5.4AFC7F3F691B8259B41712917808F35B] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\WINDOWS\System32\drivers\i8042prt.sys [90624] © [MD5.48B70CFC8132E60A009F500B181EB91A] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\WINDOWS\System32\drivers\IpNat.sys [124416] © [MD5.0AFDF5734DAF0D1438802CF22238518C] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\WINDOWS\System32\drivers\MRxSmb.sys [343552] © [MD5.F60AE46F9B244F3FF02BFE0DF8DBFF86] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\WINDOWS\System32\drivers\netBT.sys [216576] © [MD5.E42F80FB4C1A06EF4B071608571F5155] - (.Microsoft Corporation - NT File System Driver.) () -- C:\WINDOWS\System32\drivers\ntfs.sys [1808224] © [MD5.D2377D0CCC9396F37FACCF4AA9E0220A] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\WINDOWS\System32\drivers\Parport.sys [81408] © [MD5.DCACCE3F3FF364F228E4197DC435A503] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [81408] © [MD5.86D46542F5B4CF19949A9D88F62F03CE] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\WINDOWS\System32\drivers\rdpdr.sys [132608] © [MD5.35C4DBFAE5E7C4A5F53CAF94C23F0E82] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\WINDOWS\System32\drivers\tdx.sys [95072] © [MD5.12999D4773D8034431795440A3DF910A] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\WINDOWS\System32\drivers\volsnap.sys [342368] © ---\\ Process running (31) - 1s [MD5.2870CE9BFD6BA66FB0FFC6D11C9E41A7] - (.Arcai.com - Arp Intelligent Protection Service.) -- C:\Program Files\netcut\services\aips.exe [262144] [PID.1632] © [MD5.F6CEFEF46986DE02A3AE5D93AE32B5DC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [82128] [PID.460] © [MD5.4DC6B0772D1698F04FC79053A21C8260] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\System32\AEADISRV.EXE [90112] [PID.552] © [MD5.2F2BD5EFFA8E91295F4DB493D85534B5] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744] [PID.624] © [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.484] © [MD5.6782337A0A679DA909C1D2524E46433F] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824] [PID.1208] © [MD5.6F220928AC68325AB50532EFBF5CB52B] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) -- C:\Program Files\BlueStacks\HD-UpdaterService.exe [786136] [PID.1428] © [MD5.BAADB247AF790439EA1C04008B907CF6] - (...) -- C:\Program Files\QSocial\QSocial_Updater.exe [7548928] [PID.2596] [MD5.F172AD4E906D97ED8F071896FC6789DC] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [107912] [PID.3972] © [MD5.7686690C40B41423273C31F0075332B7] - (.WiseCleaner.com - Wise System Monitor.) -- C:\Program Files\Wise\Wise System Monitor\WiseSystemMonitor.exe [3323952] [PID.3988] © [MD5.CB8C1CC4F46FBAC78150754D77460C73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe [230792] [PID.4092] © [MD5.AE543176A07B4C39F86BDE74FC9391E6] - (.Logixoft - Revealer Keylogger Free.) -- C:\ProgramData\rvlkl\rvlkl.exe [375360] [PID.4268] =>PUP.Optional.RelevantKnowledge [MD5.AFD15F701B550037FFDDE6B18171479D] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816] [PID.4324] © [MD5.D1B2FADBF98C2B7A53893B939802004B] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [157968] [PID.4400] © [MD5.E4085C9692976E98DC081828485BDE48] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3911248] [PID.4444] © [MD5.1AA479D2A100ACFDE3A7B7B2D6E53DC0] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [541968] [PID.4744] © [MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.3616] © [MD5.A8C1BF646DD0168E81AFAA9662CCD843] - (...) -- C:\Users\MOMAIB\AppData\Roaming\ACEStream\updater\ace_update.exe [22824] [PID.2148] [MD5.E693A24FD65B259131B8894A2D870DF2] - (...) -- C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1510.13020.0_x86__8wekyb3d8bbwe\Calculator.exe [2836992] [PID.2860] [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.3880] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.5588] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.3520] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.700] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.748] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.4672] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.5812] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.3456] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.7840] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.2264] © [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [815944] [PID.6368] © [MD5.231AE3BE35DFA790FE484CCA354BCD15] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\MOMAIB\Desktop\ZHPDiag3.exe [1958912] [PID.8144] © ---\\ Google Chrome, Start,Search,Extensions (12) - 1s G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.facebook.com G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [bigefpfhnfcobdlfbedofhhaibnlghod] MEGA G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [elioihkkcdgakfbahdoddophfngopipi] Photo Zoom for Facebook G2 - GCE: Preference [User Data\Default] [gffkhmkbijdmbncaoclaclldnbndflck] Wolf and the Ice Planet G2 - GCE: Preference [User Data\Default] [gighmmpiobklfepjocnamgkkbiglidom] AdBlock G2 - GCE: Preference [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module G2 - GCE: Preference [User Data\Default] [ngpampappnmepgilojfohadhhmbhlaek] IDM Integration Module G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc. ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (25) - 2s M0 - MFSP: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] http://www.oursurfing.com/?type=hp&ts=1442404064&z=5ab86231e1e7cedefb5b239g5z1zdo1z1e5z0eeq1c&from=amt&uid=ST3500418AS_5VM519LDXXXX5VM519LD =>PUP.Optional.OurSurfing P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.FRA P2 - EXT FILE: (...) -- C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\extensions\elemhidehelper@adblockplus.org.xpi P2 - EXT FILE: (...) -- C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\extensions\firefox@mega.co.nz.xpi P2 - EXT FILE: (...) -- C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\extensions\info@youtube-mp3.org.xpi P2 - EXT FILE: (...) -- C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\extensions\whodeletedme@deleted.io.xpi P2 - EXT FILE: (...) -- C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi P2 - EXT FILE: (...) -- C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi P2 - EXT FILE: (...) -- C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\searchplugins\findit.xml =>PUP.Optional.SmartBar P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\amazondotcom.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\findit.xml =>PUP.Optional.SmartBar P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} © P2 - EXT: (.OB - SavePass 1.1.) -- C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com P2 - EXT: (. - 018f31601a6f465084fdaad8c13609c8.) -- C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\extensions\{018f3160-1a6f-4650-84fd-aad8c13609c8} P2 - FPN: [HKCU] [@acestream.net/acestreamplugin,version=3.1.0] - (.Innovative Digital Technologies.) -- C:\Users\MOMAIB\AppData\Roaming\ACEStream\player\npace_plugin.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_19_0_0_226.dll © P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll © P2 - FPN: [HKLM] [@RIM.com/WebSLLauncher,version=1.0] - (.Research In Motion.) -- C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll © ---\\ Internet Explorer Extensions, Start, Search (10) - 1s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw56VMFZJr47C0zjXs2DH2uYqt4puxQ8bpwNTZc-gM0BeB5XHumrUebfwrQhHj43ZMvr5gwgFqfJDgsbiEUj3gfpqO7Slibo9-dE5Lhoe29sea8mOTxzbNDwQ9oI5Y8LUDArfjCRraA1krLtzAoKU8XtGAI5- R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbutxkij9_bw56vmfzjr47c0zjxs2dh2uyqt4puxq8bpwntzc-gm0beb5xhumruebfwrqhhj43zmvr5gwgfqfjdgsodvzcxopp8rinui6rlc8aawbmhhybqcd-hxsxgzcwd4ymgc-slndgevkwumnmjli4v-z26djolzeg6&q={searchterms} R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbutxkij9_bw56vmfzjr47c0zjxs2dh2uyqt4puxq8bpwntzc-gm0beb5xhumruebfwrqhhj43zmvr5gwgfqfjdgsodvzcxopp8rinui6rlc8aawbmhhybqcd-hxsxgzcwd4ymgc-slndgevkwumnmjli4v-z26djolzeg6&q={searchterms} R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbutxkij9_bw56vmfzjr47c0zjxs2dh2uyqt4puxq8bpwntzc-gm0beb5xhumruebfwrqhhj43zmvr5gwgfqfjdgsodvzcxopp8rinui6rlc8aawbmhhybqcd-hxsxgzcwd4ymgc-slndgevkwumnmjli4v-z26djolzeg6&q={searchterms} R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbutxkij9_bw56vmfzjr47c0zjxs2dh2uyqt4puxq8bpwntzc-gm0beb5xhumruebfwrqhhj43zmvr5gwgfqfjdgsodvzcxopp8rinui6rlc8aawbmhhybqcd-hxsxgzcwd4ymgc-slndgevkwumnmjli4v-z26djolzeg6&q={searchterms} R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1 ---\\ Internet Explorer, Proxy Management (5) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) © F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) © F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.) © ---\\ Hosts file redirection (2) - 0s 31.13 ~ Le fichier hôte est sain (The hosts file is clean) (49) ---\\ Browser Helper Object (BHO) (5) - 0s O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll © O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\Office15\OCHelper.dll © O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll © O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL © O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll © ---\\ Auto loading programs from Registry and folders (26) - 1s O4 - HKLM\..\Run: [Qsocial] C:\Program Files\QSocial\ /auto (.not file.) O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe © O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe © O4 - HKLM\..\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.EXE © O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe © O4 - HKCU\..\Run: [Qsocial] . (...) -- C:\Program Files\QSocial\QSocial.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe © O4 - HKCU\..\Run: [FreeAC] . (.Comfort Software Group - Free Alarm Clock.) -- C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe O4 - HKCU\..\Run: [WaterWarner] . (...) -- C:\Program Files\WaterWarner\WaterWarner.lnk O4 - HKCU\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\OneDrive.exe © O4 - HKCU\..\Run: [Speech Recognition] . (.Microsoft Corporation - Speech Recognition.) -- C:\Windows\Speech\Common\sapisvr.exe © O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\MOMAIB\AppData\Roaming\uTorrent\uTorrent.exe O4 - HKCU\..\Run: [AceStream] . (...) -- C:\Users\MOMAIB\AppData\Roaming\ACEStream\engine\ace_engine.exe O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\System32\OneDriveSetup.exe © O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\System32\OneDriveSetup.exe © O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe © O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [Qsocial] . (...) -- C:\Program Files\QSocial\QSocial.exe O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe © O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [FreeAC] . (.Comfort Software Group - Free Alarm Clock.) -- C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [WaterWarner] . (...) -- C:\Program Files\WaterWarner\WaterWarner.lnk O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\OneDrive.exe © O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [Speech Recognition] . (.Microsoft Corporation - Speech Recognition.) -- C:\Windows\Speech\Common\sapisvr.exe © O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\MOMAIB\AppData\Roaming\uTorrent\uTorrent.exe O4 - HKUS\S-1-5-21-2674939989-929359133-1117883083-1001\..\Run: [AceStream] . (...) -- C:\Users\MOMAIB\AppData\Roaming\ACEStream\engine\ace_engine.exe ---\\ Lop.com/Domain Hijackers (6) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 212.217.0.12 212.217.1.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 62.251.230.241 212.217.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 212.217.0.12 212.217.1.12 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 62.251.230.241 212.217.1.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Extra protocols (26) - 0s O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll © O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll © O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll © O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll © O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll © O18 - Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) -- C:\Program Files\Microsoft Office\Office15\MSOSB.DLL © O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\System32\tbauth.dll © O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll © O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll © O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll © O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll © O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll © O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll © O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL © ---\\ AppInit_DLLs Registry value Autorun (1) - 0s O20 - AppInit_DLLs: . (...) - C:\ProgramData\ExtTag\laqrtny0.dll (.not file.) ---\\ Non Microsoft non disabled Windows Services (13) - 1s O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe © O23 - Service: @oem131.inf,%AEADISRV.SvcDesc%;Andrea ADI Filters Service (AEADIFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - C:\Windows\System32\AEADISRV.EXE © O23 - Service: Arp Intelligent Protection Service (AIPS) . (.Arcai.com - Arp Intelligent Protection Service.) - C:\Program Files\netcut\services\aips.exe © O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe © O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe © O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc. - BlueStacks Service.) - C:\Program Files\BlueStacks\HD-Service.exe © O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe © O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) . (.BlueStack Systems, Inc. - BlueStacks Updater Service.) - C:\Program Files\BlueStacks\HD-UpdaterService.exe © O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe © O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe © O23 - Service: Qsocial Service (QsocialUpdater) . (...) - C:\Program Files\QSocial\QSocial_Updater.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe © O23 - Service: Wise Boot Assistant (WiseBootAssistant) . (.WiseCleaner.com - Wise BootTime Service.) - C:\Program Files\Wise\Wise Care 365\BootTime.exe © ---\\ Task Planned Automatically (37) - 4s [MD5.83371B8890405945A712BC37584B4689] [APT] [3dxvfef2] (...) -- C:\Program Files\Common Files\sjpvbho0\6563ca0n31ajr.exe [54784] [MD5.2EED3542F86F77D56569504B37C8108A] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1045720] © [MD5.8C194A201698B4B4F77D974549819D1F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [269000] © [MD5.2B24F194FC5B657397ECB2923A68350E] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [5503768] © [MD5.F172AD4E906D97ED8F071896FC6789DC] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [107912] © [MD5.F172AD4E906D97ED8F071896FC6789DC] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [107912] © [MD5.432B6BB30A6B1B9EF03F3125AB7DCD0D] [APT] [snf] (...) -- C:\ProgramData\ExtTag\sqlq4hm0.exe [4096] [MD5.432B6BB30A6B1B9EF03F3125AB7DCD0D] [APT] [snp] (...) -- C:\ProgramData\ExtTag\sqlq4hm0.exe [4096] [MD5.45042BE9FD94BBA8306D354696CA4E3B] [APT] [Wise Care 365] (.WiseCleaner.com.) -- C:\Program Files\Wise\Wise Care 365\WiseTray.exe [2343984] © [MD5.B77EA52A2F5C975B7EDCA233BFACBBD8] [APT] [Wise Care 365 PC Checkup Task] (.WiseCleaner.com.) -- C:\Program Files\Wise\Wise Care 365\WiseCare365.exe [7947208] © [MD5.45042BE9FD94BBA8306D354696CA4E3B] [APT] [Wise Care 365.job] (.WiseCleaner.com.) -- C:\Program Files\Wise\Wise Care 365\WiseTray.exe [2343984] © [MD5.7686690C40B41423273C31F0075332B7] [APT] [Wise System Monitor] (.WiseCleaner.com.) -- C:\Program Files\Wise\Wise System Monitor\WiseSystemMonitor.exe [3323952] © [MD5.83371B8890405945A712BC37584B4689] [APT] [xkyug0yw] (...) -- C:\Program Files\Common Files\ybsp5dr5\1f8bbrpvwi3tc.exe [54784] [MD5.83371B8890405945A712BC37584B4689] [APT] [ylufljbb] (...) -- C:\Program Files\Common Files\k4kk0tuj\a872dokv2vxg5.exe [54784] [MD5.83371B8890405945A712BC37584B4689] [APT] [z5db54ol] (...) -- C:\Program Files\Common Files\v2yc4kcu\7b6ccdg1t2ozo.exe [54784] [MD5.71DCFA65CC4349CF08BFFF7A14D8BAE4] [APT] [{36B4D59D-3338-40A5-AA12-350D833755BB}] (.Google Inc..) -- c:\program files\Google\Chrome\application\chrome.exe [815944] © [MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [561984] © O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [830] © O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [882] © O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [886] © O39 - APT: Wise Care 365 - (.WiseCleaner.com.) -- C:\WINDOWS\Tasks\Wise Care 365.job [400] © O39 - APT: Wise System Monitor - (.WiseCleaner.com.) -- C:\WINDOWS\Tasks\Wise System Monitor.job [440] © O39 - APT: 3dxvfef2 - (...) -- C:\WINDOWS\System32\Tasks\3dxvfef2 [3208] O39 - APT: Adobe Acrobat Update Task - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task [3960] © O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater [3804] © O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [2884] © O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore [3740] © O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA [3992] © O39 - APT: snf - (...) -- C:\WINDOWS\System32\Tasks\snf [3172] O39 - APT: snp - (...) -- C:\WINDOWS\System32\Tasks\snp [3534] O39 - APT: Wise Care 365 - (.WiseCleaner.com.) -- C:\WINDOWS\System32\Tasks\Wise Care 365 [2938] © O39 - APT: Wise Care 365 PC Checkup Task - (.WiseCleaner.com.) -- C:\WINDOWS\System32\Tasks\Wise Care 365 PC Checkup Task [4132] © O39 - APT: Wise Care 365 - (.WiseCleaner.com.) -- C:\WINDOWS\System32\Tasks\Wise Care 365.job [3602] © O39 - APT: Wise System Monitor - (.WiseCleaner.com.) -- C:\WINDOWS\System32\Tasks\Wise System Monitor [2978] © O39 - APT: xkyug0yw - (...) -- C:\WINDOWS\System32\Tasks\xkyug0yw [3208] O39 - APT: ylufljbb - (...) -- C:\WINDOWS\System32\Tasks\ylufljbb [3208] O39 - APT: z5db54ol - (...) -- C:\WINDOWS\System32\Tasks\z5db54ol [3208] ---\\ Software installed (128) - 16s O42 - Logiciel: Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0 - (.Nokia.) [HKLM] -- 17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382 © O42 - Logiciel: Adobe Flash Player 19 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI © O42 - Logiciel: Adobe Photoshop CS4 - (...) [HKLM] -- Adobe Photoshop CS4_is1 O42 - Logiciel: Microsoft Age of Empires II - (...) [HKLM] -- Age of Empires 2.0 O42 - Logiciel: Microsoft Age of Empires II: The Conquerors Expansion - (...) [HKLM] -- Age of Empires II: The Conquerors Expansion 1.0 O42 - Logiciel: ASIO4ALL - (.Michael Tippach.) [HKLM] -- ASIO4ALL © O42 - Logiciel: Astroburn Lite - (.Disc Soft Ltd.) [HKLM] -- Astroburn Lite © O42 - Logiciel: BlackBerry Desktop Software 7.1 - (.Research In Motion Ltd..) [HKLM] -- BlackBerry_Desktop © O42 - Logiciel: BlackBerry Device Manager 7.0 - (.Research In Motion Ltd..) [HKLM] -- BlackBerry_HandheldManager © O42 - Logiciel: BlueStacks App Player - (.BlueStack Systems, Inc..) [HKLM] -- BlueStacks App Player © O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner © O42 - Logiciel: CDisplayEx 1.10.29 - (.Progdigy Software S.A.R.L..) [HKLM] -- CDisplayEx_is1 O42 - Logiciel: DAEMON Tools Lite - (.Disc Soft Ltd.) [HKLM] -- DAEMON Tools Lite © O42 - Logiciel: EyeLeo - (...) [HKLM] -- EyeLeo O42 - Logiciel: FL Studio 12 - (.Image-Line.) [HKLM] -- FL Studio 12 © O42 - Logiciel: FL Studio ASIO - (.Image-Line.) [HKLM] -- FL Studio ASIO © O42 - Logiciel: FormatFactory 3.6.0.0 - (.Format Factory.) [HKLM] -- FormatFactory © O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome © O42 - Logiciel: Guitar Pro 5.2 - (.Arobas Music.) [HKLM] -- Guitar Pro 5_is1 © O42 - Logiciel: Intel(R) Management Engine Interface - (.Intel Corporation.) [HKLM] -- HECI © O42 - Logiciel: IL Download Manager - (.Image-Line.) [HKLM] -- IL Download Manager © O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager © O42 - Logiciel: Internet Mobile - (.Huawei Technologies Co.,Ltd.) [HKLM] -- Internet Mobile © O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM] -- League of Legends 3.0.1 © O42 - Logiciel: Malwarebytes Anti-Malware version 2.1.8.1057 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes Anti-Malware_is1 © O42 - Logiciel: MEGAsync - (.Mega Limited.) [HKLM] -- MEGAsync © O42 - Logiciel: Mozilla Firefox 39.0.3 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 39.0.3 (x86 en-US) © O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService © O42 - Logiciel: PowerISO - (.Power Software Ltd.) [HKLM] -- PowerISO © O42 - Logiciel: Qsocial - (.Qsocial.) [HKLM] -- Qsocial O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM] -- TeamSpeak 3 Client © O42 - Logiciel: TechPowerUp GPU-Z - (.TechPowerUp.) [HKLM] -- TechPowerUp GPU-Z O42 - Logiciel: Unlocker 1.9.2 - (.Cedrick Collomb.) [HKLM] -- Unlocker © O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM] -- VLC media player © O42 - Logiciel: Voobly - (.Voobly.) [HKLM] -- Voobly_is1 © O42 - Logiciel: WinPcap 4.1.2 - (.CACE Technologies.) [HKLM] -- WinPcapInst © O42 - Logiciel: WinRAR 5.01 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver © O42 - Logiciel: Wise Auto Shutdown 1.45 - (.WiseCleaner.com, Inc..) [HKLM] -- Wise Auto Shutdown_is1 © O42 - Logiciel: Wise Care 365 3.87 - (.WiseCleaner.com, Inc..) [HKLM] -- Wise Care 365_is1 © O42 - Logiciel: Wise System Monitor 1.32 - (.WiseCleaner.com, Inc..) [HKLM] -- Wise System Monitor_is1 © O42 - Logiciel: YU-GI-OH ! STAREDITION 2010 - (.StarTeD.) [HKLM] -- YU-GI-OH ! STAREDITION 20101.0 O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {025E78AC-BD91-4E9E-B165-3C09D4084BA4} © O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {04AF207D-9A77-465A-8B76-991F6AB66245} © O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM] -- {08B32819-6EEF-4057-AEDA-5AB681A36A23} © O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {0BE9E708-5DC0-4963-9CFD-0AA519090E79} © O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM] -- {14A5537C-3F8F-4681-A741-138D8515B8CC} © O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM] -- {184CE391-7E0E-4C63-9935-D7A10EDFD3C6} © O42 - Logiciel: MSXML 4.0 SP3 Parser - (.Microsoft Corporation.) [HKLM] -- {196467F1-C11F-4F76-858B-5812ADC83B94} © O42 - Logiciel: MSXML 4.0 SP3 Parser (KB2758694) - (.Microsoft Corporation.) [HKLM] -- {1D95BA90-F4F8-47EC-A882-441C99D30C1E} © O42 - Logiciel: WinSoftMEsti - (.Adobe Systems Incorporated.) [HKLM] -- {1FFB45AE-120B-4A9D-A914-BE466C6BBB0A} © O42 - Logiciel: MSVC80_x86 - (.Nokia.) [HKLM] -- {212748BB-0DA5-46DE-82A1-403736DC9F27} © O42 - Logiciel: Skype™ 7.2 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7} © O42 - Logiciel: MPC-HC 1.7.8 - (.MPC-HC Team.) [HKLM] -- {2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1 © O42 - Logiciel: Java 7 Update 71 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217051FF} © O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.) [HKLM] -- {29373274-977E-413C-A4DE-DC0F8E80C429} © O42 - Logiciel: PDF Settings - (.Adobe Systems Incorporated.) [HKLM] -- {293D5729-7C01-4FA4-A4DE-BB6A1587BBB9} © O42 - Logiciel: Adobe Stock Photos CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {29E5EA97-5F74-4A57-B8B2-D4F169117183} © O42 - Logiciel: Inpaint 6.0 - (.Teorex.) [HKLM] -- {2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1 © O42 - Logiciel: Adobe Color EU Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {51846830-E7B2-4218-8968-B77F0FF475B8} © O42 - Logiciel: Free Picture Resizer version 1.0.1.2 - (.Free Picture Solutions.) [HKLM] -- {53076EED-5E5F-47D7-BB90-9B061B524D17}_is1 O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {538227C6-C74B-4A74-99E1-2C0B4F9DA5E1} © O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {54793AA1-5001-42F4-ABB6-C364617C6078} © O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} © O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM] -- {6ABE0BEE-D572-4FE8-B434-9E72A289431B} © O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {6D01D1B1-17BD-4F10-BB11-F08F0C47D42B} © O42 - Logiciel: MSVC80_x86_v2 - (.Nokia.) [HKLM] -- {6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} © O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {6E3939AE-9996-4D07-9A30-14C78AE93576} © O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} © O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {7678C8F6-1EEE-4832-8E22-199B01333ECC} © O42 - Logiciel: WaterWarner 0.1 - (.James, Ltd..) [HKLM] -- {77CA19C8-EB0D-413E-A1DB-94C23EBF86E7}_is1 O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} © O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {79155F2B-9895-49D7-8612-D92580E0DE5B} © O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM] -- {79BF4901-1EC4-4726-B3C2-A7859706C6E7} © O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM] -- {7FE25256-B7C1-480D-B736-10A67A833AEA} © O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {802771A9-A856-4A41-ACF7-1450E523C923} © O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} © O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {8D2BA474-F406-4710-9AE4-D4F22D21F0DD} © O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} © O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} © O42 - Logiciel: Adobe Type Support - (.Adobe Systems Incorporated.) [HKLM] -- {8E6808E2-613D-4FCD-81A2-6C8FA8E03312} © O42 - Logiciel: Free Alarm Clock 3.1.0 - (.Comfort Software Group.) [HKLM] -- {8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1 O42 - Logiciel: Security Update for Skype for Business 2015 (KB3085500) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6A5F1709-91E6-479F-B09F-D7FC9D2404D8} © O42 - Logiciel: Microsoft Access MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0015-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Excel MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0016-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft PowerPoint MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0018-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Publisher MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0019-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Outlook MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001A-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Word MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001B-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft InfoPath MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0044-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft DCF MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0090-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft OneNote MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00A1-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Groove MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00BA-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0117-0409-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Lync MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-012B-0409-0000-0000000FF1CE} © O42 - Logiciel: Security Update for Skype for Business 2015 (KB3085500) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{6A5F1709-91E6-479F-B09F-D7FC9D2404D8} © O42 - Logiciel: Update for Skype for Business 2015 (KB2889853) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259} © O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {90176341-0A8B-4CCC-A78D-F862228A6B95} © O42 - Logiciel: AMD Problem Report Wizard - (.Advanced Micro Devices, Inc..) [HKLM] -- {9021FF29-D705-75C8-D808-C45D796EBC7E} © O42 - Logiciel: Adobe Color NA Recommended Settings - (.Adobe Systems Incorporated.) [HKLM] -- {95655ED4-7CA5-46DF-907F-7144877A32E5} © O42 - Logiciel: Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.11761. - (.Microsoft Corporation.) [HKLM] -- {986E003C-E56D-5A47-110E-D3C81F0E8535} © O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {9C9824D9-9000-4373-A6A5-D0E5D4831394} © O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM] -- {A25FF1C0-80B6-4B8B-A551-DC525697A408} © O42 - Logiciel: Adobe CMaps - (.Adobe Systems Incorporated.) [HKLM] -- {A2B242BD-FF8D-4840-9DAA-9170EABEC59C} © O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-0804-1033-1959-001824157129} © O42 - Logiciel: Adobe Acrobat Reader DC - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AC0F074E4100} © O42 - Logiciel: MSVC90_x86 - (.Nokia.) [HKLM] -- {AF111648-99A1-453E-81DD-80DBBF6DAD0D} © O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM] -- {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} © O42 - Logiciel: Adobe Default Language CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {B9B35331-B7E4-4E5C-BF4C-7BC87856124D} © O42 - Logiciel: BlackBerry Desktop Software 7.1 - (.Research In Motion Ltd..) [HKLM] -- {BE5B0450-DCCB-4FE9-93E2-3B38D88A745B} © O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM] -- {C2D69781-F392-4118-A5A7-C7E9C38DBFC2} © O42 - Logiciel: BlackBerry Device Manager 7.0 - (.Research In Motion Ltd..) [HKLM] -- {CBAB27F5-C326-410D-B789-3C7240D91D25} © O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM] -- {D0DFF92A-492E-4C40-B862-A74A173C25C5} © O42 - Logiciel: Adobe PDF Library Files - (.Adobe Systems Incorporated.) [HKLM] -- {D2559B88-CC9D-4B48-81BB-F492BAA9C48C} © O42 - Logiciel: GTA San Andreas - (.Rockstar Games.) [HKLM] -- {D417C96A-FCC7-4590-A1BB-FAF73F5BC98E} © O42 - Logiciel: Adobe Color JA Extra Settings - (.Adobe Systems Incorporated.) [HKLM] -- {D92B72E2-C854-4738-8ED6-4C3661CC17AE} © O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.) [HKLM] -- {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} © O42 - Logiciel: HydraVision - (.Advanced Micro Devices, Inc..) [HKLM] -- {DE89F007-B75E-368D-47D2-ADE9AF616261} © O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} © O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM] -- {E69AE897-9E0B-485C-8552-7841F48D42D8} © O42 - Logiciel: SoundMAX - (.Analog Devices.) [HKLM] -- {F0A37341-D692-11D4-A984-009027EC0A9C} © O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} © O42 - Logiciel: BlueStacks Notification Center - (.BlueStack Systems, Inc..) [HKLM] -- {FDB8F715-FC8D-4C20-B614-E0361BB69A17} © O42 - Logiciel: Ace Stream Media 3.1.0 - (.Ace Stream Media.) [HKCU] -- AceStream © O42 - Logiciel: GameRanger - (.GameRanger Technologies.) [HKCU] -- GameRanger © O42 - Logiciel: PhotoFiltre Studio X - (...) [HKCU] -- PhotoFiltre Studio X O42 - Logiciel: Qsocial - (.Qsocial.) [HKCU] -- Qsocial O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU] -- UnityWebPlayer © O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent ---\\ HKCU & HKLM Software Keys (212) - 17s HKLM\SOFTWARE\0968be64-279e-4848-8623-30fa42e5f57b =>PUP.Optional.CrossRider HKLM\SOFTWARE\121_31 HKLM\SOFTWARE\Adobe HKLM\SOFTWARE\AdwCleaner HKLM\SOFTWARE\Ahead HKLM\SOFTWARE\Analog Devices HKLM\SOFTWARE\AppDataLow HKLM\SOFTWARE\Apple Computer, Inc. HKLM\SOFTWARE\Apple Inc. HKLM\SOFTWARE\Arcai HKLM\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKLM\SOFTWARE\Arobas Music HKLM\SOFTWARE\ASIO HKLM\SOFTWARE\ASIO4ALL HKLM\SOFTWARE\ATI Technologies HKLM\SOFTWARE\AVG HKLM\SOFTWARE\BitDefender Parental Control HKLM\SOFTWARE\BlueStacks HKLM\SOFTWARE\Caphyon HKLM\SOFTWARE\CBSTEST HKLM\SOFTWARE\Client HKLM\SOFTWARE\Disc Soft HKLM\SOFTWARE\Docudesk HKLM\SOFTWARE\Extended Systems HKLM\SOFTWARE\EyeLeo HKLM\SOFTWARE\Forward Development HKLM\SOFTWARE\Fraps HKLM\SOFTWARE\GEAR Software HKLM\SOFTWARE\GoHD =>PUP.Optional.CrossRider HKLM\SOFTWARE\GoHD-nv =>PUP.Optional.CrossRider HKLM\SOFTWARE\Google HKLM\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKLM\SOFTWARE\HitmanPro HKLM\SOFTWARE\Huawei technologies HKLM\SOFTWARE\IDM HKLM\SOFTWARE\IM Providers HKLM\SOFTWARE\Image-Line HKLM\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions HKLM\SOFTWARE\InstalledOptions HKLM\SOFTWARE\Intel HKLM\SOFTWARE\Internet Download Manager HKLM\SOFTWARE\InterVideo HKLM\SOFTWARE\IO Interactive HKLM\SOFTWARE\JavaSoft HKLM\SOFTWARE\JreMetrics HKLM\SOFTWARE\Khronos HKLM\SOFTWARE\KONAMI HKLM\SOFTWARE\L&H HKLM\SOFTWARE\Licenses HKLM\SOFTWARE\LogMeInRescueCallingCard HKLM\SOFTWARE\Macromedia HKLM\SOFTWARE\Macrovision HKLM\SOFTWARE\Malwarebytes' Anti-Malware HKLM\SOFTWARE\McAfee.com HKLM\SOFTWARE\Mozilla HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\MozillaPlugins HKLM\SOFTWARE\mtExtTag HKLM\SOFTWARE\mtNimzap HKLM\SOFTWARE\NCH Software HKLM\SOFTWARE\NCH Swift Sound HKLM\SOFTWARE\Nero HKLM\SOFTWARE\Nokia HKLM\SOFTWARE\NSIS.Library.RegTool.v3 HKLM\SOFTWARE\NVIDIA Corporation HKLM\SOFTWARE\ODBC HKLM\SOFTWARE\OEM HKLM\SOFTWARE\Opera Software HKLM\SOFTWARE\Origin Games HKLM\SOFTWARE\oursurfingSoftware =>PUP.Optional.OurSurfing HKLM\SOFTWARE\Outsim HKLM\SOFTWARE\PC Connectivity Solution HKLM\SOFTWARE\PCSuite HKLM\SOFTWARE\pictureresizer_setup HKLM\SOFTWARE\Piriform HKLM\SOFTWARE\PowerISO HKLM\SOFTWARE\Propellerhead Software HKLM\SOFTWARE\Reason HKLM\SOFTWARE\RegisteredApplications HKLM\SOFTWARE\Research In Motion HKLM\SOFTWARE\Riot Games HKLM\SOFTWARE\Rockstar Games HKLM\SOFTWARE\SavePass 1.1-nv-edge =>PUP.Optional.CrossRider HKLM\SOFTWARE\searchult =>PUP.Optional.Generic HKLM\SOFTWARE\Ski Search =>PUP.Optional.SkiSearch HKLM\SOFTWARE\Skype HKLM\SOFTWARE\SoftVoice HKLM\SOFTWARE\Sonic HKLM\SOFTWARE\SonicFocus HKLM\SOFTWARE\SOSVirus HKLM\SOFTWARE\Syntrillium HKLM\SOFTWARE\TeamSpeak 3 Client HKLM\SOFTWARE\TeamViewer HKLM\SOFTWARE\ThinPrint HKLM\SOFTWARE\tueagles HKLM\SOFTWARE\TuneUp HKLM\SOFTWARE\VideoLAN HKLM\SOFTWARE\VMware, Inc. HKLM\SOFTWARE\Voice HKLM\SOFTWARE\Volatile HKLM\SOFTWARE\VST HKLM\SOFTWARE\WinPcap HKLM\SOFTWARE\WinRAR HKLM\SOFTWARE\WiseCleaner HKLM\SOFTWARE\WOW6432Node HKLM\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\AceStream HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\Ahead HKCU\SOFTWARE\Analog Devices HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\Apple Computer, Inc. HKCU\SOFTWARE\Apple Inc. HKCU\SOFTWARE\Arcai.com HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKCU\SOFTWARE\ASProtect HKCU\SOFTWARE\Audacity HKCU\SOFTWARE\AVG HKCU\SOFTWARE\BitTorrent HKCU\SOFTWARE\Caphyon HKCU\SOFTWARE\Chromium HKCU\SOFTWARE\CinemaP-1.9cV16.09-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\ComfortSoftware HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse HKCU\SOFTWARE\Disc Soft HKCU\SOFTWARE\DivXNetworks HKCU\SOFTWARE\DownloadManager HKCU\SOFTWARE\Electronic Arts HKCU\SOFTWARE\Extended Systems HKCU\SOFTWARE\FormatFactory HKCU\SOFTWARE\FreeTime HKCU\SOFTWARE\Gabest HKCU\SOFTWARE\GameRanger HKCU\SOFTWARE\GameSpy HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate HKCU\SOFTWARE\GoHD =>PUP.Optional.CrossRider HKCU\SOFTWARE\GoHD-nv =>PUP.Optional.CrossRider HKCU\SOFTWARE\Google HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKCU\SOFTWARE\IGA HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\Image-Line HKCU\SOFTWARE\IMDownloader HKCU\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions HKCU\SOFTWARE\InstallPath HKCU\SOFTWARE\Integrator HKCU\SOFTWARE\Intel HKCU\SOFTWARE\JavaSoft HKCU\SOFTWARE\L2j Community Network HKCU\SOFTWARE\Licenses HKCU\SOFTWARE\Logitech HKCU\SOFTWARE\LogMeInRescueCallingCard HKCU\SOFTWARE\LowRegistry HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\MainConcept HKCU\SOFTWARE\MCAFEE HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\MPC-HC HKCU\SOFTWARE\mtExtTag HKCU\SOFTWARE\mtNimzap HKCU\SOFTWARE\NCH Software HKCU\SOFTWARE\NCH Swift Sound HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\Nokia HKCU\SOFTWARE\Noromaa Solutions HKCU\SOFTWARE\NVIDIA Corporation HKCU\SOFTWARE\OB HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\Opera Software HKCU\SOFTWARE\PhotoFiltre Studio X HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\PowerISO HKCU\SOFTWARE\QtProject HKCU\SOFTWARE\RDP HKCU\SOFTWARE\Reason HKCU\SOFTWARE\RegisteredApplications HKCU\SOFTWARE\Research In Motion HKCU\SOFTWARE\SAMP HKCU\SOFTWARE\SavePass 1.1 =>PUP.Optional.CrossRider HKCU\SOFTWARE\SavePass 1.1-nv-edge =>PUP.Optional.CrossRider HKCU\SOFTWARE\Ski Search =>PUP.Optional.SkiSearch HKCU\SOFTWARE\Skype HKCU\SOFTWARE\Skyshape HKCU\SOFTWARE\Smart Soft HKCU\SOFTWARE\SoftVoice HKCU\SOFTWARE\Syntrillium HKCU\SOFTWARE\TeamViewer HKCU\SOFTWARE\techPowerUp HKCU\SOFTWARE\TeleCharger HKCU\SOFTWARE\Teorex HKCU\SOFTWARE\Trolltech HKCU\SOFTWARE\TuneUp HKCU\SOFTWARE\undefined HKCU\SOFTWARE\Unity HKCU\SOFTWARE\Valve HKCU\SOFTWARE\VB and VBA Program Settings HKCU\SOFTWARE\Voobly HKCU\SOFTWARE\WebApp HKCU\SOFTWARE\Winamp HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\Wow6432Node HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\ZAR HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\AppDataLow\Software HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider HKCU\SOFTWARE\AppDataLow\Software\JavaSoft HKCU\SOFTWARE\AppDataLow\Software\lescifut HKCU\SOFTWARE\AppDataLow\Software\Unity HKCU\SOFTWARE\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ =>PUP.Optional.CrossRider ---\\ Contents of the Common Files folders (384) - 24s O43 - CFD: 2015/04/10 02:24:44 - [] D -- C:\Program Files\Adobe O43 - CFD: 2015/09/17 03:22:06 - [] D -- C:\Program Files\AMD APP O43 - CFD: 2015/08/02 03:09:40 - [] D -- C:\Program Files\Analog Devices O43 - CFD: 2015/08/16 10:22:10 - [] D -- C:\Program Files\Anki O43 - CFD: 2015/03/10 20:32:25 - [] D -- C:\Program Files\Apple Software Update O43 - CFD: 2015/09/18 15:15:24 - [] D -- C:\Program Files\ASIO4ALL v2 O43 - CFD: 2014/10/20 20:49:16 - [] D -- C:\Program Files\Astroburn Lite O43 - CFD: 2015/08/02 03:58:23 - [] D -- C:\Program Files\ATI Technologies O43 - CFD: 2015/06/08 02:32:50 - [] D -- C:\Program Files\Auto Shutdown O43 - CFD: 2015/08/16 12:16:55 - [] D -- C:\Program Files\baidu O43 - CFD: 2015/01/07 12:41:17 - [] D -- C:\Program Files\BlueStacks O43 - CFD: 2015/08/28 14:34:07 - [] D -- C:\Program Files\Bonjour O43 - CFD: 2015/01/19 20:46:47 - [] D -- C:\Program Files\BrainWave Generator O43 - CFD: 2015/08/13 18:41:09 - [0] D -- C:\Program Files\cce98bbb-5151-42aa-9461-de1d152a01b3 =>PUP.Optional.CrossRider O43 - CFD: 2015/04/07 21:29:16 - [] D -- C:\Program Files\CCleaner O43 - CFD: 2015/09/26 12:06:56 - [] D -- C:\Program Files\CDisplayEx O43 - CFD: 2015/09/16 12:53:23 - [] D -- C:\Program Files\Common Files O43 - CFD: 2014/10/20 20:49:19 - [] D -- C:\Program Files\DAEMON Tools Lite O43 - CFD: 2015/01/04 20:17:22 - [] D -- C:\Program Files\DIFX O43 - CFD: 2015/03/20 18:22:41 - [] D -- C:\Program Files\DSPRobotics O43 - CFD: 2015/07/31 13:21:33 - [] D -- C:\Program Files\DVD Maker O43 - CFD: 2015/09/26 03:26:08 - [] D -- C:\Program Files\EyeLeo O43 - CFD: 2015/08/16 12:21:43 - [] D -- C:\Program Files\fchk32 =>PUP.Optional.Amonetize O43 - CFD: 2015/08/30 23:40:24 - [] D -- C:\Program Files\Free Picture Resizer O43 - CFD: 2015/07/20 04:59:22 - [] D -- C:\Program Files\FreeAlarmClock O43 - CFD: 2015/04/06 18:13:32 - [] D -- C:\Program Files\FreeTime O43 - CFD: 2015/07/17 22:52:07 - [] D -- C:\Program Files\FROM_Monitor O43 - CFD: 2015/09/17 12:57:03 - [] D -- C:\Program Files\globalUpdate =>PUP.Optional.GlobalUpdate O43 - CFD: 2015/08/16 12:17:00 - [] D -- C:\Program Files\GoHD =>PUP.Optional.CrossRider O43 - CFD: 2015/02/03 03:09:13 - [] D -- C:\Program Files\Google O43 - CFD: 2015/08/02 02:57:40 - [] D -- C:\Program Files\GPU-Z O43 - CFD: 2014/10/20 20:49:19 - [] D -- C:\Program Files\Guitar Pro 5 O43 - CFD: 2015/04/13 23:47:55 - [] D -- C:\Program Files\Hitman Codename 47 O43 - CFD: 2015/08/16 11:32:16 - [0] D -- C:\Program Files\HitmanPro O43 - CFD: 2015/09/18 15:15:26 - [] D -- C:\Program Files\Image-Line O43 - CFD: 2015/05/03 17:20:12 - [] D -- C:\Program Files\Inpaint O43 - CFD: 2015/08/02 03:09:33 - [] HD -- C:\Program Files\InstallShield Installation Information O43 - CFD: 2014/11/13 14:01:33 - [] D -- C:\Program Files\Intel O43 - CFD: 2015/10/09 16:35:19 - [] D -- C:\Program Files\Internet Download Manager O43 - CFD: 2015/08/07 17:13:22 - [] D -- C:\Program Files\Internet Explorer O43 - CFD: 2015/03/25 12:26:55 - [] D -- C:\Program Files\Internet Mobile O43 - CFD: 2015/08/28 14:36:53 - [] D -- C:\Program Files\iPod O43 - CFD: 2015/08/28 14:37:37 - [] D -- C:\Program Files\iTunes O43 - CFD: 2014/10/31 22:39:33 - [] D -- C:\Program Files\Java O43 - CFD: 2014/07/18 03:04:53 - [0] D -- C:\Program Files\KMSpico =>HackTool.KMSpico O43 - CFD: 2015/08/16 10:25:33 - [0] D -- C:\Program Files\LG Electronics O43 - CFD: 2015/08/16 10:50:16 - [] D -- C:\Program Files\Malwarebytes Anti-Malware O43 - CFD: 2014/07/11 05:05:39 - [] D -- C:\Program Files\Microsoft Analysis Services O43 - CFD: 2015/07/31 13:21:34 - [] D -- C:\Program Files\Microsoft Games O43 - CFD: 2015/08/24 14:23:23 - [] D -- C:\Program Files\Microsoft Office O43 - CFD: 2014/12/22 01:32:06 - [] D -- C:\Program Files\Microsoft OneDrive O43 - CFD: 2015/08/13 18:42:26 - [] D -- C:\Program Files\Microsoft Silverlight O43 - CFD: 2014/07/11 05:09:01 - [] D -- C:\Program Files\Microsoft SQL Server O43 - CFD: 2014/12/22 01:37:27 - [] D -- C:\Program Files\Microsoft SQL Server Compact Edition O43 - CFD: 2014/06/23 00:14:57 - [] D -- C:\Program Files\Microsoft Visual Studio 8 O43 - CFD: 2015/07/31 13:21:35 - [] D -- C:\Program Files\Microsoft.NET O43 - CFD: 2015/10/05 02:27:37 - [] D -- C:\Program Files\Mozilla Firefox O43 - CFD: 2015/08/13 18:42:26 - [] D -- C:\Program Files\Mozilla Maintenance Service O43 - CFD: 2015/02/13 02:44:05 - [] D -- C:\Program Files\MPC-HC O43 - CFD: 2015/07/31 20:36:49 - [] D -- C:\Program Files\MSBuild O43 - CFD: 2014/12/22 05:14:08 - [] D -- C:\Program Files\MSXML 4.0 O43 - CFD: 2015/07/24 22:36:38 - [] D -- C:\Program Files\netcut O43 - CFD: 2015/03/15 14:58:57 - [] D -- C:\Program Files\NetCutDefender O43 - CFD: 2015/03/15 15:27:39 - [] D -- C:\Program Files\Nokia O43 - CFD: 2015/06/05 10:58:04 - [] D -- C:\Program Files\NVIDIA Corporation O43 - CFD: 2015/01/17 11:43:15 - [] D -- C:\Program Files\Opera O43 - CFD: 2015/03/15 15:30:35 - [] D -- C:\Program Files\Origin O43 - CFD: 2014/12/07 22:40:08 - [] D -- C:\Program Files\Origin Games O43 - CFD: 2014/07/27 08:34:39 - [] D -- C:\Program Files\Outsim O43 - CFD: 2015/01/04 20:17:16 - [] D -- C:\Program Files\PC Connectivity Solution O43 - CFD: 2015/07/03 20:10:47 - [] D -- C:\Program Files\PhotoFiltre Studio X O43 - CFD: 2015/08/30 23:39:06 - [] D -- C:\Program Files\pictureresizer_setup O43 - CFD: 2014/08/08 15:49:55 - [] D -- C:\Program Files\Portforward.com O43 - CFD: 2015/09/09 18:22:11 - [] D -- C:\Program Files\PowerISO O43 - CFD: 2015/08/17 12:44:17 - [] D -- C:\Program Files\QSocial O43 - CFD: 2015/06/21 14:47:56 - [0] D -- C:\Program Files\Reason O43 - CFD: 2015/07/31 20:36:49 - [] D -- C:\Program Files\Reference Assemblies O43 - CFD: 2015/05/12 15:52:57 - [] D -- C:\Program Files\Research In Motion O43 - CFD: 2015/03/20 15:11:33 - [] D -- C:\Program Files\ReviverSoft O43 - CFD: 2014/08/03 05:17:20 - [] D -- C:\Program Files\Rockstar Games O43 - CFD: 2015/05/21 22:56:49 - [] D -- C:\Program Files\Ski Search =>PUP.Optional.SkiSearch O43 - CFD: 2015/06/05 11:00:06 - [] RD -- C:\Program Files\Skype O43 - CFD: 2015/05/28 00:28:50 - [] D -- C:\Program Files\TeamSpeak 3 Client O43 - CFD: 2015/07/10 10:55:46 - [0] HD -- C:\Program Files\Uninstall Information O43 - CFD: 2014/11/09 21:32:07 - [] D -- C:\Program Files\Unlocker O43 - CFD: 2014/11/13 14:07:38 - [] D -- C:\Program Files\VideoLAN O43 - CFD: 2015/07/16 04:17:40 - [] D -- C:\Program Files\Voobly O43 - CFD: 2015/09/18 15:14:01 - [] D -- C:\Program Files\VstPlugins O43 - CFD: 2015/07/27 13:01:06 - [] D -- C:\Program Files\WaterWarner O43 - CFD: 2015/08/03 17:57:49 - [] D -- C:\Program Files\Windows Defender O43 - CFD: 2015/09/09 13:53:18 - [] D -- C:\Program Files\Windows Journal O43 - CFD: 2014/12/22 01:50:12 - [] D -- C:\Program Files\Windows Live O43 - CFD: 2015/07/31 13:21:36 - [] D -- C:\Program Files\Windows Mail O43 - CFD: 2015/08/03 17:57:49 - [] D -- C:\Program Files\Windows Media Player O43 - CFD: 2015/07/10 09:28:25 - [] D -- C:\Program Files\Windows Multimedia Platform O43 - CFD: 2015/07/10 09:28:23 - [] D -- C:\Program Files\Windows NT O43 - CFD: 2015/08/03 17:57:49 - [] D -- C:\Program Files\Windows Photo Viewer O43 - CFD: 2015/07/10 09:28:25 - [] D -- C:\Program Files\Windows Portable Devices O43 - CFD: 2015/07/31 13:21:37 - [] SHD -- C:\Program Files\Windows Sidebar O43 - CFD: 2015/10/23 12:26:58 - [] HD -- C:\Program Files\WindowsApps O43 - CFD: 2015/07/10 09:28:23 - [] SD -- C:\Program Files\WindowsPowerShell O43 - CFD: 2015/07/15 04:24:20 - [] D -- C:\Program Files\WinPcap O43 - CFD: 2014/10/20 20:49:27 - [] D -- C:\Program Files\WinRAR O43 - CFD: 2015/06/27 14:04:46 - [] D -- C:\Program Files\Wise O43 - CFD: 2015/04/09 00:48:46 - [] D -- C:\Program Files\YU-GI-OH ! STAREDITION 2010 O43 - CFD: 2015/10/01 04:29:35 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 2015/07/31 13:27:26 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2015/07/31 13:27:26 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe O43 - CFD: 2015/08/02 03:58:24 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 2015/09/26 12:06:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock O43 - CFD: 2015/08/30 23:40:24 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Picture Resizer O43 - CFD: 2015/03/15 15:22:53 - [0] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5 O43 - CFD: 2015/09/18 15:13:28 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Mobile O43 - CFD: 2015/08/28 14:37:39 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java O43 - CFD: 2015/07/31 13:27:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends O43 - CFD: 2015/07/10 09:28:25 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/08/16 10:50:16 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware O43 - CFD: 2015/07/31 13:21:42 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medal of Honor™ O43 - CFD: 2015/07/31 13:21:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games O43 - CFD: 2015/10/14 03:55:46 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 O43 - CFD: 2015/08/12 11:34:02 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X O43 - CFD: 2015/09/09 18:22:11 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO O43 - CFD: 2015/07/31 13:21:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer O43 - CFD: 2015/07/31 13:21:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 2015/08/17 13:03:55 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp O43 - CFD: 2015/07/10 09:28:25 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 2015/07/10 11:49:43 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Capture Convert Split Merge Burn Studio O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voobly O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaterWarner O43 - CFD: 2015/07/31 13:27:27 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Auto Shutdown O43 - CFD: 2015/10/03 18:04:18 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365 O43 - CFD: 2015/07/31 13:27:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise System Monitor O43 - CFD: 2015/02/03 00:31:13 - [] D -- C:\ProgramData\15110483129248663602 O43 - CFD: 2015/04/10 03:18:01 - [] D -- C:\ProgramData\Adobe O43 - CFD: 2014/12/22 05:31:55 - [] D -- C:\ProgramData\Ahead O43 - CFD: 2015/03/10 20:32:20 - [] D -- C:\ProgramData\Apple O43 - CFD: 2015/03/10 20:33:23 - [] D -- C:\ProgramData\Apple Computer O43 - CFD: 2015/07/10 10:55:30 - [0] SHD -- C:\ProgramData\Application Data O43 - CFD: 2014/06/30 22:02:45 - [] D -- C:\ProgramData\Astroburn Lite O43 - CFD: 2014/09/27 22:57:52 - [] D -- C:\ProgramData\AutoHideIP O43 - CFD: 2015/08/28 14:36:44 - [] D -- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB O43 - CFD: 2015/04/06 18:14:39 - [] D -- C:\ProgramData\Baidu O43 - CFD: 2014/06/20 12:14:54 - [] D -- C:\ProgramData\BDLogging O43 - CFD: 2015/01/07 12:41:34 - [] D -- C:\ProgramData\BlueStacks O43 - CFD: 2015/03/15 15:12:56 - [] D -- C:\ProgramData\BlueStacksSetup O43 - CFD: 2014/07/27 08:39:37 - [] HD -- C:\ProgramData\Common Files O43 - CFD: 2015/07/10 09:28:23 - [0] D -- C:\ProgramData\Comms O43 - CFD: 2014/06/20 21:20:21 - [] D -- C:\ProgramData\DAEMON Tools Lite O43 - CFD: 2015/01/19 20:45:44 - [] D -- C:\ProgramData\DatacardService O43 - CFD: 2015/07/10 10:55:30 - [0] SHD -- C:\ProgramData\Desktop O43 - CFD: 2015/07/10 10:55:30 - [0] SHD -- C:\ProgramData\Documents O43 - CFD: 2014/11/07 17:37:59 - [] SHD -- C:\ProgramData\DSS O43 - CFD: 2014/06/20 14:37:00 - [] D -- C:\ProgramData\EA Core O43 - CFD: 2014/06/20 15:02:54 - [] D -- C:\ProgramData\EA Logs O43 - CFD: 2014/06/20 14:37:03 - [] D -- C:\ProgramData\Electronic Arts O43 - CFD: 2015/08/16 12:17:01 - [] D -- C:\ProgramData\ExtTag =>PUP.Optional.ExtTag O43 - CFD: 2015/08/15 22:56:46 - [] D -- C:\ProgramData\ExtTags =>PUP.Optional.ExtTag O43 - CFD: 2015/07/31 13:37:52 - [0] SHD -- C:\ProgramData\Favorites O43 - CFD: 2015/06/27 14:02:41 - [] D -- C:\ProgramData\fbphhcmlhjedglhheehmleemhejnlcli O43 - CFD: 2014/06/23 17:09:30 - [] D -- C:\ProgramData\FLEXnet O43 - CFD: 2015/08/16 12:17:15 - [] D -- C:\ProgramData\HitmanPro O43 - CFD: 2014/06/20 03:03:03 - [0] D -- C:\ProgramData\IDM O43 - CFD: 2014/09/22 17:20:30 - [] D -- C:\ProgramData\Informer Technologies, Inc O43 - CFD: 2014/09/29 14:31:31 - [] D -- C:\ProgramData\Installations O43 - CFD: 2015/01/18 14:35:22 - [] D -- C:\ProgramData\Internet Mobile O43 - CFD: 2014/06/26 16:36:56 - [] D -- C:\ProgramData\KONAMI O43 - CFD: 2014/12/05 10:27:09 - [] D -- C:\ProgramData\Malwarebytes O43 - CFD: 2015/08/02 02:18:57 - [] SD -- C:\ProgramData\Microsoft O43 - CFD: 2015/10/14 03:55:33 - [] D -- C:\ProgramData\Microsoft Help O43 - CFD: 2014/12/22 01:31:42 - [] D -- C:\ProgramData\Microsoft OneDrive O43 - CFD: 2014/07/11 06:07:53 - [] D -- C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS O43 - CFD: 2014/06/20 02:46:08 - [] D -- C:\ProgramData\Mozilla O43 - CFD: 2015/08/16 12:17:01 - [] D -- C:\ProgramData\Nimzap O43 - CFD: 2015/08/15 21:47:39 - [] D -- C:\ProgramData\Nimzaps O43 - CFD: 2015/01/07 11:59:40 - [0] D -- C:\ProgramData\Nokia O43 - CFD: 2015/01/04 20:09:40 - [] D -- C:\ProgramData\NokiaInstallerCache O43 - CFD: 2014/10/31 22:39:48 - [0] D -- C:\ProgramData\Oracle O43 - CFD: 2015/03/15 15:30:29 - [] D -- C:\ProgramData\Origin O43 - CFD: 2014/09/29 14:34:12 - [] D -- C:\ProgramData\PC Suite O43 - CFD: 2015/05/21 21:49:15 - [] D -- C:\ProgramData\Reason O43 - CFD: 2015/08/24 14:25:05 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 2015/01/15 13:30:39 - [] D -- C:\ProgramData\Research In Motion O43 - CFD: 2015/05/09 20:08:23 - [0] D -- C:\ProgramData\Riot Games O43 - CFD: 2015/08/17 13:03:54 - [] D -- C:\ProgramData\rvlkl =>PUP.Optional.RelevantKnowledge O43 - CFD: 2015/03/25 02:35:34 - [] D -- C:\ProgramData\Skype O43 - CFD: 2015/08/03 06:50:50 - [] D -- C:\ProgramData\SoftwareDistribution O43 - CFD: 2015/08/02 03:09:41 - [] D -- C:\ProgramData\SonicFocus O43 - CFD: 2015/07/10 10:55:30 - [0] SHD -- C:\ProgramData\Start Menu O43 - CFD: 2014/10/31 04:03:39 - [] D -- C:\ProgramData\Sun O43 - CFD: 2014/07/30 14:24:28 - [0] AD -- C:\ProgramData\TEMP O43 - CFD: 2015/07/10 10:55:30 - [0] SHD -- C:\ProgramData\Templates O43 - CFD: 2014/09/29 01:42:31 - [] D -- C:\ProgramData\TuneUp Software O43 - CFD: 2014/07/02 19:40:16 - [] D -- C:\ProgramData\Ubisoft O43 - CFD: 2015/07/10 10:56:39 - [] D -- C:\ProgramData\USOPrivate O43 - CFD: 2015/07/10 10:56:39 - [] D -- C:\ProgramData\USOShared O43 - CFD: 2015/05/30 11:20:06 - [] D -- C:\ProgramData\VMware O43 - CFD: 2014/07/27 08:39:44 - [] SHD -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} O43 - CFD: 2014/12/19 16:08:57 - [] SHD -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} O43 - CFD: 2015/04/10 02:24:48 - [] D -- C:\Program Files\Common Files\Adobe O43 - CFD: 2015/08/28 14:36:52 - [] D -- C:\Program Files\Common Files\Apple O43 - CFD: 2014/11/06 19:11:09 - [] D -- C:\Program Files\Common Files\Bitdefender O43 - CFD: 2014/10/20 20:49:17 - [] D -- C:\Program Files\Common Files\DESIGNER O43 - CFD: 2014/12/07 22:40:12 - [0] HD -- C:\Program Files\Common Files\EAInstaller O43 - CFD: 2014/08/03 05:16:16 - [] D -- C:\Program Files\Common Files\InstallShield O43 - CFD: 2014/10/31 22:39:44 - [] D -- C:\Program Files\Common Files\Java O43 - CFD: 2015/08/15 21:28:37 - [] D -- C:\Program Files\Common Files\k4kk0tuj O43 - CFD: 2014/06/20 20:58:49 - [] D -- C:\Program Files\Common Files\Macrovision Shared O43 - CFD: 2015/07/31 13:21:32 - [] D -- C:\Program Files\Common Files\microsoft shared O43 - CFD: 2015/03/20 18:24:22 - [] D -- C:\Program Files\Common Files\Propellerhead Software O43 - CFD: 2015/01/15 13:30:49 - [] D -- C:\Program Files\Common Files\Research In Motion O43 - CFD: 2015/07/10 09:28:25 - [] D -- C:\Program Files\Common Files\Services O43 - CFD: 2015/08/15 21:28:37 - [] D -- C:\Program Files\Common Files\sjpvbho0 O43 - CFD: 2015/03/25 02:35:15 - [] D -- C:\Program Files\Common Files\Skype O43 - CFD: 2015/07/31 13:21:32 - [] D -- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 2015/08/03 17:57:48 - [] D -- C:\Program Files\Common Files\System O43 - CFD: 2015/08/15 21:28:37 - [] D -- C:\Program Files\Common Files\v2yc4kcu O43 - CFD: 2014/12/22 01:30:29 - [] D -- C:\Program Files\Common Files\Windows Live O43 - CFD: 2015/01/15 13:30:43 - [] D -- C:\Program Files\Common Files\XCPCSync.OEM O43 - CFD: 2015/08/15 21:28:37 - [] D -- C:\Program Files\Common Files\ybsp5dr5 O43 - CFD: 2015/09/27 04:51:00 - [] D -- C:\Users\MOMAIB\AppData\Roaming\.ACEStream O43 - CFD: 2015/09/26 15:33:48 - [] D -- C:\Users\MOMAIB\AppData\Roaming\ACEStream O43 - CFD: 2015/04/10 02:27:27 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Adobe O43 - CFD: 2014/12/30 09:31:27 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Ahead O43 - CFD: 2015/08/29 17:09:56 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Apple Computer O43 - CFD: 2015/07/07 05:45:11 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Audacity O43 - CFD: 2014/07/27 08:41:03 - [] D -- C:\Users\MOMAIB\AppData\Roaming\AVG O43 - CFD: 2015/09/26 12:07:38 - [] D -- C:\Users\MOMAIB\AppData\Roaming\CDisplayEx O43 - CFD: 2014/09/21 02:26:16 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Cool Record Edit Pro O43 - CFD: 2015/08/16 11:30:57 - [] D -- C:\Users\MOMAIB\AppData\Roaming\DAEMON Tools Lite O43 - CFD: 2015/01/14 14:46:44 - [] D -- C:\Users\MOMAIB\AppData\Roaming\deskPDF Editor O43 - CFD: 2015/01/14 14:53:38 - [] D -- C:\Users\MOMAIB\AppData\Roaming\deskUNPDF O43 - CFD: 2015/10/24 05:15:09 - [] D -- C:\Users\MOMAIB\AppData\Roaming\DMCache O43 - CFD: 2015/09/26 03:26:12 - [] D -- C:\Users\MOMAIB\AppData\Roaming\EyeLeo O43 - CFD: 2014/12/19 16:06:52 - [] D -- C:\Users\MOMAIB\AppData\Roaming\FlowStone O43 - CFD: 2015/01/14 14:22:28 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Free PDF to Word Converter O43 - CFD: 2015/07/19 10:59:12 - [] D -- C:\Users\MOMAIB\AppData\Roaming\FROM_Monitor O43 - CFD: 2014/06/30 01:44:05 - [] D -- C:\Users\MOMAIB\AppData\Roaming\GameRanger O43 - CFD: 2015/07/03 21:44:40 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Identities O43 - CFD: 2015/10/23 12:03:47 - [] D -- C:\Users\MOMAIB\AppData\Roaming\IDM O43 - CFD: 2014/12/19 16:07:04 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Image-Line O43 - CFD: 2015/08/02 03:09:25 - [] D -- C:\Users\MOMAIB\AppData\Roaming\InstallShield O43 - CFD: 2015/08/16 10:25:29 - [0] D -- C:\Users\MOMAIB\AppData\Roaming\LG Electronics O43 - CFD: 2015/05/28 00:08:51 - [] D -- C:\Users\MOMAIB\AppData\Roaming\LolClient O43 - CFD: 2014/06/20 03:40:50 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Macromedia O43 - CFD: 2011/04/12 03:24:18 - [0] D -- C:\Users\MOMAIB\AppData\Roaming\Media Center Programs O43 - CFD: 2015/08/02 03:58:17 - [] SD -- C:\Users\MOMAIB\AppData\Roaming\Microsoft O43 - CFD: 2014/06/20 02:50:16 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Mozilla O43 - CFD: 2015/02/13 02:57:49 - [] D -- C:\Users\MOMAIB\AppData\Roaming\MPC-HC O43 - CFD: 2014/12/14 16:26:20 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Nokia O43 - CFD: 2014/11/07 17:38:03 - [] D -- C:\Users\MOMAIB\AppData\Roaming\NVIDIA O43 - CFD: 2015/01/17 11:43:12 - [0] D -- C:\Users\MOMAIB\AppData\Roaming\Opera Software O43 - CFD: 2014/06/20 12:16:48 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Origin O43 - CFD: 2014/12/14 16:22:08 - [] D -- C:\Users\MOMAIB\AppData\Roaming\PC Suite O43 - CFD: 2014/08/20 17:48:13 - [] D -- C:\Users\MOMAIB\AppData\Roaming\PFStaticIP O43 - CFD: 2014/10/27 03:16:59 - [] D -- C:\Users\MOMAIB\AppData\Roaming\PhotoFiltre O43 - CFD: 2015/07/03 21:45:27 - [] D -- C:\Users\MOMAIB\AppData\Roaming\PhotoFiltre Studio X O43 - CFD: 2014/08/08 15:50:38 - [] D -- C:\Users\MOMAIB\AppData\Roaming\PortForward.com O43 - CFD: 2015/08/15 22:15:07 - [] D -- C:\Users\MOMAIB\AppData\Roaming\ppslog O43 - CFD: 2015/10/13 02:43:44 - [] D -- C:\Users\MOMAIB\AppData\Roaming\QSocial O43 - CFD: 2014/06/20 02:50:34 - [0] D -- C:\Users\MOMAIB\AppData\Roaming\QuickScan O43 - CFD: 2015/01/15 13:38:57 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Research In Motion O43 - CFD: 2015/05/09 20:03:50 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Riot Games O43 - CFD: 2015/09/16 15:13:28 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Skype O43 - CFD: 2015/01/14 14:19:55 - [] D -- C:\Users\MOMAIB\AppData\Roaming\sparta111 O43 - CFD: 2014/09/22 17:16:28 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Syntrillium O43 - CFD: 2015/06/05 10:16:02 - [] D -- C:\Users\MOMAIB\AppData\Roaming\TeamViewer O43 - CFD: 2014/07/11 00:51:37 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Thinstall O43 - CFD: 2015/06/05 10:15:59 - [] D -- C:\Users\MOMAIB\AppData\Roaming\TS3Client O43 - CFD: 2014/09/30 11:51:02 - [0] D -- C:\Users\MOMAIB\AppData\Roaming\TuneUp Software O43 - CFD: 2014/07/02 19:40:16 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Ubisoft O43 - CFD: 2014/08/01 20:39:59 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Unity O43 - CFD: 2015/10/24 12:44:42 - [] D -- C:\Users\MOMAIB\AppData\Roaming\uTorrent O43 - CFD: 2015/10/22 23:27:31 - [] D -- C:\Users\MOMAIB\AppData\Roaming\vlc O43 - CFD: 2015/05/30 11:26:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\VMware O43 - CFD: 2014/06/20 03:34:59 - [] D -- C:\Users\MOMAIB\AppData\Roaming\WinRAR O43 - CFD: 2015/05/22 01:54:02 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Wise Auto Shutdown O43 - CFD: 2015/10/24 07:03:00 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Wise Care 365 O43 - CFD: 2015/06/27 14:05:06 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Wise System Monitor O43 - CFD: 2015/10/24 14:18:39 - [] D -- C:\Users\MOMAIB\AppData\Roaming\ZHP O43 - CFD: 2014/08/02 04:50:32 - [] D -- C:\Users\MOMAIB\AppData\Local\24762 O43 - CFD: 2014/12/11 21:39:22 - [] D -- C:\Users\MOMAIB\AppData\Local\24811 O43 - CFD: 2015/08/13 18:48:24 - [] D -- C:\Users\MOMAIB\AppData\Local\7B1E190E-EDBC-4D24-9A95-BDCACDAF136B O43 - CFD: 2015/07/14 17:12:20 - [] D -- C:\Users\MOMAIB\AppData\Local\Adobe O43 - CFD: 2014/12/30 08:57:43 - [] D -- C:\Users\MOMAIB\AppData\Local\Ahead O43 - CFD: 2015/03/10 20:32:28 - [] D -- C:\Users\MOMAIB\AppData\Local\Apple O43 - CFD: 2015/03/10 20:34:49 - [] D -- C:\Users\MOMAIB\AppData\Local\Apple Computer O43 - CFD: 2015/07/31 13:18:28 - [0] SHD -- C:\Users\MOMAIB\AppData\Local\Application Data O43 - CFD: 2015/01/11 13:24:48 - [] D -- C:\Users\MOMAIB\AppData\Local\Apps O43 - CFD: 2014/07/27 08:41:03 - [] D -- C:\Users\MOMAIB\AppData\Local\AVG O43 - CFD: 2015/01/07 12:40:14 - [] D -- C:\Users\MOMAIB\AppData\Local\Bluestacks O43 - CFD: 2015/07/22 10:50:14 - [] D -- C:\Users\MOMAIB\AppData\Local\CEF O43 - CFD: 2014/10/09 17:00:43 - [] D -- C:\Users\MOMAIB\AppData\Local\Chromium O43 - CFD: 2015/07/31 14:25:15 - [] D -- C:\Users\MOMAIB\AppData\Local\Comms O43 - CFD: 2015/08/16 11:29:11 - [0] D -- C:\Users\MOMAIB\AppData\Local\CrashDumps O43 - CFD: 2015/09/08 07:31:24 - [0] D -- C:\Users\MOMAIB\AppData\Local\Diagnostics O43 - CFD: 2015/02/13 02:06:02 - [] D -- C:\Users\MOMAIB\AppData\Local\Downloaded Installations O43 - CFD: 2015/10/05 02:27:38 - [] D -- C:\Users\MOMAIB\AppData\Local\EAD7DE58-1439489549-11DD-BBDA-8112680F0024 O43 - CFD: 2014/12/15 00:23:14 - [] SHD -- C:\Users\MOMAIB\AppData\Local\EmieBrowserModeList O43 - CFD: 2015/10/09 16:53:00 - [0] SHD -- C:\Users\MOMAIB\AppData\Local\EmieSiteList O43 - CFD: 2015/10/09 16:53:00 - [0] SHD -- C:\Users\MOMAIB\AppData\Local\EmieUserList O43 - CFD: 2014/06/20 14:38:16 - [] D -- C:\Users\MOMAIB\AppData\Local\ESN O43 - CFD: 2015/08/30 23:42:21 - [] D -- C:\Users\MOMAIB\AppData\Local\Free_Picture_Solutions O43 - CFD: 2015/09/16 12:52:47 - [] D -- C:\Users\MOMAIB\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate O43 - CFD: 2015/08/01 19:10:13 - [] D -- C:\Users\MOMAIB\AppData\Local\Google O43 - CFD: 2015/06/01 23:31:01 - [] D -- C:\Users\MOMAIB\AppData\Local\GWX O43 - CFD: 2015/07/31 13:18:28 - [0] SHD -- C:\Users\MOMAIB\AppData\Local\History O43 - CFD: 2015/08/16 10:25:29 - [0] D -- C:\Users\MOMAIB\AppData\Local\LG Electronics O43 - CFD: 2014/06/20 03:40:50 - [] D -- C:\Users\MOMAIB\AppData\Local\Macromedia O43 - CFD: 2014/07/11 16:59:43 - [] D -- C:\Users\MOMAIB\AppData\Local\Mega Limited O43 - CFD: 2015/08/08 21:10:31 - [] D -- C:\Users\MOMAIB\AppData\Local\MEGAsync O43 - CFD: 2015/09/30 14:27:49 - [] D -- C:\Users\MOMAIB\AppData\Local\Microsoft O43 - CFD: 2014/07/17 04:50:04 - [] D -- C:\Users\MOMAIB\AppData\Local\Microsoft Games O43 - CFD: 2015/06/02 20:35:24 - [] D -- C:\Users\MOMAIB\AppData\Local\Microsoft Help O43 - CFD: 2015/07/31 13:46:04 - [] D -- C:\Users\MOMAIB\AppData\Local\MicrosoftEdge O43 - CFD: 2015/02/18 12:46:46 - [] D -- C:\Users\MOMAIB\AppData\Local\Mozilla O43 - CFD: 2015/01/05 08:18:27 - [] D -- C:\Users\MOMAIB\AppData\Local\Nokia O43 - CFD: 2015/01/07 11:58:24 - [] D -- C:\Users\MOMAIB\AppData\Local\NokiaAccount O43 - CFD: 2015/01/17 11:43:12 - [0] D -- C:\Users\MOMAIB\AppData\Local\Opera Software O43 - CFD: 2015/10/13 19:26:38 - [] D -- C:\Users\MOMAIB\AppData\Local\Packages O43 - CFD: 2015/08/01 19:05:57 - [0] D -- C:\Users\MOMAIB\AppData\Local\PeerDistRepub O43 - CFD: 2014/06/20 04:28:48 - [] D -- C:\Users\MOMAIB\AppData\Local\Programs O43 - CFD: 2015/07/31 13:41:51 - [] D -- C:\Users\MOMAIB\AppData\Local\Publishers O43 - CFD: 2014/06/20 14:39:23 - [] D -- C:\Users\MOMAIB\AppData\Local\PunkBuster O43 - CFD: 2015/01/15 13:32:27 - [] D -- C:\Users\MOMAIB\AppData\Local\Research In Motion O43 - CFD: 2014/06/20 03:41:16 - [] D -- C:\Users\MOMAIB\AppData\Local\Skype O43 - CFD: 2015/01/17 11:47:41 - [0] D -- C:\Users\MOMAIB\AppData\Local\Sparta O43 - CFD: 2014/07/11 16:44:39 - [] D -- C:\Users\MOMAIB\AppData\Local\Spoon O43 - CFD: 2015/02/13 02:08:22 - [] D -- C:\Users\MOMAIB\AppData\Local\SRS Labs O43 - CFD: 2015/08/15 22:44:09 - [] D -- C:\Users\MOMAIB\AppData\Local\SysassistByHotWheel =>PUP.Optional.Generic O43 - CFD: 2015/10/24 14:19:14 - [] D -- C:\Users\MOMAIB\AppData\Local\Temp O43 - CFD: 2015/07/31 13:18:28 - [0] SHD -- C:\Users\MOMAIB\AppData\Local\Temporary Internet Files O43 - CFD: 2014/06/20 02:43:10 - [] D -- C:\Users\MOMAIB\AppData\Local\Thinstall O43 - CFD: 2015/07/31 13:39:33 - [] D -- C:\Users\MOMAIB\AppData\Local\TileDataLayer O43 - CFD: 2014/09/30 11:51:02 - [0] D -- C:\Users\MOMAIB\AppData\Local\TuneUp Software O43 - CFD: 2015/06/03 17:15:42 - [] D -- C:\Users\MOMAIB\AppData\Local\Unity O43 - CFD: 2014/09/27 22:51:13 - [] D -- C:\Users\MOMAIB\AppData\Local\VirtualStore O43 - CFD: 2015/05/30 11:24:37 - [] D -- C:\Users\MOMAIB\AppData\Local\VMware O43 - CFD: 2015/08/16 12:17:03 - [] D -- C:\Users\MOMAIB\AppData\Local\W3CLogging O43 - CFD: 2015/10/23 22:23:22 - [] D -- C:\Users\MOMAIB\AppData\Local\Windows Live O43 - CFD: 2014/06/26 16:40:41 - [] D -- C:\Users\MOMAIB\AppData\Local\Xenocode O43 - CFD: 2015/07/10 09:28:25 - [] RD -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 2015/08/16 12:17:15 - [] RD -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2015/09/26 15:32:30 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media O43 - CFD: 2015/08/28 13:30:50 - [] RD -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/09/18 15:15:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 O43 - CFD: 2015/07/31 13:27:23 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike O43 - CFD: 2015/09/26 03:26:09 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EyeLeo O43 - CFD: 2015/07/31 13:27:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory O43 - CFD: 2015/07/31 13:27:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 2015/10/09 16:37:50 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 2015/07/31 13:27:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life O43 - CFD: 2015/07/31 13:27:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hitman Codename 47 O43 - CFD: 2015/07/31 13:19:16 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS O43 - CFD: 2015/09/18 15:13:29 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line O43 - CFD: 2015/07/31 13:27:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 2015/07/10 09:28:25 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/07/31 13:27:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync O43 - CFD: 2015/09/26 03:26:09 - [] RD -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 2015/07/10 09:28:25 - [] RD -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 2015/08/02 02:57:43 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z O43 - CFD: 2015/07/31 13:27:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker O43 - CFD: 2015/07/10 09:28:32 - [] RSD -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell O43 - CFD: 2015/07/31 13:27:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 2015/07/31 13:27:24 - [] D -- C:\Users\MOMAIB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YU-GI-OH ! STAREDITION 2010 ---\\ Latest files created in Prefetcher (1) - 13s O45 - LFCP:[MD5.D92D21A2816C4DB3A51DF30FE2D87E01] 2015/10/24 07:03:22 A -- C:\WINDOWS\Prefetch\RVLKL.EXE-4346CD87.pf =>PUP.Optional.RelevantKnowledge ---\\ ShellIconOverlayIdentifiers (SIOI) (17) - 0s O106 - SIOI: IDM Shell Extension [ IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D}. (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\Internet Download Manager\IDMShellExt.dll © O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll © O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll © O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll © O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll © O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll © O106 - SIOI: UpToDateOverlayHandler Class [ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll © O106 - SIOI: SyncingOverlayHandler Class [ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll © O106 - SIOI: ErrorOverlayHandler Class [ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\MOMAIB\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll © O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL © O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL © O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL © O106 - SIOI: ###MegaShellExtPending [###MegaShellExtPending] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C}. (...) -- C:\Users\MOMAIB\AppData\Local\MEGAsync\ShellExtX32.dll O106 - SIOI: ###MegaShellExtSynced [###MegaShellExtSynced] - {05B38830-F4E9-4329-978B-1DD28605D202}. (...) -- C:\Users\MOMAIB\AppData\Local\MEGAsync\ShellExtX32.dll O106 - SIOI: ###MegaShellExtSyncing [###MegaShellExtSyncing] - {0596C850-7BDD-4C9D-AFDF-873BE6890637}. (...) -- C:\Users\MOMAIB\AppData\Local\MEGAsync\ShellExtX32.dll O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll © O106 - SIOI: [Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81}. (.Microsoft Corporation - Client Side Caching UI.) -- C:\Windows\System32\cscui.dll © ---\\ ShareTools MSconfig StartupReg (26) - 1s O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe © O53 - SMSR:HKLM\...\startupreg\BlueStacks Agent [Key] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe © O53 - SMSR:HKLM\...\startupreg\CCleaner Monitoring [Key] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © O53 - SMSR:HKLM\...\startupreg\DAEMON Tools Lite [Key] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe © O53 - SMSR:HKLM\...\startupreg\EADM [Key] . (...) -- C:\Program Files\Origin\Origin.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\eRclient [Key] . (...) -- C:\Users\MOMAIB\AppData\Roaming\eRclient\eRclient.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (...) -- C:\Windows\system32\hkcmd.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe © O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (...) -- C:\Windows\system32\igfxtray.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\InstallerLauncher [Key] . (...) -- C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\IP Hider Pro [Key] . (...) -- C:\Program Files\IP Hider Pro\IPHiderPro.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe © O53 - SMSR:HKLM\...\startupreg\MSC [Key] . (...) -- C:\Program Files\Microsoft Security Client\msseces.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (...) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Overwolf [Key] . (...) -- C:\Program Files\Overwolf\Overwolf.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (...) -- C:\Windows\system32\igfxpers.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Premium Sound Software for HP Thin USB Powered Speakers [Key] . (...) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSound_HPSm.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Qsocial [Key] . (...) -- C:\Program Files\QSocial\QSocial.exe O53 - SMSR:HKLM\...\startupreg\RIMBBLaunchAgent.exe [Key] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe © O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe © O53 - SMSR:HKLM\...\startupreg\Software Informer [Key] . (...) -- C:\Program Files\Software Informer\softinfo.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\SoundMAXPnP [Key] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe © O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe © O53 - SMSR:HKLM\...\startupreg\UnlockerAssistant [Key] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe O53 - SMSR:HKLM\...\startupreg\VMware Netlink 3 HV Install Utility [Key] . (...) -- C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Voobly [Key] . (.Voobly - Voobly.) -- C:\Program Files\Voobly\voobly.exe © ---\\ System Drivers List (67) - 6s O58 - SDL:2014/12/16 06:41:40 A . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\System32\drivers\2F5D0550.sys [114904] © O58 - SDL:2015/07/10 09:24:22 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [85856] © O58 - SDL:2009/05/18 14:32:58 A . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys [381440] © O58 - SDL:2015/07/10 09:24:22 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1038176] © O58 - SDL:2015/07/10 09:24:22 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [75104] © O58 - SDL:2015/07/10 09:24:22 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [215392] © O58 - SDL:2015/07/10 09:24:22 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [22880] © O58 - SDL:2015/07/10 09:24:22 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [116576] © O58 - SDL:2012/11/08 12:41:32 A . (.ASMedia Technology Inc - ASMedia USB3 Hub Driver.) -- C:\WINDOWS\System32\drivers\asmthub3.sys [110920] © O58 - SDL:2012/11/08 12:41:32 A . (.ASMedia Technology Inc - ASMEDIA XHCI Host Controller Driver.) -- C:\WINDOWS\System32\drivers\asmtxhci.sys [333128] © O58 - SDL:2015/07/10 09:24:22 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [16088] © O58 - SDL:2012/03/08 10:09:40 A . (.Broadcom Corporation - Broadcom NetXtreme II Diagnostic Driver.) -- C:\WINDOWS\System32\drivers\bxdiagx.sys [75816] © O58 - SDL:2012/02/22 17:05:54 A . (.Broadcom Corporation - FCoE offload x86 FREE.) -- C:\WINDOWS\System32\drivers\bxfcoe.sys [150568] © O58 - SDL:2012/02/22 17:33:32 A . (.Broadcom Corporation - iSCSI offload x86 FREE.) -- C:\WINDOWS\System32\drivers\bxois.sys [435240] © O58 - SDL:2014/07/06 21:03:08 A . (.Disc Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128] © O58 - SDL:2015/07/10 09:24:19 A . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) -- C:\WINDOWS\System32\drivers\e1i6332.sys [397336] © O58 - SDL:2012/07/24 20:58:00 A . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\WINDOWS\System32\drivers\EtronHub3.sys [65152] © O58 - SDL:2012/07/24 20:58:00 A . (.Etron Technology Inc - Etron Enhance USB Mass Storage Driver..) -- C:\WINDOWS\System32\drivers\EtronSTOR.sys [32512] © O58 - SDL:2012/07/24 20:58:00 A . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\WINDOWS\System32\drivers\EtronXHCI.sys [88832] © O58 - SDL:2007/08/09 05:06:40 A . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys [23424] © O58 - SDL:2009/10/12 16:22:56 A . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\WINDOWS\System32\drivers\ewusbdev.sys [101120] © O58 - SDL:2009/12/07 20:53:18 A . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys [103168] © O58 - SDL:2009/12/07 20:36:48 A . (.Huawei Technologies Co., Ltd. - USB NDIS Miniport Driver.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys [201168] © O58 - SDL:2012/10/03 17:14:58 A . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [26840] © O58 - SDL:2009/06/24 05:28:12 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\HECI.sys [40832] © O58 - SDL:2015/08/18 13:20:45 A . (.© 2014 SurfRight B.V. - HitmanPro 3.7 Support Driver.) -- C:\WINDOWS\System32\drivers\hitmanpro37.sys [35992] © O58 - SDL:2015/07/10 09:24:22 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [56672] © O58 - SDL:2015/07/10 09:24:22 A . (.Intel Corporation - Intel(R) Atom(TM) Processor GPIO Controller.) -- C:\WINDOWS\System32\drivers\iaiogpio.sys [22016] © O58 - SDL:2015/07/10 09:24:22 A . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller.) -- C:\WINDOWS\System32\drivers\iaioi2c.sys [61936] © O58 - SDL:2015/07/10 09:24:22 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [524640] © O58 - SDL:2015/07/10 09:24:22 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [333664] © O58 - SDL:2015/06/12 03:00:58 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\WINDOWS\System32\drivers\idmwfp.sys [123968] © O58 - SDL:2012/03/23 19:09:38 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\WINDOWS\System32\drivers\igdkmd32.sys [9036288] © O58 - SDL:2012/12/21 06:44:10 A . (.Intel Corporation - Intel(R) USB 3.0 Hub Driver.) -- C:\WINDOWS\System32\drivers\iusb3hub.sys [359560] © O58 - SDL:2012/12/21 06:44:10 A . (.Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller.) -- C:\WINDOWS\System32\drivers\iusb3xhc.sys [792712] © O58 - SDL:2015/07/10 09:24:22 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [94048] © O58 - SDL:2015/07/10 09:24:22 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [88928] © O58 - SDL:2015/07/10 09:24:22 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [83296] © O58 - SDL:2015/07/10 09:24:22 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [69472] © O58 - SDL:2015/06/18 08:41:36 A . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [23256] © O58 - SDL:2015/06/18 08:41:42 A . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [94936] © O58 - SDL:2015/08/16 14:02:33 A . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [98520] © O58 - SDL:2015/07/10 09:24:23 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [52064] © O58 - SDL:2015/07/10 09:24:23 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [464736] © O58 - SDL:2015/07/10 09:24:23 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [58208] © O58 - SDL:2015/06/18 08:41:58 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\WINDOWS\System32\drivers\mwac.sys [51928] © O58 - SDL:2010/06/25 18:07:14 A . (.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) -- C:\WINDOWS\System32\drivers\npf.sys [35088] © O58 - SDL:2011/10/25 18:57:14 A . (.Renesas Electronics Corporation - USB 3.0 Hub Driver.) -- C:\WINDOWS\System32\drivers\nusb3hub.sys [73984] © O58 - SDL:2011/10/25 18:57:14 A . (.Renesas Electronics Corporation - USB 3.0 Host Controller Driver.) -- C:\WINDOWS\System32\drivers\nusb3xhc.sys [165120] © O58 - SDL:2015/07/10 09:24:23 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [119136] © O58 - SDL:2015/07/10 09:24:23 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [142176] © O58 - SDL:2012/10/17 15:53:46 A . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [19072] © O58 - SDL:2015/07/10 09:24:23 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [51040] © O58 - SDL:2015/07/10 09:24:23 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [51552] © O58 - SDL:2012/12/10 16:48:12 A . (.Research in Motion Ltd - RIM Virtual Serial Driver.) -- C:\WINDOWS\System32\drivers\RimSerial.sys [35840] © O58 - SDL:2015/07/23 02:08:28 A . (.Power Software Ltd - PowerISO Virtual Drive.) -- C:\WINDOWS\System32\drivers\scdemu.sys [114304] © O58 - SDL:2015/07/10 09:24:23 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [41312] © O58 - SDL:2015/07/10 09:24:23 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [79200] © O58 - SDL:2009/11/10 16:28:44 A . (.Copyright (C) 2008 SRS Labs, Inc. - SRS Premium Sound driver.) -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys [246000] O58 - SDL:2014/01/22 09:52:12 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ve.) -- C:\WINDOWS\System32\drivers\ssudbus.sys [88576] © O58 - SDL:2014/01/22 09:52:12 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ve.) -- C:\WINDOWS\System32\drivers\ssudmdm.sys [184192] © O58 - SDL:2014/01/22 09:52:12 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (M.) -- C:\WINDOWS\System32\drivers\ssudserd.sys [184192] © O58 - SDL:2015/07/10 09:24:23 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [26976] © O58 - SDL:2015/07/10 09:24:28 A . (...) -- C:\WINDOWS\System32\drivers\Udecx.sys [31744] O58 - SDL:2015/07/10 09:24:23 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [149856] © O58 - SDL:2015/07/10 09:24:23 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [276832] © O58 - SDL:2012/02/22 15:27:02 A . (.Bigfoot Networks, Inc. - Bigfoot Networks Killer(TM) PCI-E Gaming Ad.) -- C:\WINDOWS\System32\drivers\Xeno7x86.sys [130152] © ---\\ Last modified or created user files (3) - 33s O61 - LFC: 2015/10/24 05:15:11 A . (..) -- C:\Users\MOMAIB\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin [8192] O61 - LFC: 2015/10/19 13:50:31 A . (..) -- C:\Users\MOMAIB\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\UrlBlock\urlblock_635808516723895165.bin [13916] O61 - LFC: 2015/10/24 12:14:13 A . (..) -- C:\Users\MOMAIB\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [674082] ---\\ File Associations Shell Spawning (9) - 0s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe © O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe © O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe © O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe © O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S ---\\ Start Menu Internet (12) - 0s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe © O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe © ---\\ Search Browser Infection (14) - 12s O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("browser.startup.homepage", "http://www.oursurfing.com/?type=hp&ts=1442404064&z=5ab86231e1e7cedefb5b239g5z1zdo1z1e5z0eeq[...] =>PUP.Optional.OurSurfing O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledUrls.expiration",[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledUrls.value", "%7B[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledWithHash.expirati[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledWithHash.value", [...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_notBundledArr_.expiratio[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_notBundledArr_.value", "[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_regBundledWithSoftware.e[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_regBundledWithSoftware.v[...] =>PUP.Optional.Monetization O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.name", "SavePass v2.2"); =>PUP.Optional.CrossRider O69 - SBI: prefs.js [MOMAIB - 3aitiz03.default-1426450933850] user_pref("extensions.crossrider.bic", "14fd6045810ade1931296d0068bf5f97"); =>PUP.Optional.CrossRider O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ ---\\ Search Svchost Services (42) - 1s O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [161792] © O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [161792] © O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [218112] © O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [1195520] © O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [737792] © O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [838656] © O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll [25088] © O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [75776] © O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [116224] © O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [87040] © O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [822272] © O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [183808] © O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [105984] © O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [243712] © O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [312320] © O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [68096] © O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\Windows\System32\wlidsvc.dll [1543680] © O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\Windows\System32\NetSetupSvc.dll [129024] © O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\Windows\System32\NcaSvc.dll [143360] © O83 - Search Svchost Services: DcpSvc (DcpSvc) . (.Microsoft Corporation - dcpsvc Task.) -- C:\Windows\System32\dcpsvc.dll [152064] © O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\Windows\System32\DeviceSetupManager.dll [185344] © O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [44544] © O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\Windows\System32\usermgr.dll [549376] © O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\Windows\System32\dmwappushsvc.dll [53760] © O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\Windows\System32\XboxNetApiSvc.dll [807936] © O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\Windows\System32\usocore.dll [236032] © O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\Windows\System32\lfsvc.dll [22528] © O83 - Search Svchost Services: RetailDemo (RetailDemo) . (.Microsoft Corporation - RDXService.) -- C:\Windows\System32\RDXService.dll [733184] © O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [307200] © O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\Windows\System32\Windows.Internal.Management.dll [193024] © O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\Windows\System32\XblAuthManager.dll [520192] © O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [93184] © O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [587264] © O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [410112] © O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [57344] © O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [392704] © O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [254976] © O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1829376] © O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [802816] © O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [544768] © O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\Windows\System32\XblGameSave.dll [733696] © O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [165376] © ---\\ Firewall Active Exception List (12) - 3s O87 - FAEL: "UDP Query User{103DB17D-ED61-4C9A-B0D7-2A86038C31CA}C:\program files\yu-gi-oh ! staredition 2010\yu-gi-oh!\joey the passion\joey_pc.exe" [In-None-P17-TRUE] .(...) -- C:\program files\yu-gi-oh ! staredition 2010\yu-gi-oh!\joey the passion\joey_pc.exe O87 - FAEL: "TCP Query User{95A932C2-FA8D-4E0A-953F-E646DAA8D1F1}C:\program files\yu-gi-oh ! staredition 2010\yu-gi-oh!\joey the passion\joey_pc.exe" [In-None-P6-TRUE] .(...) -- C:\program files\yu-gi-oh ! staredition 2010\yu-gi-oh!\joey the passion\joey_pc.exe O87 - FAEL: "UDP Query User{0573B8E1-84D9-4A7B-A7DE-06A6283DEE29}C:\users\momaib\appdata\local\apps\2.0\rxtpro93.1xq\6p0t6beb.glx\rebt..tion_59eb1b2cffdb6323_0002.0005_4441f936d900cc2b\rebtelphone.exe" [In-None-P17-TRUE] .(.Rebtel Networks AB - RebtelPhone.) -- C:\users\momaib\appdata\local\apps\2.0\rxtpro93.1xq\6p0t6beb.glx\rebt..tion_59eb1b2cffdb6323_0002.0005_4441f936d900cc2b\rebtelphone.exe O87 - FAEL: "TCP Query User{E1E89CA3-7676-4409-90CB-A73ADEC9E635}C:\users\momaib\appdata\local\apps\2.0\rxtpro93.1xq\6p0t6beb.glx\rebt..tion_59eb1b2cffdb6323_0002.0005_4441f936d900cc2b\rebtelphone.exe" [In-None-P6-TRUE] .(.Rebtel Networks AB - RebtelPhone.) -- C:\users\momaib\appdata\local\apps\2.0\rxtpro93.1xq\6p0t6beb.glx\rebt..tion_59eb1b2cffdb6323_0002.0005_4441f936d900cc2b\rebtelphone.exe O87 - FAEL: "{C1B335DA-5395-4681-BA33-05C9D93036D0}" [In-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\MOMAIB\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{BDAED6ED-0965-40AB-AB65-DF30AA65FEBC}" [In-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\MOMAIB\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{4269A74A-29B2-4AD3-BAE7-2AE2860D6127}" [In-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\MOMAIB\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{93306D2D-C340-450C-A9B3-F178751F518E}" [In-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\MOMAIB\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "TCP Query User{1D61A832-E1CF-4978-B189-406819FD0DD7}C:\users\momaib\appdata\roaming\acestream\engine\ace_engine.exe" [In-None-P6-TRUE] .(...) -- C:\users\momaib\appdata\roaming\acestream\engine\ace_engine.exe O87 - FAEL: "UDP Query User{E01FCAB6-9676-4142-8A22-ECDA324EE908}C:\users\momaib\appdata\roaming\acestream\engine\ace_engine.exe" [In-None-P17-TRUE] .(...) -- C:\users\momaib\appdata\roaming\acestream\engine\ace_engine.exe O87 - FAEL: "TCP Query User{CC3316F4-3DA1-46B3-BC25-2AE1F6D4D8B2}C:\users\momaib\appdata\roaming\acestream\engine\ace_engine.exe" [In-None-P6-TRUE] .(...) -- C:\users\momaib\appdata\roaming\acestream\engine\ace_engine.exe O87 - FAEL: "UDP Query User{19520800-C378-4008-909C-8E82982706D1}C:\users\momaib\appdata\roaming\acestream\engine\ace_engine.exe" [In-None-P17-TRUE] .(...) -- C:\users\momaib\appdata\roaming\acestream\engine\ace_engine.exe ---\\ Services not Microsoft (SR=Run, SS=Stop) (24) - 30s SR - Auto [2015/09/14 09:25:38] [ 82128] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe © SS - Demand [2015/10/17 15:14:13] [ 269000] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe © SR - Auto [2008/07/15 14:09:52] [ 90112] @oem131.inf,%AEADISRV.SvcDesc%;Andrea ADI Filters Service (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.EXE © SR - Auto [2011/07/28 18:35:44] [ 262144] Arp Intelligent Protection Service (AIPS) . (.Arcai.com.) - C:\Program Files\netcut\services\aips.exe © SR - Auto [2015/05/29 18:51:26] [ 60744] Apple Mobile Device (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe © SS - Demand [2013/01/18 18:10:18] [ 577536] Blackberry Device Manager (Blackberry Device Manager) . (.Research In Motion Limited.) - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe © SR - Auto [2011/08/31 00:05:02] [ 390504] Bonjour Service (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe © SS - Auto [2014/12/12 14:29:12] [ 409304] BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-Service.exe © SR - Auto [2014/12/12 14:29:42] [ 388824] BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe © SR - Auto [2014/12/12 14:31:34] [ 786136] BlueStacks Updater Service (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-UpdaterService.exe © SS - Demand [2014/06/20 20:58:49] [ 654848] FLEXnet Licensing Service (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe © SS - Auto [2015/02/03 03:07:25] [ 107912] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe © SS - Demand [2015/02/03 03:07:25] [ 107912] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe © SR - Demand [2015/08/13 02:43:28] [ 541968] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe © SS - Disabled [2015/06/18 08:39:46] [ 1871160] (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe © SS - Auto [2015/06/18 08:39:50] [ 1133880] (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe © SS - Demand [2015/08/09 17:01:40] [ 148136] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe © SR - Auto [2015/08/17 12:42:57] [ 7548928] Qsocial Service (QsocialUpdater) . (...) - C:\Program Files\QSocial\QSocial_Updater.exe SS - Demand [2010/06/25 18:07:20] [ 117264] Remote Packet Capture Protocol v.0 (experimental) (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files\WinPcap\rpcapd.exe © SS - Demand [2013/04/18 12:06:42] [ 737616] ServiceLayer (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe © SS - Auto [2015/01/02 20:45:12] [ 315488] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe © SS - Auto [2015/08/06 11:40:58] [ 580144] Wise Boot Assistant (WiseBootAssistant) . (.WiseCleaner.com.) - C:\Program Files\Wise\Wise Care 365\BootTime.exe © SS - Demand [2015/05/07 18:03:40] [ 13264] WiseHDInfo (WiseHDInfo) . (.wisecleaner.com.) - C:\Windows\WiseHDInfo32.dll © ---\\ Additional Scan (O88) (42) - 0s C:\ProgramData\rvlkl\rvlkl.exe =>PUP.Optional.RelevantKnowledge C:\Users\MOMAIB\AppData\Roaming\Mozilla\Firefox\Profiles\3aitiz03.default-1426450933850\searchplugins\findit.xml =>PUP.Optional.SmartBar C:\Program Files\Mozilla Firefox\browser\searchplugins\findit.xml =>PUP.Optional.SmartBar C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo HKLM\SOFTWARE\0968be64-279e-4848-8623-30fa42e5f57b =>PUP.Optional.CrossRider HKLM\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKLM\SOFTWARE\GoHD =>PUP.Optional.CrossRider HKLM\SOFTWARE\GoHD-nv =>PUP.Optional.CrossRider HKLM\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKLM\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions HKLM\SOFTWARE\oursurfingSoftware =>PUP.Optional.OurSurfing HKLM\SOFTWARE\SavePass 1.1-nv-edge =>PUP.Optional.CrossRider HKLM\SOFTWARE\searchult =>PUP.Optional.Generic HKLM\SOFTWARE\Ski Search =>PUP.Optional.SkiSearch HKLM\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\ArenaHD =>PUP.Optional.CrossRider HKCU\SOFTWARE\CinemaP-1.9cV16.09-nv-ie =>PUP.Optional.CrossRider HKCU\SOFTWARE\Crossbrowse =>PUP.Optional.CrossBrowse HKCU\SOFTWARE\globalUpdate =>PUP.Optional.GlobalUpdate HKCU\SOFTWARE\GoHD =>PUP.Optional.CrossRider HKCU\SOFTWARE\GoHD-nv =>PUP.Optional.CrossRider HKCU\SOFTWARE\HighDefAction =>PUP.Optional.CrossRider HKCU\SOFTWARE\InstalledBrowserExtensions =>PUP.Optional.BrowserExtensions HKCU\SOFTWARE\SavePass 1.1 =>PUP.Optional.CrossRider HKCU\SOFTWARE\SavePass 1.1-nv-edge =>PUP.Optional.CrossRider HKCU\SOFTWARE\Ski Search =>PUP.Optional.SkiSearch HKCU\SOFTWARE\YorkNewCin =>PUP.Optional.CrossRider HKCU\SOFTWARE\AppDataLow\Software\Crossrider =>PUP.Optional.CrossRider HKCU\SOFTWARE\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ =>PUP.Optional.CrossRider C:\Program Files\cce98bbb-5151-42aa-9461-de1d152a01b3 =>PUP.Optional.CrossRider C:\Program Files\fchk32 =>PUP.Optional.Amonetize C:\Program Files\globalUpdate =>PUP.Optional.GlobalUpdate C:\Program Files\GoHD =>PUP.Optional.CrossRider C:\Program Files\KMSpico =>HackTool.KMSpico C:\Program Files\Ski Search =>PUP.Optional.SkiSearch C:\ProgramData\ExtTag =>PUP.Optional.ExtTag C:\ProgramData\ExtTags =>PUP.Optional.ExtTag C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS C:\ProgramData\rvlkl =>PUP.Optional.RelevantKnowledge C:\Users\MOMAIB\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate C:\Users\MOMAIB\AppData\Local\SysassistByHotWheel =>PUP.Optional.Generic C:\WINDOWS\Prefetch\RVLKL.EXE-4346CD87.pf =>PUP.Optional.RelevantKnowledge ---\\ Summary of the elements found (15) - 0s http://www.nicolascoolman.fr/adware-relevantknowledge/ =>PUP.Optional.RelevantKnowledge http://www.nicolascoolman.fr/blog =>PUP.Optional.OurSurfing http://www.nicolascoolman.fr/hijacker-smartbar/ =>PUP.Optional.SmartBar http://www.nicolascoolman.fr/blog =>PUP.Optional.BDYahoo http://www.nicolascoolman.fr/pup-crossrider/ =>PUP.Optional.CrossRider http://www.nicolascoolman.fr/blog =>PUP.Optional.BrowserExtensions http://www.nicolascoolman.fr/blog =>PUP.Optional.Generic http://www.nicolascoolman.fr/pup-optional-skisearch/ =>PUP.Optional.SkiSearch http://www.nicolascoolman.fr/blog =>PUP.Optional.CrossBrowse http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate http://www.nicolascoolman.fr/pup-amonetize/ =>PUP.Optional.Amonetize http://www.nicolascoolman.fr/pup-kmspico/ =>HackTool.KMSpico http://www.nicolascoolman.fr/pup-optional-exttag =>PUP.Optional.ExtTag http://www.nicolascoolman.fr/trojan-autokms/ =>HackTool.AutoKMS http://www.nicolascoolman.fr/blog =>PUP.Optional.Monetization ~ End of the scan, 44831 items in 198 seconds (1303)(0)()