~ ZHPDiag v2016.3.26.75 By Nicolas Coolman (2016/03/26) ~ Run by ابداع (Administrator) (2016/03/28 13:07:57) ~ Web: http://www.nicolascoolman.com ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Users\ابداع\Desktop\ZHPDiag.txt ~ Report: C:\Users\ابداع\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Activate ~ System startup: Normal (Normal boot) Windows 7 Professional, 32-bit Service Pack 1 (Build 7601) ---\\ Internet Browsers (3) - 0s GCIE: Google Chrome v49.0.2623.108 MFIE: Mozilla Firefox 45.0.1 (x86 en-US) MSIE: Internet Explorer v8.0.7601.17514 ---\\ Windows Product Information (5) - 4s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK Key Management Service client information : KO Windows Automatic Updates : OK Windows Activation Technologies : KO ---\\ System protection software (3) - 1s COMODO Firewall v8.2.0.4792 ESET Smart Security v9.0.318.24 Malwarebytes Anti-Malware النسخة 2.2.0.1024 ---\\ System optimization software (1) - 2s CCleaner v5.13 ---\\ Surveillance software (2) - 2s Adobe Flash Player 17 PPAPI Adobe Acrobat Reader DC ---\\ Information on the system (6) - 0s ~ Operating System: x86 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) Total RAM: 3316.584 MB (17% free) System Restore: Activé (Enable) System drive C: has 15 GB () free of 89 GB =>Alerte espace disque inférieur à 20 Go ---\\ Connection to the system mode (3) - 0s ~ Computer Name: ALSAB7-PC ~ User Name: ابداع ~ Logged in as Administrator ---\\ Enumeration of the disk units (3) - 0s ~ Drive C: has 15 GB free of 89 GB (System) ~ Drive D: has 0 GB free of 0 GB ~ Drive E: has 166 GB free of 386 GB ---\\ State of the Windows Security Center (11) - 0s [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ---\\ Search Generic System Files (25) - 4s [MD5.40D777B7A95E00593EB1568C68514493] - 20/11/2010 - (.Microsoft Corporation - مستكشف Windows.) -- C:\Windows\Explorer.exe [2616320] =>.Microsoft Corporation [MD5.51138BEEA3E2C21EC44D0932C71762A8] - 14/07/2009 - (.Microsoft Corporation - عملية مضيف Windows (Rundll32)‎.) -- C:\Windows\System32\rundll32.exe [44544] =>.Microsoft Corporation [MD5.B5C5DCAD3899512020D135600129D665] - 14/07/2009 - (.Microsoft Corporation - ‎‎تطبيق بدء تشغيل Windows.) -- C:\Windows\System32\Wininit.exe [96256] =>.Microsoft Corporation [MD5.44214C94911C7CFB1D52CB64D5E8368D] - 20/11/2010 - (.Microsoft Corporation - ملحقات إنترنت لـ Win32.) -- C:\Windows\System32\wininet.dll [980992] =>.Microsoft Corporation [MD5.52449FD429D6053B78AE564DEF303870] - 17/07/2014 - (.Microsoft Corporation - تطبيق تسجيل دخول Windows.) -- C:\Windows\System32\Winlogon.exe [304128] =>.Microsoft Corporation [MD5.E3AE23569749DE12D45BA3B489A036AE] - 20/11/2010 - (.Microsoft Corporation - مكتبة تراخيص البرامج.) -- C:\Windows\System32\sppcomapi.dll [193536] =>.Microsoft Corporation [MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 03/03/2011 - (.Microsoft Corporation - مكتبة الارتباط الديناميكي لواجهة برمجة تطبي.) -- C:\Windows\System32\dnsapi.dll [270336] =>.Microsoft Corporation [MD5.129F80D7868E30DF3E3DE33A1D3132B4] - 20/11/2010 - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows m.) -- C:\Windows\System32\fr-FR\user32.dll.mui [20480] =>.Microsoft Corporation [MD5.93B49FA857F7036A4EFF32371F6E7391] - 13/10/2015 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [338944] =>.Microsoft Corporation [MD5.338C86357871C167A96AB976519BF59E] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [21584] =>.Microsoft Windows® [MD5.77EA11B065E0A8AB902D78145CA51E10] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [70656] =>.Microsoft Corporation [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - 20/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [108544] =>.Microsoft Corporation [MD5.F024449C97EC1E464AAFFDA18593DB88] - 20/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [78336] =>.Microsoft Corporation [MD5.9036377B8A6C15DC2EEC53E489D159B5] - 20/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [108544] =>.Microsoft Corporation [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - 14/07/2009 - (.Microsoft Corporation - برنامج تشغيل منفذ i8042.) -- C:\Windows\System32\drivers\i8042prt.sys [80896] =>.Microsoft Corporation [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [101888] =>.Microsoft Corporation [MD5.BA4369E0CA60B1674A66041C36E8754C] - 11/02/2016 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [124416] =>.Microsoft Corporation [MD5.280122DDCF04B378EDD1AD54D71C1E54] - 20/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [187904] =>.Microsoft Corporation [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - 12/04/2013 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1211752] =>.Microsoft Windows® [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - 14/07/2009 - (.Microsoft Corporation - برنامج تشغيل المنفذ المتوازي.) -- C:\Windows\System32\drivers\Parport.sys [79360] =>.Microsoft Corporation [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - 14/07/2009 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [78848] =>.Microsoft Corporation [MD5.B973FCFC50DC1434E1970A146F7E3885] - 20/11/2010 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [133632] =>.Microsoft Corporation [MD5.3E21C083B8A01CB70BA1F09303010FCE] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [71168] =>.Microsoft Corporation [MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - 13/10/2015 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [74752] =>.Microsoft Corporation [MD5.F497F67932C6FA693D7DE2780631CFE7] - 20/11/2010 - (.Microsoft Corporation - برنامج تشغيل خدمة ملفات الظل الاحتياطية لوح.) -- C:\Windows\System32\drivers\volsnap.sys [245632] =>.Microsoft Windows® ---\\ Non Microsoft non disabled Windows Services (33) - 11s O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated® O23 - Service: Bluetooth Device Monitor (Bluetooth Device Monitor) . (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - C:\Program Files\Intel\Bluetooth\devmonsrv.exe =>.Motorola Solutions Inc.® O23 - Service: Bluetooth Media Service (Bluetooth Media Service) . (.Motorola Solutions, Inc. - Bluetooth Media Service.) - C:\Program Files\Intel\Bluetooth\mediasrv.exe =>.Motorola Solutions Inc.® O23 - Service: Bluetooth OBEX Service (Bluetooth OBEX Service) . (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - C:\Program Files\Intel\Bluetooth\obexsrv.exe =>.Motorola Solutions Inc.® O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe =>.BlueStack Systems, Inc.® O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) . (.BlueStack Systems, Inc. - BlueStacks Updater Service.) - C:\Program Files\BlueStacks\HD-UpdaterService.exe =>.BlueStack Systems, Inc.® O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) . (.Comodo - Chromodo.) - C:\Program Files\Comodo\Chromodo\chromodo_updater.exe =>.Comodo Security Solutions® O23 - Service: COMODO LPS Launcher (CLPSLauncher) . (.Comodo Security Solutions, Inc. - livePCsupport Component.) - C:\Program Files\Common Files\COMODO\launcher_service.exe =>.Comodo Security Solutions® O23 - Service: COMODO Internet Security Helper Service (CmdAgent) . (.COMODO - COMODO Internet Security.) - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe =>.Comodo Security Solutions® O23 - Service: C:\Windows\system32\CxAudMsg32.exe,-100 (CxAudMsg) . (.Conexant Systems Inc. - Conexant Audio Message Service.) - C:\Windows\System32\CxAudMsg32.exe =>.Conexant Systems, Inc.® O23 - Service: DFServ (DFServ) . (.Faronics Corporation - Deep Freeze service.) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe O23 - Service: Droid4XService (Droid4XService) . (...) - C:\Program Files\Droid4X\Droid4XService.exe O23 - Service: ESET Service (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe =>.ESET, spol. s r.o.® O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) . (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe =>.Comodo Security Solutions, Inc. O23 - Service: خدمة Google Update (gupdate) (gupdate) . (.Google Inc. - مثبِّت Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc® O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\Windows\System32\igfxCUIService.exe =>.Intel Corporation® O23 - Service: KMService (KMService) . (...) - C:\Windows\System32\srvany.exe =>PUP.Optional.Office O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) . (.Malwarebytes Corporation - Malwarebytes Anti-Exploit Service.) - C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe =>.Malwarebytes Corporation® O23 - Service: (MBAMService) . (.Malwarebytes - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation® O23 - Service: NO-IP DUC v4.1.1 (NoIPDUCService4) . (.Copyright © 2012 - ducservice.) - C:\Program Files\No-IP\ducservice.exe O23 - Service: OpenVPN Agent (ovpnagent) . (...) - C:\Program Files\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe {0EBD24BDFBD4ADDDD2EDD27E8FB1953C} O23 - Service: RealPlayer Cloud Service (RealPlayer Cloud Service) . (.RealNetworks, Inc. - RealPlayer Cloud Service.) - C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe =>.RealNetworks, Inc.® O23 - Service: Conexant SmartAudio service (SAService) . (.Conexant Systems, Inc. - SmartAudio Service Application.) - C:\Windows\System32\SASrv.exe =>.Conexant Systems, Inc.® O23 - Service: Sandboxie Service (SbieSvc) . (.Sandboxie Holdings, LLC - Sandboxie Service.) - C:\Program Files\Sandboxie\SbieSvc.exe =>.Invincea, Inc.® O23 - Service: SoftEther VPN Client (SEVPNCLIENT) . (.SoftEther VPN Project at University of Tsukuba, Japan - SoftEther VPN.) - C:\Program Files\SoftEther VPN Client\vpnclient.exe {1121D141C3B78476420DAB37340E68978A6E} =>.SoftEther VPN Project at University of Tsukuba, Japan O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe =>.Skype Software Sarl® O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Baidu Browser\sparkservice.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O23 - Service: SynTPEnh Caller Service (SynTPEnhService) . (.Synaptics Incorporated - 32-bit Synaptics Pointing Enhance Service.) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe =>.Synaptics Incorporated® O23 - Service: TeamViewer 11 (TeamViewer) . (.TeamViewer GmbH - TeamViewer 11.) - C:\Program Files\TeamViewer\TeamViewer_Service.exe =>.TeamViewer® O23 - Service: VMware Authorization Service (VMAuthdService) . (.VMware, Inc. - VMware Authorization Service.) - C:\Program Files\VMware\VMware Player\vmware-authd.exe =>.VMware, Inc.® O23 - Service: VMware DHCP Service (VMnetDHCP) . (.VMware, Inc. - VMware VMnet DHCP service.) - C:\Windows\System32\vmnetdhcp.exe =>.VMware, Inc.® O23 - Service: VMware USB Arbitration Service (VMUSBArbService) . (.VMware, Inc. - VMware USB Arbitration Service.) - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe =>.VMware, Inc.® O23 - Service: VMware NAT Service (VMware NAT Service) . (.VMware, Inc. - VMware NAT Service.) - C:\Windows\System32\vmnat.exe =>.VMware, Inc.® ---\\ Services not Microsoft (SR=Run, SS=Stop) (42) - 72s SR - Auto [13/12/2015] [ 82128] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated® SS - Demand [24/12/2015] [ 269504] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated® SR - Auto [25/06/2013] [ 1132920] Bluetooth Device Monitor (Bluetooth Device Monitor) . (.Motorola Solutions, Inc..) - C:\Program Files\Intel\Bluetooth\devmonsrv.exe =>.Motorola Solutions Inc.® SR - Auto [23/04/2013] [ 1366392] Bluetooth Media Service (Bluetooth Media Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Intel\Bluetooth\mediasrv.exe =>.Motorola Solutions Inc.® SR - Auto [23/04/2013] [ 1153400] Bluetooth OBEX Service (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Intel\Bluetooth\obexsrv.exe =>.Motorola Solutions Inc.® SS - Demand [05/02/2016] [ 433688] BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-Service.exe =>.BlueStack Systems, Inc.® SR - Auto [05/02/2016] [ 413208] BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe =>.BlueStack Systems, Inc.® SR - Auto [05/02/2016] [ 859672] BlueStacks Updater Service (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-UpdaterService.exe =>.BlueStack Systems, Inc.® SR - Auto [26/03/2016] [ 2297528] COMODO Chromodo Update Service (ChromodoUpdater) . (.Comodo.) - C:\Program Files\Comodo\Chromodo\chromodo_updater.exe =>.Comodo Security Solutions® SR - Auto [22/03/2016] [ 76984] COMODO LPS Launcher (CLPSLauncher) . (.Comodo Security Solutions, Inc..) - C:\Program Files\Common Files\COMODO\launcher_service.exe =>.Comodo Security Solutions® SR - Auto [27/03/2016] [ 4542840] COMODO Internet Security Helper Service (CmdAgent) . (.COMODO.) - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe =>.Comodo Security Solutions® SR - Demand [27/03/2016] [ 1670840] COMODO Virtual Service Manager (cmdvirth) . (.COMODO.) - C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe =>.Comodo Security Solutions® SR - Auto [05/03/2013] [ 193696] C:\Windows\system32\CxAudMsg32.exe,-100 (CxAudMsg) . (.Conexant Systems Inc..) - C:\Windows\System32\CxAudMsg32.exe =>.Conexant Systems, Inc.® SR - Auto [06/06/2015] [ 1263480] DFServ (DFServ) . (.Faronics Corporation.) - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe SR - Auto [06/01/2016] [ 269312] Droid4XService (Droid4XService) . (...) - C:\Program Files\Droid4X\Droid4XService.exe SR - Auto [16/03/2016] [ 1983424] ESET Service (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe =>.ESET, spol. s r.o.® SR - Auto [22/03/2016] [ 2473472] GeekBuddyRSP Server (GeekBuddyRSP) . (.Comodo Security Solutions, Inc..) - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe =>.Comodo Security Solutions, Inc. SS - Auto [06/11/2015] [ 144200] خدمة Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc® SS - Demand [06/11/2015] [ 144200] خدمة Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc® SR - Auto [30/03/2015] [ 272584] Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe =>.Intel Corporation® SS - Auto [01/05/2010] [ 8192] KMService (KMService) . (...) - C:\Windows\System32\srvany.exe =>PUP.Optional.Office SR - Auto [29/01/2016] [ 740832] Malwarebytes Anti-Exploit Service (MbaeSvc) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe =>.Malwarebytes Corporation® SS - Disabl [05/10/2015] [ 1513784] (MBAMScheduler) . (.Malwarebytes.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe =>.Malwarebytes Corporation® SS - Auto [05/10/2015] [ 1135416] (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation® SS - Demand [23/03/2016] [ 146888] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation® SR - Auto [27/03/2016] [ 12288] NO-IP DUC v4.1.1 (NoIPDUCService4) . (.Copyright © 2012.) - C:\Program Files\No-IP\ducservice.exe SR - Auto [19/02/2016] [ 1493224] OpenVPN Agent (ovpnagent) . (...) - C:\Program Files\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe {0EBD24BDFBD4ADDDD2EDD27E8FB1953C} SStart Pending - Auto [23/05/2015] [ 1141336] RealPlayer Cloud Service (RealPlayer Cloud Service) . (.RealNetworks, Inc..) - C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe =>.RealNetworks, Inc.® SR - Demand [29/06/2013] [ 3860480] SafeIPS (SafeIPS) . (.SafeIP.) - C:\Program Files\SafeIP\SafeIPS.exe SR - Auto [05/03/2013] [ 447104] Conexant SmartAudio service (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SASrv.exe =>.Conexant Systems, Inc.® SR - Auto [26/02/2016] [ 146576] Sandboxie Service (SbieSvc) . (.Sandboxie Holdings, LLC.) - C:\Program Files\Sandboxie\SbieSvc.exe =>.Invincea, Inc.® SR - Auto [19/03/2016] [ 3956680] SoftEther VPN Client (SEVPNCLIENT) . (.SoftEther VPN Project at University of Tsukuba, Japan.) - C:\Program Files\SoftEther VPN Client\vpnclient.exe {1121D141C3B78476420DAB37340E68978A6E} =>.SoftEther VPN Project at University of Tsukuba, Japan SS - Auto [18/02/2015] [ 315488] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe =>.Skype Software Sarl® SS - Auto [27/03/2016] [ 97080] Baidu Spark Service (SparkSvc) . (.Baidu Inc..) - C:\Program Files\baidu\Baidu Browser\sparkservice.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® SS - Demand [26/03/2016] [ 1371960] Baidu Spark Updater (SparkUpdater) . (.Baidu.com, Inc..) - C:\Program Files\baidu\SparkUpdate\Sparkupdate.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® SR - Auto [08/08/2014] [ 168688] SynTPEnh Caller Service (SynTPEnhService) . (.Synaptics Incorporated.) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe =>.Synaptics Incorporated® SR - Auto [30/11/2015] [ 6887696] TeamViewer 11 (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\TeamViewer_Service.exe =>.TeamViewer® SR - Auto [24/06/2015] [ 87256] VMware Authorization Service (VMAuthdService) . (.VMware, Inc..) - C:\Program Files\VMware\VMware Player\vmware-authd.exe =>.VMware, Inc.® SR - Auto [24/06/2015] [ 359128] VMware DHCP Service (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\System32\vmnetdhcp.exe =>.VMware, Inc.® SR - Auto [21/08/2014] [ 722624] VMware USB Arbitration Service (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe =>.VMware, Inc.® SR - Auto [24/06/2015] [ 437976] VMware NAT Service (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\System32\vmnat.exe =>.VMware, Inc.® ---\\ Process running (53) - 10s [MD5.AB8B325FC9531B6EBC04E857C463E710] - (.Faronics Corporation - Deep Freeze service.) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe [1263480] [PID.1220] [MD5.08AEF77D0762717ADE7158F763BB081D] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe [76984] [PID.1268] =>.Comodo Security Solutions® [MD5.96A19820229EF943A1CCCCB7D19428D5] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1983424] [PID.1292] =>.ESET, spol. s r.o.® [MD5.2FB61753D4A8CCFB4926A8CA4172730C] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [4542840] [PID.1424] =>.Comodo Security Solutions® [MD5.20DE117F7B467F3D7B2F8168C933130D] - (.Intel Corporation - igfxCUIService Module.) -- C:\Windows\System32\igfxCUIService.exe [272584] [PID.1812] =>.Intel Corporation® [MD5.2FBE31281087681508CB3B549A079F7C] - (.Sandboxie Holdings, LLC - Sandboxie Service.) -- C:\Program Files\Sandboxie\SbieSvc.exe [146576] [PID.1876] =>.Invincea, Inc.® [MD5.F2CEEE9ABBCEF207ACB103215AC28BC2] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [82128] [PID.2368] =>.Adobe Systems, Incorporated® [MD5.A78506EA72B918CAF3082F8DE86434B5] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413208] [PID.2552] =>.BlueStack Systems, Inc.® [MD5.64A42C8B0AD4DA3D794DF73E6C73B8D1] - (.BlueStack Systems, Inc. - BlueStacks Updater Service.) -- C:\Program Files\BlueStacks\HD-UpdaterService.exe [859672] [PID.3012] =>.BlueStack Systems, Inc.® [MD5.39B9A81D436CDA3BEE09BCCDB71DDAAC] - (.Faronics Corporation - Deep Freeze utility.) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe [2906856] [PID.3272] =>.Faronics Corporation® [MD5.C3BA99B08B8E6EABDAF4604227C9A335] - (.Faronics Corporation - Deep Freeze DF Locker.) -- C:\Windows\Temp\DFLocker.exe [148712] [PID.3392] =>.Faronics Corporation® [MD5.1A5BCFC72D357830300BD3C2704EBAB9] - (.Conexant Systems Inc. - Conexant Audio Message Service.) -- C:\Windows\System32\CxAudMsg32.exe [193696] [PID.3408] =>.Conexant Systems, Inc.® [MD5.D0020E4ACE0A932CB8ED4AE9CBB8271A] - (...) -- C:\Program Files\Droid4X\Droid4XService.exe [269312] [PID.3444] [MD5.8DA6E39ADBD623F63E4E5FFDD2F0A800] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1491128] [PID.3504] =>.Comodo Security Solutions® [MD5.F2A930E12E33A5D0B0E914165B64F5DF] - (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2473472] [PID.3652] =>.Comodo Security Solutions, Inc. [MD5.6761C5500F6A54BF31BA91F409234426] - (.Malwarebytes Corporation - Malwarebytes Anti-Exploit Service.) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [740832] [PID.4032] =>.Malwarebytes Corporation® [MD5.5CC1C1598E004E9C7C00FC9B04E21FF2] - (...) -- C:\Program Files\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [1493224] [PID.1768] {0EBD24BDFBD4ADDDD2EDD27E8FB1953C} [MD5.09F0253CD415BC716A4132DFAEFE8CB9] - (.RealNetworks, Inc. - RealPlayer Cloud Service.) -- C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336] [PID.2312] =>.RealNetworks, Inc.® [MD5.07D58D5F7839ABA76118BC037C2C63BD] - (.Conexant Systems, Inc. - SmartAudio Service Application.) -- C:\Windows\System32\SASrv.exe [447104] [PID.1252] =>.Conexant Systems, Inc.® [MD5.FB31B674412D889895F4CC642850D250] - (.SoftEther VPN Project at University of Tsukuba, Japan - SoftEther VPN.) -- C:\Program Files\SoftEther VPN Client\vpnclient.exe [3956680] [PID.2608] {1121D141C3B78476420DAB37340E68978A6E} =>.SoftEther VPN Project at University of Tsukuba, Japan [MD5.393898B432CBB9ECBC6F41AA907807FF] - (.Synaptics Incorporated - 32-bit Synaptics Pointing Enhance Service.) -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [168688] [PID.3816] =>.Synaptics Incorporated® [MD5.50F522BA2D9F371211035FA0F53DF864] - (.TeamViewer GmbH - TeamViewer 11.) -- C:\Program Files\TeamViewer\TeamViewer_Service.exe [6887696] [PID.2760] =>.TeamViewer® [MD5.1EE2546AE9E1AC323E669690F8DFF9E5] - (.Synaptics Incorporated - Synaptics TouchPad 32-bit Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2454768] [PID.4104] =>.Synaptics Incorporated® [MD5.2B2BB1F8BFEBE6B847FDB32F89EA2A3E] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\System32\vmnat.exe [437976] [PID.4240] =>.VMware, Inc.® [MD5.BD00A8CFB76E6BB0E89DB191E3712528] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe [87256] [PID.4464] =>.VMware, Inc.® [MD5.338CD01BD29805A93902B9237A39CAC5] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\System32\vmnetdhcp.exe [359128] [PID.4520] =>.VMware, Inc.® [MD5.21C8747CF038796D59A5B88A4BAAC7B4] - (.VMware, Inc. - VMware USB Arbitration Service.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624] [PID.4572] =>.VMware, Inc.® [MD5.163E43BC69AE78F468024EC2133C94A8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992] [PID.4908] =>.Oracle America, Inc.® [MD5.8025F05E5A51FD499584AFD7A688423C] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [6602152] [PID.5148] =>.Piriform Ltd® [MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.5240] =>.Tonec Inc.® [MD5.2177F5B6C2172D6DA69C66528DDF7D5B] - (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [5556424] [PID.5484] =>.ESET, spol. s r.o.® [MD5.3FB0146C98E5DC576745BCED1D623FC2] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe [461496] [PID.5928] =>.Comodo Security Solutions® [MD5.FD52920F1B43AEF97C003D785B2FEFD2] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\Comodo\COMODO Internet Security\cis.exe [7851192] [PID.2196] =>.Comodo Security Solutions® [MD5.119EDA9D849D4DE0F42A5BCF757D6CE0] - (.SafeIP - .) -- C:\Program Files\SafeIP\SafeIPS.exe [3860480] [PID.5300] [MD5.CA59BC57CB03DC284E59846D6476399B] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe [784056] [PID.7720] =>.Comodo Security Solutions® [MD5.E7429ECD0C47CC065EEACF7E9D0E6341] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe [1132920] [PID.4776] =>.Motorola Solutions Inc.® [MD5.6A2D6E28FF19BCE6C94E0D41FFD93669] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) -- C:\Program Files\Intel\Bluetooth\mediasrv.exe [1366392] [PID.3956] =>.Motorola Solutions Inc.® [MD5.88DB2AE883901282C5B080ADEB41EFCA] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) -- C:\Program Files\Intel\Bluetooth\obexsrv.exe [1153400] [PID.7128] =>.Motorola Solutions Inc.® [MD5.C53B51794903CDA88CD135014C3E90F5] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [926768] [PID.9576] =>.Oracle America, Inc.® [MD5.8F371730BCCA56031F716E0C6B66814D] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SynTP\SYNTPHELPER.EXE [183536] [PID.2276] =>.Synaptics Incorporated® [MD5.63C0B874A0FFCDA3ABB20BA4B7676B95] - (.VMware, Inc. - VMware VPrint Proxy.) -- C:\Program Files\VMware\VMware Player\vprintproxy.exe [19160] [PID.6908] =>.VMware, Inc.® [MD5.F2616FED761E6A681A18A3E2BD27EF04] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3825232] [PID.11492] =>.Tonec Inc. [MD5.5501A4C977CA0F0021E54CF532503E32] - (.Comodo - Chromodo.) -- C:\Program Files\Comodo\Chromodo\chromodo_updater.exe [2297528] [PID.12980] =>.Comodo Security Solutions® [MD5.7896A552726DCE86DFBC43A9CDD328A4] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe [1670840] [PID.12040] =>.Comodo Security Solutions® [MD5.08AEF77D0762717ADE7158F763BB081D] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe [76984] [PID.12380] =>.Comodo Security Solutions® [MD5.CCBB3C81469D426354994FDB58506451] - (.Copyright © 2012 - DUC40.) -- C:\Program Files\No-IP\DUC40.exe [347648] [PID.13700] [MD5.5A38F3BAD50558F0E09D696ACF612D9E] - (.Copyright © 2012 - ducservice.) -- C:\Program Files\No-IP\ducservice.exe [12288] [PID.5724] [MD5.7DBA1F4E48C3FEAA34F6648A469F210D] - (.Baidu.com, Inc. - spark.) -- C:\Program Files\baidu\Baidu Browser\SparkUpdate.exe [1372472] [PID.13708] =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® [MD5.80B72881A9BDDA484867F22DDC2E84DD] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [392136] [PID.5532] =>.Mozilla Corporation® [MD5.CAA3D967EC47D26B17A44D243995510B] - (.Alexander Roshal - WinRAR archiver.) -- C:\Program Files\WinRAR\WinRAR.exe [1437688] [PID.12236] =>.win.rar GmbH® [MD5.E2292C92A30A63CB54FCEE377D790E7D] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [28917376] [PID.4236] =>.Skype Software Sarl® [MD5.E2292C92A30A63CB54FCEE377D790E7D] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [28917376] [PID.2420] =>.Skype Software Sarl® [MD5.6298F3ACEEC7DCF7F454B2B0D93FCDD0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\ابداع\Downloads\ZHPDiag3.exe [2162688] [PID.10676] =>.Nicolas Coolman ---\\ Google Chrome, Start,Search,Extensions (11) - 1s G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [gighmmpiobklfepjocnamgkkbiglidom] AdBlock G2 - GCE: Preference [User Data\Default] [gkojfkhlekighikafcpjkiklfbnlmeio] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [idhngdhcfkoamngbedgpaokgjbnpdiji] RealPlayer Downloader G2 - GCE: Preference [User Data\Default] [jeaohhlajejodfjadcponpnjgkiikocn] IDM Integration Module G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [opalpjjboefohnelaemnhdhlceibbcgl] Hola - Unlimited Proxy VPN G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc. ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (3) - 1s M0 - MFSP: prefs.js [ابداع - j0t1qgf5.default] http://us.yahoo.com?fr=fp-comodo P2 - EXT FILE: (...) -- C:\Users\ابداع\AppData\Roaming\Mozilla\Firefox\Profiles\j0t1qgf5.default\extensions\client@anonymox.net.xpi P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_20_0_0_267.dll =>.Adobe Systems Incorporated ---\\ Internet Explorer Extensions, Start, Search (4) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.haokan123.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer ---\\ Internet Explorer, Proxy Management (4) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation ---\\ Hosts file redirection (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (23) ---\\ Browser Helper Object (BHO) (6) - 1s O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll =>.Tonec Inc.® O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation® O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll =>.Oracle America, Inc.® O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Microsoft Corporation - Skype Click to Call IE Add-on.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll =>.Skype Software Sarl® O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL =>.Microsoft Corporation® O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll =>.Oracle America, Inc.® ---\\ Auto loading programs from Registry and folders (17) - 1s O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle America, Inc.® O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\Comodo\COMODO Internet Security\cistray.exe =>.Comodo Security Solutions® O4 - HKLM\..\RunOnce: [{dca572ee-b6f6-4560-9879-fec58cc0022c}] . (.Microsoft Corporation - Microsoft Visual Studio Ultimate 2013 with.) -- C:\ProgramData\Package Cache\{dca572ee-b6f6-4560-9879-fec58cc0022c}\vs_ultimate.exe =>.Microsoft Corporation® O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd® O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - HKCU\..\Run: [c1fbcceda94af384384c8ff38770d448] . (...) -- C:\Users\ابداع\AppData\Roaming\svchost.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_20_0_0_267_Plugin.exe =>.Adobe Systems Incorporated® O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (.not file.) O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (.not file.) O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\spreview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\spreview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - ‎‎MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - ‎‎MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1779572949-1098654328-2781608554-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd® O4 - HKUS\S-1-5-21-1779572949-1098654328-2781608554-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - HKUS\S-1-5-21-1779572949-1098654328-2781608554-1000\..\Run: [c1fbcceda94af384384c8ff38770d448] . (...) -- C:\Users\ابداع\AppData\Roaming\svchost.exe O4 - HKUS\S-1-5-21-1779572949-1098654328-2781608554-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_20_0_0_267_Plugin.exe =>.Adobe Systems Incorporated® ---\\ Global shortcuts Startup (166) - 46s O4 - GS\Desktop [Administrator]: FlyVPN.lnk . (.www.flyvpn.com - FlyVPN.) C:\Program Files\FlyVPN\FlyVPN.exe {1121B7225F596FBEADC5B4D07694003A0917} O4 - GS\Desktop [Administrator]: GTA V.lnk . (.XB36Hazard - GTA V Save Editor.) C:\Program Files\GTA V\GTA V.exe O4 - GS\Desktop [Administrator]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - GS\Desktop [Administrator]: Photoshop CS5 ME.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) C:\Program Files\Adobe\Photoshop CS5 ME\Photoshop.exe =>.Adobe Systems Incorporated® O4 - GS\Desktop [Administrator]: PortExpert.lnk . (.KC Softwares - Cybersecurity at your finge tips.) C:\Program Files\KC Softwares\PortExpert\PortExpert.exe =>.KC Softwares® O4 - GS\Desktop [Administrator]: Process Hacker 2 (2).lnk . (.wj32 - Process Hacker.) C:\Program Files\Process Hacker 2\ProcessHacker.exe {0FF1EF66BD621C65B74B4DE41425717F} =>.wj32 O4 - GS\Desktop [Administrator]: Process Hacker 2.lnk . (.wj32 - Process Hacker.) C:\Program Files\Process Hacker 2\ProcessHacker.exe {0FF1EF66BD621C65B74B4DE41425717F} =>.wj32 O4 - GS\Desktop [Administrator]: Router Screen Capture.lnk . (.PcWinTech.com - .) C:\RS_Capture\RS_Capture.exe =>.PcWinTech.com O4 - GS\Desktop [Administrator]: SafeIP.lnk . (.SafeIP - .) C:\Program Files\SafeIP\SafeIP.exe {00C8E0D1DBDC50BA107C8AF5E7CCE3D25D} O4 - GS\Desktop [Administrator]: TiGeR FireWall.lnk . (.VB_SMITTEN SOFTWARE - TiGeR FireWall Pro.) C:\Program Files\TiGeR FireWall\TiGeR-Firewall.exe O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\ابداع\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Desktop [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\ابداع\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc® O4 - GS\Quicklaunch [Administrator]: Baidu Browser.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\Quicklaunch [Administrator]: Ela-Salaty.lnk . (.www.ela-salaty.com - Muslims Prayer Time Reminder..) C:\Program Files\Ela-Salaty\Salaty.exe O4 - GS\Quicklaunch [Administrator]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.EXE {11D67F2AF7440EBA275E7E62F6B634FF} =>.Gretech Corp. O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\Quicklaunch [Administrator]: PortExpert.lnk . (.KC Softwares - Cybersecurity at your finge tips.) C:\Program Files\KC Softwares\PortExpert\PortExpert.exe =>.KC Softwares® O4 - GS\Quicklaunch [Administrator]: SafeIP.lnk . (.SafeIP - .) C:\Program Files\SafeIP\SafeIP.exe {00C8E0D1DBDC50BA107C8AF5E7CCE3D25D} O4 - GS\Quicklaunch [Administrator]: Shadow Defender.lnk . (.SHADOWDEFENDER.COM - Shadow Defender Application.) C:\Program Files\Shadow Defender\Defender.exe {6E47A70BFCE998BFCD7998A98DD821D2} O4 - GS\Quicklaunch [Administrator]: Sothink Logo Maker Professional.lnk . (.SourceTec - Logo Maker Professional.) C:\Program Files\SourceTec\Sothink Logo Maker Professional\LogoMakerPro.exe {2B82ABA86D863021CD8B799A9D366BE1} =>.SourceTec O4 - GS\Quicklaunch [Administrator]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) C:\Program Files\VMware\VMware Player\vmplayer.exe =>.VMware, Inc.® O4 - GS\Quicklaunch [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\ابداع\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc® O4 - GS\Quicklaunch [Administrator]: متصفح الوب المحمى.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) C:\Program Files\Sandboxie\Start.exe =>.Invincea, Inc.® O4 - GS\sendTo [Administrator]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time O4 - GS\sendTo [Administrator]: Sandboxie - DefaultBox.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) C:\Program Files\Sandboxie\Start.exe =>.Invincea, Inc.® O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files\Skype\Phone\Skype.exe =>.Skype Software Sarl® O4 - GS\sendTo [Administrator]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 11.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer® O4 - GS\sendTo [Administrator]: WinSCP (for upload).lnk . (.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) C:\Program Files\WinSCP\WinSCP.exe =>.Martin Prikryl® O4 - GS\TaskBar [Administrator]: Baidu Browser.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\TaskBar [Administrator]: DUC.lnk . (.Copyright © 2012 - DUC40.) C:\Program Files\No-IP\DUC40.exe O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Administrator]: GTA V.lnk . (.XB36Hazard - GTA V Save Editor.) C:\Program Files\GTA V\GTA V.exe O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation® O4 - GS\TaskBar [Administrator]: Shadow Defender.lnk . (.SHADOWDEFENDER.COM - Shadow Defender Application.) C:\Program Files\Shadow Defender\Defender.exe {6E47A70BFCE998BFCD7998A98DD821D2} O4 - GS\TaskBar [Administrator]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe =>.TeamSpeak Systems GmbH® O4 - GS\TaskBar [Administrator]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) C:\Program Files\VMware\VMware Player\vmplayer.exe =>.VMware, Inc.® O4 - GS\Startup [Administrator]: cahe free.lnk . (...) C:\Users\ابداع\AppData\Roaming\svchost.exe O4 - GS\Desktop [Guest]: FlyVPN.lnk . (.www.flyvpn.com - FlyVPN.) C:\Program Files\FlyVPN\FlyVPN.exe {1121B7225F596FBEADC5B4D07694003A0917} O4 - GS\Desktop [Guest]: GTA V.lnk . (.XB36Hazard - GTA V Save Editor.) C:\Program Files\GTA V\GTA V.exe O4 - GS\Desktop [Guest]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - GS\Desktop [Guest]: Photoshop CS5 ME.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) C:\Program Files\Adobe\Photoshop CS5 ME\Photoshop.exe =>.Adobe Systems Incorporated® O4 - GS\Desktop [Guest]: PortExpert.lnk . (.KC Softwares - Cybersecurity at your finge tips.) C:\Program Files\KC Softwares\PortExpert\PortExpert.exe =>.KC Softwares® O4 - GS\Desktop [Guest]: Process Hacker 2 (2).lnk . (.wj32 - Process Hacker.) C:\Program Files\Process Hacker 2\ProcessHacker.exe {0FF1EF66BD621C65B74B4DE41425717F} =>.wj32 O4 - GS\Desktop [Guest]: Process Hacker 2.lnk . (.wj32 - Process Hacker.) C:\Program Files\Process Hacker 2\ProcessHacker.exe {0FF1EF66BD621C65B74B4DE41425717F} =>.wj32 O4 - GS\Desktop [Guest]: Router Screen Capture.lnk . (.PcWinTech.com - .) C:\RS_Capture\RS_Capture.exe =>.PcWinTech.com O4 - GS\Desktop [Guest]: SafeIP.lnk . (.SafeIP - .) C:\Program Files\SafeIP\SafeIP.exe {00C8E0D1DBDC50BA107C8AF5E7CCE3D25D} O4 - GS\Desktop [Guest]: TiGeR FireWall.lnk . (.VB_SMITTEN SOFTWARE - TiGeR FireWall Pro.) C:\Program Files\TiGeR FireWall\TiGeR-Firewall.exe O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\ابداع\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Desktop [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\ابداع\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc® O4 - GS\Quicklaunch [Guest]: Baidu Browser.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\Quicklaunch [Guest]: Ela-Salaty.lnk . (.www.ela-salaty.com - Muslims Prayer Time Reminder..) C:\Program Files\Ela-Salaty\Salaty.exe O4 - GS\Quicklaunch [Guest]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.EXE {11D67F2AF7440EBA275E7E62F6B634FF} =>.Gretech Corp. O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\Quicklaunch [Guest]: PortExpert.lnk . (.KC Softwares - Cybersecurity at your finge tips.) C:\Program Files\KC Softwares\PortExpert\PortExpert.exe =>.KC Softwares® O4 - GS\Quicklaunch [Guest]: SafeIP.lnk . (.SafeIP - .) C:\Program Files\SafeIP\SafeIP.exe {00C8E0D1DBDC50BA107C8AF5E7CCE3D25D} O4 - GS\Quicklaunch [Guest]: Shadow Defender.lnk . (.SHADOWDEFENDER.COM - Shadow Defender Application.) C:\Program Files\Shadow Defender\Defender.exe {6E47A70BFCE998BFCD7998A98DD821D2} O4 - GS\Quicklaunch [Guest]: Sothink Logo Maker Professional.lnk . (.SourceTec - Logo Maker Professional.) C:\Program Files\SourceTec\Sothink Logo Maker Professional\LogoMakerPro.exe {2B82ABA86D863021CD8B799A9D366BE1} =>.SourceTec O4 - GS\Quicklaunch [Guest]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) C:\Program Files\VMware\VMware Player\vmplayer.exe =>.VMware, Inc.® O4 - GS\Quicklaunch [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\ابداع\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc® O4 - GS\Quicklaunch [Guest]: متصفح الوب المحمى.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) C:\Program Files\Sandboxie\Start.exe =>.Invincea, Inc.® O4 - GS\sendTo [Guest]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time O4 - GS\sendTo [Guest]: Sandboxie - DefaultBox.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) C:\Program Files\Sandboxie\Start.exe =>.Invincea, Inc.® O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files\Skype\Phone\Skype.exe =>.Skype Software Sarl® O4 - GS\sendTo [Guest]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 11.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer® O4 - GS\sendTo [Guest]: WinSCP (for upload).lnk . (.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) C:\Program Files\WinSCP\WinSCP.exe =>.Martin Prikryl® O4 - GS\TaskBar [Guest]: Baidu Browser.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\TaskBar [Guest]: DUC.lnk . (.Copyright © 2012 - DUC40.) C:\Program Files\No-IP\DUC40.exe O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Guest]: GTA V.lnk . (.XB36Hazard - GTA V Save Editor.) C:\Program Files\GTA V\GTA V.exe O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation® O4 - GS\TaskBar [Guest]: Shadow Defender.lnk . (.SHADOWDEFENDER.COM - Shadow Defender Application.) C:\Program Files\Shadow Defender\Defender.exe {6E47A70BFCE998BFCD7998A98DD821D2} O4 - GS\TaskBar [Guest]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe =>.TeamSpeak Systems GmbH® O4 - GS\TaskBar [Guest]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) C:\Program Files\VMware\VMware Player\vmplayer.exe =>.VMware, Inc.® O4 - GS\Startup [Guest]: cahe free.lnk . (...) C:\Users\ابداع\AppData\Roaming\svchost.exe O4 - GS\Desktop [VUSR_ابداع-PC]: FlyVPN.lnk . (.www.flyvpn.com - FlyVPN.) C:\Program Files\FlyVPN\FlyVPN.exe {1121B7225F596FBEADC5B4D07694003A0917} O4 - GS\Desktop [VUSR_ابداع-PC]: GTA V.lnk . (.XB36Hazard - GTA V Save Editor.) C:\Program Files\GTA V\GTA V.exe O4 - GS\Desktop [VUSR_ابداع-PC]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - GS\Desktop [VUSR_ابداع-PC]: Photoshop CS5 ME.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) C:\Program Files\Adobe\Photoshop CS5 ME\Photoshop.exe =>.Adobe Systems Incorporated® O4 - GS\Desktop [VUSR_ابداع-PC]: PortExpert.lnk . (.KC Softwares - Cybersecurity at your finge tips.) C:\Program Files\KC Softwares\PortExpert\PortExpert.exe =>.KC Softwares® O4 - GS\Desktop [VUSR_ابداع-PC]: Process Hacker 2 (2).lnk . (.wj32 - Process Hacker.) C:\Program Files\Process Hacker 2\ProcessHacker.exe {0FF1EF66BD621C65B74B4DE41425717F} =>.wj32 O4 - GS\Desktop [VUSR_ابداع-PC]: Process Hacker 2.lnk . (.wj32 - Process Hacker.) C:\Program Files\Process Hacker 2\ProcessHacker.exe {0FF1EF66BD621C65B74B4DE41425717F} =>.wj32 O4 - GS\Desktop [VUSR_ابداع-PC]: Router Screen Capture.lnk . (.PcWinTech.com - .) C:\RS_Capture\RS_Capture.exe =>.PcWinTech.com O4 - GS\Desktop [VUSR_ابداع-PC]: SafeIP.lnk . (.SafeIP - .) C:\Program Files\SafeIP\SafeIP.exe {00C8E0D1DBDC50BA107C8AF5E7CCE3D25D} O4 - GS\Desktop [VUSR_ابداع-PC]: TiGeR FireWall.lnk . (.VB_SMITTEN SOFTWARE - TiGeR FireWall Pro.) C:\Program Files\TiGeR FireWall\TiGeR-Firewall.exe O4 - GS\Desktop [VUSR_ابداع-PC]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\ابداع\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Desktop [VUSR_ابداع-PC]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\ابداع\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc® O4 - GS\Quicklaunch [VUSR_ابداع-PC]: Baidu Browser.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\Quicklaunch [VUSR_ابداع-PC]: Ela-Salaty.lnk . (.www.ela-salaty.com - Muslims Prayer Time Reminder..) C:\Program Files\Ela-Salaty\Salaty.exe O4 - GS\Quicklaunch [VUSR_ابداع-PC]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.EXE {11D67F2AF7440EBA275E7E62F6B634FF} =>.Gretech Corp. O4 - GS\Quicklaunch [VUSR_ابداع-PC]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\Quicklaunch [VUSR_ابداع-PC]: PortExpert.lnk . (.KC Softwares - Cybersecurity at your finge tips.) C:\Program Files\KC Softwares\PortExpert\PortExpert.exe =>.KC Softwares® O4 - GS\Quicklaunch [VUSR_ابداع-PC]: SafeIP.lnk . (.SafeIP - .) C:\Program Files\SafeIP\SafeIP.exe {00C8E0D1DBDC50BA107C8AF5E7CCE3D25D} O4 - GS\Quicklaunch [VUSR_ابداع-PC]: Shadow Defender.lnk . (.SHADOWDEFENDER.COM - Shadow Defender Application.) C:\Program Files\Shadow Defender\Defender.exe {6E47A70BFCE998BFCD7998A98DD821D2} O4 - GS\Quicklaunch [VUSR_ابداع-PC]: Sothink Logo Maker Professional.lnk . (.SourceTec - Logo Maker Professional.) C:\Program Files\SourceTec\Sothink Logo Maker Professional\LogoMakerPro.exe {2B82ABA86D863021CD8B799A9D366BE1} =>.SourceTec O4 - GS\Quicklaunch [VUSR_ابداع-PC]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) C:\Program Files\VMware\VMware Player\vmplayer.exe =>.VMware, Inc.® O4 - GS\Quicklaunch [VUSR_ابداع-PC]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\ابداع\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc® O4 - GS\Quicklaunch [VUSR_ابداع-PC]: متصفح الوب المحمى.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) C:\Program Files\Sandboxie\Start.exe =>.Invincea, Inc.® O4 - GS\sendTo [VUSR_ابداع-PC]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time O4 - GS\sendTo [VUSR_ابداع-PC]: Sandboxie - DefaultBox.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) C:\Program Files\Sandboxie\Start.exe =>.Invincea, Inc.® O4 - GS\sendTo [VUSR_ابداع-PC]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files\Skype\Phone\Skype.exe =>.Skype Software Sarl® O4 - GS\sendTo [VUSR_ابداع-PC]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 11.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer® O4 - GS\sendTo [VUSR_ابداع-PC]: WinSCP (for upload).lnk . (.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) C:\Program Files\WinSCP\WinSCP.exe =>.Martin Prikryl® O4 - GS\TaskBar [VUSR_ابداع-PC]: Baidu Browser.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\TaskBar [VUSR_ابداع-PC]: DUC.lnk . (.Copyright © 2012 - DUC40.) C:\Program Files\No-IP\DUC40.exe O4 - GS\TaskBar [VUSR_ابداع-PC]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [VUSR_ابداع-PC]: GTA V.lnk . (.XB36Hazard - GTA V Save Editor.) C:\Program Files\GTA V\GTA V.exe O4 - GS\TaskBar [VUSR_ابداع-PC]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation® O4 - GS\TaskBar [VUSR_ابداع-PC]: Shadow Defender.lnk . (.SHADOWDEFENDER.COM - Shadow Defender Application.) C:\Program Files\Shadow Defender\Defender.exe {6E47A70BFCE998BFCD7998A98DD821D2} O4 - GS\TaskBar [VUSR_ابداع-PC]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe =>.TeamSpeak Systems GmbH® O4 - GS\TaskBar [VUSR_ابداع-PC]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) C:\Program Files\VMware\VMware Player\vmplayer.exe =>.VMware, Inc.® O4 - GS\Startup [VUSR_ابداع-PC]: cahe free.lnk . (...) C:\Users\ابداع\AppData\Roaming\svchost.exe O4 - GS\Desktop [ابداع]: FlyVPN.lnk . (.www.flyvpn.com - FlyVPN.) C:\Program Files\FlyVPN\FlyVPN.exe {1121B7225F596FBEADC5B4D07694003A0917} O4 - GS\Desktop [ابداع]: GTA V.lnk . (.XB36Hazard - GTA V Save Editor.) C:\Program Files\GTA V\GTA V.exe O4 - GS\Desktop [ابداع]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - GS\Desktop [ابداع]: Photoshop CS5 ME.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) C:\Program Files\Adobe\Photoshop CS5 ME\Photoshop.exe =>.Adobe Systems Incorporated® O4 - GS\Desktop [ابداع]: PortExpert.lnk . (.KC Softwares - Cybersecurity at your finge tips.) C:\Program Files\KC Softwares\PortExpert\PortExpert.exe =>.KC Softwares® O4 - GS\Desktop [ابداع]: Process Hacker 2 (2).lnk . (.wj32 - Process Hacker.) C:\Program Files\Process Hacker 2\ProcessHacker.exe {0FF1EF66BD621C65B74B4DE41425717F} =>.wj32 O4 - GS\Desktop [ابداع]: Process Hacker 2.lnk . (.wj32 - Process Hacker.) C:\Program Files\Process Hacker 2\ProcessHacker.exe {0FF1EF66BD621C65B74B4DE41425717F} =>.wj32 O4 - GS\Desktop [ابداع]: Router Screen Capture.lnk . (.PcWinTech.com - .) C:\RS_Capture\RS_Capture.exe =>.PcWinTech.com O4 - GS\Desktop [ابداع]: SafeIP.lnk . (.SafeIP - .) C:\Program Files\SafeIP\SafeIP.exe {00C8E0D1DBDC50BA107C8AF5E7CCE3D25D} O4 - GS\Desktop [ابداع]: TiGeR FireWall.lnk . (.VB_SMITTEN SOFTWARE - TiGeR FireWall Pro.) C:\Program Files\TiGeR FireWall\TiGeR-Firewall.exe O4 - GS\Desktop [ابداع]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\ابداع\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Desktop [ابداع]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\ابداع\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc® O4 - GS\Quicklaunch [ابداع]: Baidu Browser.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\Quicklaunch [ابداع]: Ela-Salaty.lnk . (.www.ela-salaty.com - Muslims Prayer Time Reminder..) C:\Program Files\Ela-Salaty\Salaty.exe O4 - GS\Quicklaunch [ابداع]: GOM Player.lnk . (.Gretech Corp. - GOM Player.) C:\Program Files\GRETECH\GomPlayer\GOM.EXE {11D67F2AF7440EBA275E7E62F6B634FF} =>.Gretech Corp. O4 - GS\Quicklaunch [ابداع]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\Quicklaunch [ابداع]: PortExpert.lnk . (.KC Softwares - Cybersecurity at your finge tips.) C:\Program Files\KC Softwares\PortExpert\PortExpert.exe =>.KC Softwares® O4 - GS\Quicklaunch [ابداع]: SafeIP.lnk . (.SafeIP - .) C:\Program Files\SafeIP\SafeIP.exe {00C8E0D1DBDC50BA107C8AF5E7CCE3D25D} O4 - GS\Quicklaunch [ابداع]: Shadow Defender.lnk . (.SHADOWDEFENDER.COM - Shadow Defender Application.) C:\Program Files\Shadow Defender\Defender.exe {6E47A70BFCE998BFCD7998A98DD821D2} O4 - GS\Quicklaunch [ابداع]: Sothink Logo Maker Professional.lnk . (.SourceTec - Logo Maker Professional.) C:\Program Files\SourceTec\Sothink Logo Maker Professional\LogoMakerPro.exe {2B82ABA86D863021CD8B799A9D366BE1} =>.SourceTec O4 - GS\Quicklaunch [ابداع]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) C:\Program Files\VMware\VMware Player\vmplayer.exe =>.VMware, Inc.® O4 - GS\Quicklaunch [ابداع]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\ابداع\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc® O4 - GS\Quicklaunch [ابداع]: متصفح الوب المحمى.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) C:\Program Files\Sandboxie\Start.exe =>.Invincea, Inc.® O4 - GS\sendTo [ابداع]: Format Factory.lnk . (.Free Time - FormatFactory.) C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe =>.Free Time O4 - GS\sendTo [ابداع]: Sandboxie - DefaultBox.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) C:\Program Files\Sandboxie\Start.exe =>.Invincea, Inc.® O4 - GS\sendTo [ابداع]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files\Skype\Phone\Skype.exe =>.Skype Software Sarl® O4 - GS\sendTo [ابداع]: TeamViewer.lnk . (.TeamViewer GmbH - TeamViewer 11.) C:\Program Files\TeamViewer\TeamViewer.exe =>.TeamViewer® O4 - GS\sendTo [ابداع]: WinSCP (for upload).lnk . (.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) C:\Program Files\WinSCP\WinSCP.exe =>.Martin Prikryl® O4 - GS\TaskBar [ابداع]: Baidu Browser.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\TaskBar [ابداع]: DUC.lnk . (.Copyright © 2012 - DUC40.) C:\Program Files\No-IP\DUC40.exe O4 - GS\TaskBar [ابداع]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [ابداع]: GTA V.lnk . (.XB36Hazard - GTA V Save Editor.) C:\Program Files\GTA V\GTA V.exe O4 - GS\TaskBar [ابداع]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation® O4 - GS\TaskBar [ابداع]: Shadow Defender.lnk . (.SHADOWDEFENDER.COM - Shadow Defender Application.) C:\Program Files\Shadow Defender\Defender.exe {6E47A70BFCE998BFCD7998A98DD821D2} O4 - GS\TaskBar [ابداع]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe =>.TeamSpeak Systems GmbH® O4 - GS\TaskBar [ابداع]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) C:\Program Files\VMware\VMware Player\vmplayer.exe =>.VMware, Inc.® O4 - GS\Startup [ابداع]: cahe free.lnk . (...) C:\Users\ابداع\AppData\Roaming\svchost.exe O4 - GS\CommonDesktop [Public]: Baidu Browser.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\CommonDesktop [Public]: BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks App Player.) C:\ProgramData\BlueStacksGameManager\BlueStacks.exe =>.BlueStack Systems, Inc.® O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd® O4 - GS\CommonDesktop [Public]: COMODO Firewall.lnk . (.COMODO - COMODO Internet Security.) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe =>.Comodo Security Solutions® O4 - GS\CommonDesktop [Public]: Facebook.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\CommonDesktop [Public]: GeekBuddy.lnk . (.Comodo Security Solutions, Inc. - livePCsupport Component.) C:\Program Files\Comodo\GeekBuddy\launcher.exe =>.Comodo Security Solutions® O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\CommonDesktop [Public]: Google.lnk . (.Copyright (C) 2011 - spark.) C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O4 - GS\CommonDesktop [Public]: Internet (Chromodo).lnk . (.Comodo - Chromodo.) C:\Program Files\Comodo\Chromodo\chromodo.exe =>.Comodo Security Solutions® O4 - GS\CommonDesktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe =>.Malwarebytes Corporation® O4 - GS\CommonDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation® O4 - GS\CommonDesktop [Public]: PowerISO.lnk . (.Power Software Ltd - PowerISO.) C:\Program Files\PowerISO\PowerISO.exe =>.Power Software Limited® O4 - GS\CommonDesktop [Public]: Private Tunnel.lnk . (.OpenVPN Technologies - Private Tunnel VPN Client.) C:\Program Files\OpenVPN Technologies\PrivateTunnel\privatetunnel2.5.5.exe {0EBD24BDFBD4ADDDD2EDD27E8FB1953C} =>.OpenVPN Technologies O4 - GS\CommonDesktop [Public]: Skype.lnk . (...) C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe O4 - GS\CommonDesktop [Public]: SoftEther VPN Client Manager.lnk . (.SoftEther VPN Project at University of Tsukuba, Japan - SoftEther VPN.) C:\Program Files\SoftEther VPN Client\vpncmgr.exe {1121D141C3B78476420DAB37340E68978A6E} =>.SoftEther VPN Project at University of Tsukuba, Japan O4 - GS\CommonDesktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe =>.TeamSpeak Systems GmbH® O4 - GS\CommonDesktop [Public]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) C:\Program Files\UltraISO\UltraISO.exe =>.SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.® O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\Windows\system32\taskschd.msc ---\\ Winsock hijacker (Layered Service Provider) (5) - 0s O10 - WLSP:\Catalog_Entries\000000000001\Winsock LSP File . (.SafeIP.) -- C:\Windows\System32\SafeIPs.dll =>Hijacker.Winsock O10 - WLSP:\Catalog_Entries\000000000002\Winsock LSP File . (.SafeIP.) -- C:\Windows\System32\SafeIPs.dll =>Hijacker.Winsock O10 - WLSP:\Catalog_Entries\000000000003\Winsock LSP File . (.SafeIP.) -- C:\Windows\System32\SafeIPs.dll =>Hijacker.Winsock O10 - WLSP:\Catalog_Entries\000000000004\Winsock LSP File . (.SafeIP.) -- C:\Windows\System32\SafeIPs.dll =>Hijacker.Winsock O10 - WLSP:\Catalog_Entries\000000000018\Winsock LSP File . (.SafeIP.) -- C:\Windows\System32\SafeIPs.dll =>Hijacker.Winsock ---\\ Lop.com/Domain Hijackers (5) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{97A70E30-B46D-412C-9C9C-6CA95DDC720E}: NameServer = 188.121.254.253 188.121.254.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{B804C6C7-2BEF-42D3-9734-46503E36A1B1}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{6645E579-B9E7-4F7B-8984-2181B6496384}: DhcpNameServer = 68.168.114.253 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{DE7B38CE-9724-41BD-A717-1519842DE3F7}: DhcpNameServer = 192.168.1.1 192.168.1.1 ---\\ Extra protocols (25) - 1s O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - عنصر تحكم ActiveX للفيديو المتدفق.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll =>.Microsoft Corporation® O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} . (.Microsoft Corporation - Skype Click to Call IE Add-on.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll =>.Skype Software Sarl® O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - عنصر تحكم ActiveX للفيديو المتدفق.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation® O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation® O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation® O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL =>.Microsoft Corporation® ---\\ Software installed (109) - 50s O42 - Logiciel: .NET Reflector Desktop - (.Red Gate Software Ltd.) [HKLM] -- {3450CBDE-2AE7-4FB8-93E3-37995ADE4F13} =>.Red Gate Software Ltd O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent =>.BitTorrent Inc® O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Flash Player 17 PPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player PPAPI =>.Adobe Systems Incorporated® O42 - Logiciel: Adobe Flash Player 20 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX =>.Adobe Systems Incorporated® O42 - Logiciel: Adobe Flash Player 20 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated® O42 - Logiciel: Adobe Photoshop CS - (.Adobe Systems, Inc..) [HKLM] -- {EFB21DE7-8C19-4A88-BB28-A766E16493BC} =>.Adobe Systems, Inc. O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-0804-1033-1959-001824166751} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Shockwave Player 12.1 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player =>.Adobe Systems, Inc. O42 - Logiciel: Adobe Shockwave Player 12.2 - (.Adobe Systems, Inc.) [HKLM] -- {315BE77E-D725-477D-9C71-63F78844363C} =>.Adobe Systems, Inc O42 - Logiciel: Advanced RAR Repair v1.2 - (...) [HKLM] -- Advanced RAR Repair v1.2 O42 - Logiciel: ALPS Touch Pad Driver - (.Alps Electric.) [HKLM] -- {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} =>.Alps Electric Co., LTD.® O42 - Logiciel: Andy OS - (.Andy OS, Inc.) [HKLM] -- Andy OS O42 - Logiciel: ASPack 2.39 - (...) [HKLM] -- ASPack_is1 O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM] -- Spark =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O42 - Logiciel: BeeThink IP Blocker 2.0 - (.BeeThink Software, Inc..) [HKLM] -- BeeThink IP Blocker_is1 O42 - Logiciel: BlueStacks App Player - (.BlueStack Systems, Inc..) [HKLM] -- {AF0D9073-1AE0-4C21-AA70-41294AEFBDFD} =>.BlueStack Systems, Inc. O42 - Logiciel: Bruteforce Save Data - (...) [HKLM] -- Bruteforce Save Data O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner =>.Piriform Ltd® O42 - Logiciel: Chromodo - (.Comodo.) [HKLM] -- Chromodo =>.Comodo Security Solutions® O42 - Logiciel: CodeWall 2010 - (.CodeWall Technologies.) [HKLM] -- {C7C5B9D0-B580-465B-8856-93CC133DCB26}_is1 O42 - Logiciel: COMODO Firewall - (.COMODO Security Solutions Inc..) [HKLM] -- {04833277-EE61-4251-9273-0CF86C0FE710} =>.COMODO Security Solutions Inc. O42 - Logiciel: Delete Doctor 2.3 - (...) [HKLM] -- Delete Doctor O42 - Logiciel: Dolby Advanced Audio v2 - (.Dolby Laboratories Inc.) [HKLM] -- {B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613} =>.Dolby Laboratories Inc O42 - Logiciel: Droid4X - (.Haiyu Dongxiang Co.,Ltd..) [HKLM] -- Droid4X O42 - Logiciel: Ela-Salaty - (.Ela-Salaty.) [HKLM] -- Ela-Salaty =>.Ela-Salaty O42 - Logiciel: Entity Framework Designer for Visual Studio 2012 - enu - (.Microsoft Corporation.) [HKLM] -- {0A1A1D48-DB23-443A-BC7B-49255D138020} =>.Microsoft Corporation O42 - Logiciel: ESET Smart Security - (.ESET, spol. s r.o..) [HKLM] -- {993949EA-4382-4C42-A8B0-16FB3D4F8CF8} =>.ESET, spol. s r.o. O42 - Logiciel: FileZilla Client 3.14.1 - (.Tim Kosse.) [HKLM] -- FileZilla Client =>.Tim Kosse O42 - Logiciel: FlyVPN - (.FlyVPN.) [HKLM] -- FlyVPN O42 - Logiciel: FormatFactory 3.0.1 - (.Free Time.) [HKLM] -- FormatFactory =>.Free Time O42 - Logiciel: GeekBuddy - (.Comodo Security Solutions Inc.) [HKLM] -- {88FA2B0F-1999-4AAC-A616-8DEA8307CDBC} O42 - Logiciel: GOM Player - (.Gretech Corporation.) [HKLM] -- GOM Player =>.Gretech Corporation O42 - Logiciel: Google Chrome - (.Google Inc‎.‎.) [HKLM] -- Google Chrome =>.Google Inc® O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc. O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>.Google Inc. O42 - Logiciel: GTA V - (.XB36Hazard.) [HKLM] -- GTA V O42 - Logiciel: Hex Workshop v6.8 - (.BreakPoint Software.) [HKLM] -- {A36AC685-4435-4C16-861F-221231DE165D} O42 - Logiciel: IIS 8.0 Express - (.Microsoft Corporation.) [HKLM] -- {B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC} =>.Microsoft Corporation O42 - Logiciel: IIS Express Application Compatibility Database for x86 - (...) [HKLM] -- {fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation® O42 - Logiciel: Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version - (.Intel Corporation.) [HKLM] -- {302600C1-6BDF-4FD1-1307-148929CC1385} =>.Intel Corporation O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager =>.Tonec Inc.® O42 - Logiciel: Java 8 Update 73 - (.Oracle Corporation.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83218073F0} =>.Oracle Corporation O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation O42 - Logiciel: KC Softwares PortExpert - (.KC Softwares.) [HKLM] -- KC Softwares PortExpert_is1 =>.KC Softwares® O42 - Logiciel: KeyScrambler - (.QFX Software Corporation.) [HKLM] -- KeyScrambler =>.QFX Software Corporation O42 - Logiciel: Lenovo EasyCamera - (.Realtek Semiconductor Corp..) [HKLM] -- {E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC} =>.Realtek Semiconductor Corp® O42 - Logiciel: Malwarebytes Anti-Exploit version 1.8.1.1189 - (.Malwarebytes.) [HKLM] -- Malwarebytes Anti-Exploit_is1 =>.Malwarebytes O42 - Logiciel: Malwarebytes Anti-Malware النسخة 2.2.0.1024 - (.Malwarebytes.) [HKLM] -- Malwarebytes Anti-Malware_is1 =>.Malwarebytes O42 - Logiciel: MEGAsync - (.Mega Limited.) [HKLM] -- MEGAsync =>.MEGA Limited O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation O42 - Logiciel: Microsoft Silverlight 4 SDK - (.Microsoft Corporation.) [HKLM] -- {189AEA94-DAFB-487A-8CEE-F9D3DDE0A748} =>.Microsoft Corporation O42 - Logiciel: Microsoft Silverlight 5 SDK - (.Microsoft Corporation.) [HKLM] -- {E1FBB3D4-ADB0-4949-B101-855DA061C735} =>.Microsoft Corporation O42 - Logiciel: Microsoft System CLR Types for SQL Server 2012 - (.Microsoft Corporation.) [HKLM] -- {070C38AC-05CE-43DF-9A20-141332F6AB2B} =>.Microsoft Corporation O42 - Logiciel: Microsoft Text-to-Speech Engine 4.0 (English) - (...) [HKLM] -- MSTTS O42 - Logiciel: Microsoft VM for Java - (...) [HKLM] -- MsJavaVM O42 - Logiciel: Microsoft Web Deploy 3.0 - (.Microsoft Corporation.) [HKLM] -- {E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A} =>.Microsoft Corporation O42 - Logiciel: Microsoft Web Deploy dbSqlPackage Provider - enu - (.Microsoft Corporation.) [HKLM] -- {E4C33F5B-1B2F-466E-957E-B274F08151A0} =>.Microsoft Corporation O42 - Logiciel: Microsoft Web Platform Installer 4.0 - (.Microsoft Corporation.) [HKLM] -- {1F4DF099-EA5C-482D-9901-C0A8B539B417} =>.Microsoft Corporation O42 - Logiciel: Microsoft Web Publishing Wizard 1.53 - (...) [HKLM] -- WebPost O42 - Logiciel: Mozilla Firefox 45.0.1 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 45.0.1 (x86 en-US) =>.Mozilla Corporation® O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService =>.Mozilla O42 - Logiciel: Node.js - (.Joyent, Inc. and other Node contributors.) [HKLM] -- {BA5AF894-392B-42F6-93DD-5FC7DD6972A9} =>.Joyent, Inc. and other Node contributors O42 - Logiciel: No-IP DUC - (.Vitalwerks Internet Solutions LLC.) [HKLM] -- NoIPDUC =>.Vitalwerks Internet Solutions LLC O42 - Logiciel: Nsauditor 3.0.6 - (.Nsasoft LLC..) [HKLM] -- Nsauditor_is1 O42 - Logiciel: Oracle VM VirtualBox 4.3.12_ZZZZ - (.Oracle Corporation.) [HKLM] -- {D90E08B8-E7BB-4D29-8249-8670D4CC24BD} =>.Oracle Corporation O42 - Logiciel: Photoshop CS5 ME trigun - (...) [HKLM] -- Photoshop CS5 ME trigun O42 - Logiciel: PowerISO - (.Power Software Ltd.) [HKLM] -- PowerISO =>.Power Software Ltd O42 - Logiciel: Prerequisites for SSDT - (.Microsoft Corporation.) [HKLM] -- {9169C939-ED01-446A-BD0C-29873BAF4E48} =>.Microsoft Corporation O42 - Logiciel: PrivateTunnel - (.OpenVPN Technologies.) [HKLM] -- PrivateTunnel =>.OpenVPN Technologies O42 - Logiciel: Process Hacker 2.38 (r343) - (.wj32.) [HKLM] -- Process_Hacker2_is1 =>.wj32 O42 - Logiciel: Pure Codec - (.Nick.) [HKLM] -- PureCodec O42 - Logiciel: Quran in Ms Word - (.Taufiq Product, Inc..) [HKLM] -- Quran in Ms Word_is1 O42 - Logiciel: Router Screen Capture - (.PcWinTech.com.) [HKLM] -- Router Screen Capture =>.PcWinTech.com O42 - Logiciel: SafeIP - (.SafeIP.) [HKLM] -- SAFEIP_is1 O42 - Logiciel: Sandboxie 5.10 (32-bit) - (.Sandboxie Holdings, LLC.) [HKLM] -- Sandboxie =>.Invincea, Inc.® O42 - Logiciel: SFX Compiler - (...) [HKLM] -- SFX Compiler O42 - Logiciel: Shadow Defender - (.ShadowDefender.com.) [HKLM] -- {93A07A0D-454E-43d1-86A9-5DE9C5F4411A} {6E47A70BFCE998BFCD7998A98DD821D2} O42 - Logiciel: SharePoint Client Components - (.Microsoft Corporation.) [HKLM] -- {95160001-1163-0409-0000-0000000FF1CE} =>.Microsoft Corporation O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM] -- {6D1221A9-17BF-4EC0-81F2-27D30EC30701} =>.Microsoft Corporation O42 - Logiciel: Skype™ 7.5 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7} =>.Skype Technologies S.A. O42 - Logiciel: SoftEther VPN Client - (.SoftEther VPN Project.) [HKLM] -- softether_sevpnclient {1121D141C3B78476420DAB37340E68978A6E} =>.SoftEther VPN Project O42 - Logiciel: Sothink Logo Maker Professional - (.SourceTec Software Co., LTD.) [HKLM] -- {574FFDC9-AB09-4C4A-B7BE-C6066502181A}_is1 O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726} =>.Adobe Systems, Inc O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey =>.Synaptics Incorporated O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM] -- TeamSpeak 3 Client =>.TeamSpeak Systems GmbH O42 - Logiciel: TeamViewer 11 - (.TeamViewer.) [HKLM] -- TeamViewer =>.TeamViewer® O42 - Logiciel: TiGeR FireWall - (.VB_SMITTEN SOFTWARE.) [HKLM] -- TiGeR FireWall2.0 O42 - Logiciel: tools-linux - (.VMware, Inc..) [HKLM] -- {D102611A-6466-4101-A51D-51069303AC65} =>.VMware, Inc. O42 - Logiciel: UltraISO Premium V9.65 - (...) [HKLM] -- UltraISO_is1 O42 - Logiciel: Unlocker 1.9.2 - (.Cedrick Collomb.) [HKLM] -- Unlocker =>.Cedrick Collomb O42 - Logiciel: Update for (KB2504637) - (.Microsoft Corporation.) [HKLM] -- {CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637 =>.Microsoft Corporation O42 - Logiciel: UpdateService - (.RealNetworks, Inc..) [HKLM] -- {E3AE96D6-E196-45B4-AF62-2B41998B9E37} =>.RealNetworks, Inc. O42 - Logiciel: VC80CRTRedist - 8.0.50727.4053 - (.DivX, Inc.) [HKLM] -- {5EE7D259-D137-4438-9A5F-42F432EC0421} =>.DivX, Inc O42 - Logiciel: Virtual Audio Cable 4.10 - (...) [HKLM] -- Virtual Audio Cable 4.10 =>.NTONYX Ltd.® O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM] -- VLC media player =>.VideoLAN O42 - Logiciel: VMware Player - (.VMware, Inc..) [HKLM] -- {E452E727-86B8-4233-8CC3-41FD817AFAFF} =>.VMware, Inc. O42 - Logiciel: VMware VIX - (.VMware, Inc..) [HKLM] -- {F99FC179-EA67-4BBC-8955-BDDA0CB94B88} =>.VMware, Inc. O42 - Logiciel: WCF RIA Services V1.0 SP2 - (.Microsoft Corporation.) [HKLM] -- {3A523AF9-D32F-4C85-8388-0335731F3405} =>.Microsoft Corporation O42 - Logiciel: WhySoSlow 0.96 - (.Resplendence Software Projects Sp..) [HKLM] -- WhySoSlowPro_is1 =>.Resplendence Software Projects Sp. O42 - Logiciel: Windows App Certification Kit Native Components - (.Microsoft Corporation.) [HKLM] -- {AD17194D-3829-E59E-99A4-EC47097722CA} =>.Microsoft Corporation O42 - Logiciel: Windows Phone 8.1 SDK - Desktop - (.Microsoft Corporation.) [HKLM] -- {AEBB5873-1DF6-4190-98D8-D9FC5144EB3B} =>.Microsoft Corporation O42 - Logiciel: WinPcap 4.1.2 - (.CACE Technologies.) [HKLM] -- WinPcapInst =>.CACE Technologies O42 - Logiciel: WinRAR 5.30 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver =>.win.rar GmbH® O42 - Logiciel: WinSCP 5.7.3 - (.Martin Prikryl.) [HKLM] -- winscp3_is1 =>.Martin Prikryl® O42 - Logiciel: YTD Video Downloader 5.1.1 - (.GreenTree Applications SRL.) [HKLM] -- {1a413f37-ed88-4fec-9666-5c48dc4b7bb7} =>.Superfluous.GreenTreeApp O42 - Logiciel: ZIPmagic - (.Simon King.) [HKLM] -- {7DAE9224-819D-4E66-9C97-35B7E73AFD49} O42 - Logiciel: الوافي الذهبي - (...) [HKLM] -- الوافي الذهبي_is1 ---\\ HKCU & HKLM Software Keys (211) - 50s HKLM\SOFTWARE\3dtv.at HKLM\SOFTWARE\Adobe HKLM\SOFTWARE\Alps HKLM\SOFTWARE\AppDataLow HKLM\SOFTWARE\Apple Inc. HKLM\SOFTWARE\ATI Technologies HKLM\SOFTWARE\AviSynth HKLM\SOFTWARE\Babylon =>PUP.Optional.Babylon HKLM\SOFTWARE\Baidu HKLM\SOFTWARE\BlueStacks HKLM\SOFTWARE\BlueStacksGameManager HKLM\SOFTWARE\BreakPoint HKLM\SOFTWARE\Caphyon HKLM\SOFTWARE\CDDB HKLM\SOFTWARE\Chromium HKLM\SOFTWARE\Chromodo HKLM\SOFTWARE\Cnxt_Uiu_Parms HKLM\SOFTWARE\COMODO HKLM\SOFTWARE\ComodoGroup HKLM\SOFTWARE\Conexant HKLM\SOFTWARE\CoreCodec HKLM\SOFTWARE\CyberLink HKLM\SOFTWARE\Cypress Keyboard Filter Driver HKLM\SOFTWARE\DivX HKLM\SOFTWARE\DivXNetworks HKLM\SOFTWARE\Dolby HKLM\SOFTWARE\EasyBoot Systems HKLM\SOFTWARE\ESET HKLM\SOFTWARE\Faronics HKLM\SOFTWARE\FileZilla 3 HKLM\SOFTWARE\FileZilla Client HKLM\SOFTWARE\GeekBuddyRSP HKLM\SOFTWARE\GNU HKLM\SOFTWARE\Golden Al-Wafi Translator HKLM\SOFTWARE\Google HKLM\SOFTWARE\GRETECH HKLM\SOFTWARE\HaaliMkx HKLM\SOFTWARE\IM Providers HKLM\SOFTWARE\InstalledOptions HKLM\SOFTWARE\Intel HKLM\SOFTWARE\Internet Download Manager HKLM\SOFTWARE\InterVideo HKLM\SOFTWARE\JavaSoft HKLM\SOFTWARE\JreMetrics HKLM\SOFTWARE\KCB HKLM\SOFTWARE\Khronos HKLM\SOFTWARE\Lake HKLM\SOFTWARE\Lenovo HKLM\SOFTWARE\Licenses HKLM\SOFTWARE\Macromedia HKLM\SOFTWARE\Malwarebytes Anti-Exploit HKLM\SOFTWARE\Malwarebytes' Anti-Malware HKLM\SOFTWARE\Martin Prikryl HKLM\SOFTWARE\MimarSinan HKLM\SOFTWARE\Mozilla HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\MozillaPlugins HKLM\SOFTWARE\Node.js HKLM\SOFTWARE\NuGet HKLM\SOFTWARE\ODBC HKLM\SOFTWARE\On2 Technologies HKLM\SOFTWARE\Oracle HKLM\SOFTWARE\Patch My PC HKLM\SOFTWARE\PIP =>Toolbar.Ask HKLM\SOFTWARE\Piriform HKLM\SOFTWARE\PowerISO HKLM\SOFTWARE\PrivateTunnel HKLM\SOFTWARE\PureCodec HKLM\SOFTWARE\QFX Software HKLM\SOFTWARE\RealNetworks HKLM\SOFTWARE\Red Gate HKLM\SOFTWARE\RegisteredApplications HKLM\SOFTWARE\S3R521 HKLM\SOFTWARE\Shadow Defender HKLM\SOFTWARE\Skype HKLM\SOFTWARE\Soeperman Enterprises Ltd. HKLM\SOFTWARE\SoftEther Project HKLM\SOFTWARE\Software HKLM\SOFTWARE\Sonic HKLM\SOFTWARE\SourceCodeControlProvider HKLM\SOFTWARE\SourceTec HKLM\SOFTWARE\Synaptics HKLM\SOFTWARE\TeamSpeak 3 Client HKLM\SOFTWARE\TeamViewer HKLM\SOFTWARE\ThinPrint HKLM\SOFTWARE\Toshiba HKLM\SOFTWARE\TrendMicro HKLM\SOFTWARE\TVInstallTemp HKLM\SOFTWARE\UIU HKLM\SOFTWARE\VideoLAN HKLM\SOFTWARE\Vitalwerks HKLM\SOFTWARE\VMware, Inc. HKLM\SOFTWARE\Voice HKLM\SOFTWARE\Volatile HKLM\SOFTWARE\WinPcap HKLM\SOFTWARE\WinRAR HKLM\SOFTWARE\Wow6432Node HKLM\SOFTWARE\Xing Technology Corp. HKCU\SOFTWARE\0932343ebc836c39c857a65dc20ea0fb =>PUP.Optional.CrossRider HKCU\SOFTWARE\13b744fe92a3e5c630f8f3abb1fe36d1 =>PUP.Optional.CrossRider HKCU\SOFTWARE\23556fb1360f366337f97c924e76ead3 =>PUP.Optional.CrossRider HKCU\SOFTWARE\6e4916d81978de39ad3dbae2a458fe60 =>PUP.Optional.CrossRider HKCU\SOFTWARE\7-ZIP HKCU\SOFTWARE\984559f52d4087243e95e5ad9bb48e8d =>PUP.Optional.CrossRider HKCU\SOFTWARE\???????????????????????????????????????????????????"????????? HKCU\SOFTWARE\AC3Filter HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\Andy HKCU\SOFTWARE\APN PIP =>.Superfluous.Conduit HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\ARAR HKCU\SOFTWARE\ASPack HKCU\SOFTWARE\AVAST Software HKCU\SOFTWARE\Baidu HKCU\SOFTWARE\BasicScript Program Settings HKCU\SOFTWARE\BeeThink HKCU\SOFTWARE\BitTorrent HKCU\SOFTWARE\BreakPoint HKCU\SOFTWARE\BreakPoint License Manager HKCU\SOFTWARE\c1fbcceda94af384384c8ff38770d448 =>PUP.Optional.CrossRider HKCU\SOFTWARE\c25b8192b99348e89785aab790446370 =>PUP.Optional.CrossRider HKCU\SOFTWARE\Chromium HKCU\SOFTWARE\CodeWall HKCU\SOFTWARE\ComodoGroup HKCU\SOFTWARE\Conexant HKCU\SOFTWARE\CoreCodec HKCU\SOFTWARE\d761084bef63be7e031d4cb42cbf81e5 =>PUP.Optional.CrossRider HKCU\SOFTWARE\DAUM HKCU\SOFTWARE\DivX HKCU\SOFTWARE\Dolby HKCU\SOFTWARE\DownloadManager HKCU\SOFTWARE\drpsu HKCU\SOFTWARE\DScaler5 HKCU\SOFTWARE\EasyBoot Systems HKCU\SOFTWARE\Ela-Salaty HKCU\SOFTWARE\Elecard HKCU\SOFTWARE\Enterprise DDNS Client HKCU\SOFTWARE\ESET HKCU\SOFTWARE\FlyVPN HKCU\SOFTWARE\FreeTime HKCU\SOFTWARE\FrenchModdingTeam HKCU\SOFTWARE\Gabest HKCU\SOFTWARE\GNU HKCU\SOFTWARE\Google HKCU\SOFTWARE\GreenTree Applications =>.Superfluous.GreenTreeApp HKCU\SOFTWARE\GRETECH HKCU\SOFTWARE\Haali HKCU\SOFTWARE\Hallaj PRO Rat [Fixed] HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\Intel HKCU\SOFTWARE\InterVideo HKCU\SOFTWARE\JavaSoft HKCU\SOFTWARE\KC Softwares HKCU\SOFTWARE\KMPlayer HKCU\SOFTWARE\Licenses HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\MainConcept HKCU\SOFTWARE\Martin Prikryl HKCU\SOFTWARE\MassTube HKCU\SOFTWARE\MimarSinan HKCU\SOFTWARE\Moonlight Cordless HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\njRAT v0.6.4 HKCU\SOFTWARE\njRAT v0.7d HKCU\SOFTWARE\Node.js HKCU\SOFTWARE\Nsauditor HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\PEiD HKCU\SOFTWARE\PIP =>Toolbar.Ask HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\PowerISO HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore HKCU\SOFTWARE\PureCodec HKCU\SOFTWARE\QFX Software HKCU\SOFTWARE\QtProject HKCU\SOFTWARE\RealNetworks HKCU\SOFTWARE\Red Gate HKCU\SOFTWARE\Red Gate Software Ltd. HKCU\SOFTWARE\Resplendence Sp HKCU\SOFTWARE\SafeIP HKCU\SOFTWARE\Server HKCU\SOFTWARE\SimonTatham HKCU\SOFTWARE\Skype HKCU\SOFTWARE\SoftEther Project HKCU\SOFTWARE\SourceForge HKCU\SOFTWARE\SourceTec HKCU\SOFTWARE\StarForce HKCU\SOFTWARE\Synaptics HKCU\SOFTWARE\Sysinternals HKCU\SOFTWARE\TeamViewer HKCU\SOFTWARE\Thingummy Software HKCU\SOFTWARE\Tomabo HKCU\SOFTWARE\Trolltech HKCU\SOFTWARE\University of Tsukuba HKCU\SOFTWARE\VB and VBA Program Settings HKCU\SOFTWARE\Vitalwerks HKCU\SOFTWARE\VMware, Inc. HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\Wow6432Node HKCU\SOFTWARE\XtremeRAT HKCU\SOFTWARE\XtremeRAT-DISCLAIMER HKCU\SOFTWARE\yahoo =>.Yahoo! HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\AppDataLow\Software HKCU\SOFTWARE\AppDataLow\Software\Adobe HKCU\SOFTWARE\AppDataLow\Software\JavaSoft HKCU\SOFTWARE\AppDataLow\Software\Macromedia HKCU\SOFTWARE\AppDataLow\Software\ThinPrint ---\\ Contents of the Common Files folders (327) - 114s O43 - CFD: 24/12/2015 - [] D -- C:\Program Files\Adobe =>.Adobe Systems Incorporated® O43 - CFD: 27/03/2016 - [] D -- C:\Program Files\Andy O43 - CFD: 21/02/2016 - [] D -- C:\Program Files\AndyOfflineInstaller46.2 =>.Andy OS Inc® O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Apoint2K =>.Alps Electric Co., LTD.® O43 - CFD: 30/05/2015 - [] D -- C:\Program Files\Application Verifier O43 - CFD: 02/06/2015 - [] D -- C:\Program Files\ARAR O43 - CFD: 22/03/2016 - [] D -- C:\Program Files\Armor2net O43 - CFD: 16/03/2016 - [] D -- C:\Program Files\ASPack {392A5D521042412648E0C8FCB1858110} O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\AviSynth 2.5 O43 - CFD: 26/03/2016 - [] D -- C:\Program Files\baidu =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O43 - CFD: 24/12/2015 - [] D -- C:\Program Files\BeeThink IP_Blocker_2.0 O43 - CFD: 27/03/2016 - [] D -- C:\Program Files\BlueStacks O43 - CFD: 11/03/2016 - [] D -- C:\Program Files\BreakPoint Software {0AC3CF34686D1BFF5FC6519BD737B0C5} O43 - CFD: 30/12/2015 - [] D -- C:\Program Files\Bruteforce Save Data O43 - CFD: 26/03/2016 - [] D -- C:\Program Files\CCleaner =>.Piriform Ltd® O43 - CFD: 06/06/2015 - [] D -- C:\Program Files\CodeWall 4 O43 - CFD: 28/03/2016 - [] D -- C:\Program Files\Common Files O43 - CFD: 21/03/2016 - [] D -- C:\Program Files\Comodo =>.Comodo Security Solutions® O43 - CFD: 15/10/2015 - [] D -- C:\Program Files\ComPlus Applications O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\CONEXANT =>.Conexant Systems, Inc.® O43 - CFD: 15/10/2015 - [] D -- C:\Program Files\CyberGhost 5 =>.CyberGhost S.R.L.® O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Cypress O43 - CFD: 19/11/2015 - [] D -- C:\Program Files\Delete Doctor O43 - CFD: 09/10/2009 - [] D -- C:\Program Files\DIC32 O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Dolby Advanced Audio v2 =>.Dolby Laboratories, Inc.® O43 - CFD: 27/03/2016 - [] D -- C:\Program Files\Droid4X O43 - CFD: 20/02/2016 - [] D -- C:\Program Files\Droid4Xext O43 - CFD: 16/03/2016 - [] D -- C:\Program Files\DVD Maker O43 - CFD: 14/11/2015 - [] D -- C:\Program Files\Ela-Salaty O43 - CFD: 09/01/2016 - [0] D -- C:\Program Files\Enterprise DDNS Client O43 - CFD: 23/12/2015 - [] D -- C:\Program Files\ESET =>.ESET, spol. s r.o.® O43 - CFD: 06/06/2015 - [] D -- C:\Program Files\Faronics O43 - CFD: 23/12/2015 - [] D -- C:\Program Files\FileZilla FTP Client =>.Open Source Developer, Tim Kosse® O43 - CFD: 18/03/2016 - [] D -- C:\Program Files\FlyVPN {1121B7225F596FBEADC5B4D07694003A0917} O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\FreeTime O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Golden Al-Wafi Translator O43 - CFD: 11/03/2016 - [] D -- C:\Program Files\Google =>.Google Inc® O43 - CFD: 18/02/2016 - [] D -- C:\Program Files\GreenTree Applications =>.Superfluous.GreenTreeApp O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\GRETECH {11D67F2AF7440EBA275E7E62F6B634FF} O43 - CFD: 27/03/2016 - [] D -- C:\Program Files\GTA V O43 - CFD: 25/05/2015 - [] D -- C:\Program Files\IIS =>.Microsoft Corporation® O43 - CFD: 19/03/2016 - [] D -- C:\Program Files\IIS Express =>.Microsoft Corporation® O43 - CFD: 09/01/2016 - [] D -- C:\Program Files\ImageBadger O43 - CFD: 23/03/2016 - [] HD -- C:\Program Files\InstallShield Installation Information O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Intel =>.Intel Corporation® O43 - CFD: 30/12/2015 - [] D -- C:\Program Files\Internet Download Manager O43 - CFD: 16/03/2016 - [] D -- C:\Program Files\Internet Explorer O43 - CFD: 20/03/2016 - [] D -- C:\Program Files\Java =>.Oracle America, Inc.® O43 - CFD: 11/03/2016 - [] D -- C:\Program Files\KC Softwares =>.KC Softwares® O43 - CFD: 21/06/2015 - [] D -- C:\Program Files\KeyScrambler =>.QFX Software Corporation® O43 - CFD: 04/02/2016 - [] D -- C:\Program Files\Malwarebytes Anti-Exploit =>.Malwarebytes Corporation® O43 - CFD: 31/12/2015 - [] D -- C:\Program Files\Malwarebytes Anti-Malware =>.Malwarebytes Corporation® O43 - CFD: 25/05/2015 - [] D -- C:\Program Files\Microsoft =>.Microsoft Corporation® O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Microsoft Analysis Services O43 - CFD: 16/03/2016 - [] D -- C:\Program Files\Microsoft ASP.NET =>.Microsoft Corporation® O43 - CFD: 19/03/2016 - [] D -- C:\Program Files\Microsoft Help Viewer =>.Microsoft Corporation® O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft Corporation® O43 - CFD: 28/03/2016 - [] D -- C:\Program Files\Microsoft SDKs =>.Microsoft Corporation® O43 - CFD: 25/12/2015 - [] D -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation® O43 - CFD: 30/05/2015 - [] D -- C:\Program Files\Microsoft SQL Server =>.Microsoft Corporation® O43 - CFD: 30/05/2015 - [] D -- C:\Program Files\Microsoft SQL Server Compact Edition O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Microsoft Sync Framework O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Microsoft Synchronization Services O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Microsoft Visual Studio O43 - CFD: 16/03/2016 - [] D -- C:\Program Files\Microsoft Visual Studio 11.0 =>.Microsoft Corporation® O43 - CFD: 28/03/2016 - [] D -- C:\Program Files\Microsoft Visual Studio 12.0 O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Microsoft Visual Studio 8 O43 - CFD: 28/03/2016 - [] D -- C:\Program Files\Microsoft XDE =>.Microsoft Corporation® O43 - CFD: 19/03/2016 - [] D -- C:\Program Files\Microsoft.NET O43 - CFD: 24/03/2016 - [] D -- C:\Program Files\Mozilla Firefox =>.Mozilla Corporation® O43 - CFD: 24/03/2016 - [] D -- C:\Program Files\Mozilla Maintenance Service =>.Mozilla Corporation® O43 - CFD: 28/03/2016 - [] D -- C:\Program Files\MSBuild O43 - CFD: 27/03/2016 - [] D -- C:\Program Files\No-IP O43 - CFD: 31/05/2015 - [] D -- C:\Program Files\nodejs =>.Joyent, Inc® O43 - CFD: 23/12/2015 - [] D -- C:\Program Files\Nsauditor {14966A76CD72EED75C01DC5BDA611603} O43 - CFD: 18/03/2016 - [] D -- C:\Program Files\OpenVPN Technologies {0EBD24BDFBD4ADDDD2EDD27E8FB1953C} O43 - CFD: 20/02/2016 - [] D -- C:\Program Files\Oracle =>.Oracle Corporation® O43 - CFD: 25/05/2015 - [] D -- C:\Program Files\PowerISO =>.Power Software Limited® O43 - CFD: 15/03/2016 - [] D -- C:\Program Files\Process Hacker 2 {0FF1EF66BD621C65B74B4DE41425717F} O43 - CFD: 31/12/2015 - [] D -- C:\Program Files\program files O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Quranzu1 O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Quran_in_Word O43 - CFD: 23/03/2016 - [] D -- C:\Program Files\Real O43 - CFD: 06/11/2015 - [] D -- C:\Program Files\Red Gate =>.Red Gate Software Ltd® O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Reference Assemblies O43 - CFD: 18/03/2016 - [] D -- C:\Program Files\SafeIP {00C8E0D1DBDC50BA107C8AF5E7CCE3D25D} O43 - CFD: 23/03/2016 - [0] D -- C:\Program Files\Samsung O43 - CFD: 11/03/2016 - [] D -- C:\Program Files\Sandboxie =>.Invincea, Inc.® O43 - CFD: 13/03/2016 - [] D -- C:\Program Files\SecurityXploded O43 - CFD: 26/05/2015 - [] D -- C:\Program Files\SFX Compiler O43 - CFD: 11/06/2015 - [] D -- C:\Program Files\Shadow Defender {6E47A70BFCE998BFCD7998A98DD821D2} O43 - CFD: 19/03/2016 - [] D -- C:\Program Files\SharePoint Client Components O43 - CFD: 02/06/2015 - [] D -- C:\Program Files\Simon King O43 - CFD: 18/02/2016 - [] RD -- C:\Program Files\Skype =>.Skype Software Sarl® O43 - CFD: 24/03/2016 - [] D -- C:\Program Files\SoftEther VPN Client {1121D141C3B78476420DAB37340E68978A6E} O43 - CFD: 18/12/2015 - [] D -- C:\Program Files\SourceTec {2B82ABA86D863021CD8B799A9D366BE1} O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Synaptics =>.Synaptics Incorporated® O43 - CFD: 15/10/2015 - [] D -- C:\Program Files\TAP-Windows O43 - CFD: 09/03/2016 - [] D -- C:\Program Files\TeamSpeak 3 Client =>.TeamSpeak Systems GmbH® O43 - CFD: 25/03/2016 - [] D -- C:\Program Files\TeamViewer =>.TeamViewer® O43 - CFD: 15/03/2016 - [] D -- C:\Program Files\TiGeR FireWall O43 - CFD: 15/10/2015 - [] D -- C:\Program Files\Tomabo O43 - CFD: 22/03/2016 - [] D -- C:\Program Files\UltraISO =>.SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.® O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files\Uninstall Information O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Unlocker O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\uPrism O43 - CFD: 15/10/2015 - [] D -- C:\Program Files\VB Decompiler Lite O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\VideoLAN O43 - CFD: 26/05/2015 - [] D -- C:\Program Files\Virtual Audio Cable =>.NTONYX Ltd.® O43 - CFD: 21/02/2016 - [] D -- C:\Program Files\VMware =>.VMware, Inc.® O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Web Publish O43 - CFD: 22/03/2016 - [] D -- C:\Program Files\WhySoSlow O43 - CFD: 17/03/2016 - [] D -- C:\Program Files\Windows Defender O43 - CFD: 17/03/2016 - [] D -- C:\Program Files\Windows Journal O43 - CFD: 19/03/2016 - [] D -- C:\Program Files\Windows Kits O43 - CFD: 16/03/2016 - [] D -- C:\Program Files\Windows Mail O43 - CFD: 17/03/2016 - [] D -- C:\Program Files\Windows Media Player O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows NT O43 - CFD: 19/03/2016 - [] D -- C:\Program Files\Windows Phone Kits O43 - CFD: 16/03/2016 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation® O43 - CFD: 16/03/2016 - [] D -- C:\Program Files\Windows Portable Devices O43 - CFD: 04/06/2015 - [] D -- C:\Program Files\Windows Sidebar O43 - CFD: 01/06/2015 - [] D -- C:\Program Files\WinPcap =>.CACE Technologies, Inc.® O43 - CFD: 25/12/2015 - [] D -- C:\Program Files\WinRAR =>.win.rar GmbH® O43 - CFD: 04/06/2015 - [] D -- C:\Program Files\WinSCP =>.Martin Prikryl® O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\WMZHE O43 - CFD: 14/03/2016 - [] D -- C:\Program Files\YaTQA O43 - CFD: 21/05/2010 - [] D -- C:\Program Files\مصحف مشاري O43 - CFD: 15/10/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 13/12/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair O43 - CFD: 21/02/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy O43 - CFD: 16/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASPack O43 - CFD: 26/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser O43 - CFD: 24/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BeeThink IP Blocker 2.0 O43 - CFD: 24/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bruteforce Save Data O43 - CFD: 23/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeWall O43 - CFD: 22/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby O43 - CFD: 20/02/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Droid4X O43 - CFD: 23/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET O43 - CFD: 23/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client O43 - CFD: 23/03/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Al-Wafi Translator O43 - CFD: 24/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player O43 - CFD: 11/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6.8 O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 20/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java O43 - CFD: 11/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler O43 - CFD: 15/10/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 04/02/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit O43 - CFD: 31/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware O43 - CFD: 14/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O43 - CFD: 24/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 6.0 O43 - CFD: 23/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nsauditor O43 - CFD: 18/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Technologies O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO O43 - CFD: 15/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2 O43 - CFD: 06/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Gate O43 - CFD: 18/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeIP O43 - CFD: 11/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFX Compiler O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Defender O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 19/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client O43 - CFD: 18/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec O43 - CFD: 27/03/2016 - [0] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 14/07/2009 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 09/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client O43 - CFD: 22/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Decompiler Lite O43 - CFD: 24/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable O43 - CFD: 21/02/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware O43 - CFD: 22/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhySoSlow O43 - CFD: 28/03/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1 O43 - CFD: 24/12/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WMZHE O43 - CFD: 18/02/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader =>PUP.Optional.PDFtoWordConverter O43 - CFD: 26/03/2016 - [] D -- C:\ProgramData\Adobe O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data O43 - CFD: 25/12/2015 - [] D -- C:\ProgramData\AVAST Software O43 - CFD: 23/05/2015 - [0] D -- C:\ProgramData\Babylon =>PUP.Optional.Babylon O43 - CFD: 26/03/2016 - [] D -- C:\ProgramData\Baidu O43 - CFD: 21/02/2016 - [] D -- C:\ProgramData\BlueStacks O43 - CFD: 21/02/2016 - [] D -- C:\ProgramData\BlueStacksGameManager O43 - CFD: 27/03/2016 - [0] D -- C:\ProgramData\BlueStacksSetup O43 - CFD: 21/03/2016 - [] D -- C:\ProgramData\Comodo O43 - CFD: 27/03/2016 - [0] D -- C:\ProgramData\Comodo Downloader O43 - CFD: 24/05/2015 - [] D -- C:\ProgramData\Conexant O43 - CFD: 05/01/2016 - [0] D -- C:\ProgramData\dbg O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents O43 - CFD: 06/11/2015 - [] D -- C:\ProgramData\Downloaded Installations O43 - CFD: 23/12/2015 - [] D -- C:\ProgramData\ESET O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites O43 - CFD: 18/03/2016 - [] D -- C:\ProgramData\FlyVPN O43 - CFD: 25/12/2015 - [] D -- C:\ProgramData\GRETECH O43 - CFD: 23/05/2015 - [0] D -- C:\ProgramData\IDM O43 - CFD: 06/06/2015 - [] D -- C:\ProgramData\IsolatedStorage O43 - CFD: 31/12/2015 - [] D -- C:\ProgramData\Malwarebytes O43 - CFD: 23/03/2016 - [] D -- C:\ProgramData\Malwarebytes Anti-Exploit O43 - CFD: 28/03/2016 - [] SD -- C:\ProgramData\Microsoft O43 - CFD: 14/11/2015 - [] D -- C:\ProgramData\Microsoft Help O43 - CFD: 20/03/2016 - [] D -- C:\ProgramData\Microsoft Visual Studio O43 - CFD: 23/05/2015 - [] D -- C:\ProgramData\Mozilla O43 - CFD: 23/05/2015 - [] D -- C:\ProgramData\Oracle O43 - CFD: 28/03/2016 - [] D -- C:\ProgramData\Package Cache O43 - CFD: 15/10/2015 - [] D -- C:\ProgramData\QFX Software O43 - CFD: 23/03/2016 - [] D -- C:\ProgramData\Real O43 - CFD: 25/05/2015 - [] D -- C:\ProgramData\regid.1986-12.com.adobe O43 - CFD: 28/03/2016 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 02/06/2015 - [] D -- C:\ProgramData\regid.2014-06.co.zipmagic,simonking O43 - CFD: 21/03/2016 - [0] D -- C:\ProgramData\Shared Space O43 - CFD: 02/06/2015 - [] D -- C:\ProgramData\Simon King O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Skype O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu O43 - CFD: 23/05/2015 - [] D -- C:\ProgramData\Sun O43 - CFD: 05/01/2016 - [] D -- C:\ProgramData\Synaptics O43 - CFD: 09/01/2016 - [0] AD -- C:\ProgramData\TEMP O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates O43 - CFD: 20/02/2016 - [] D -- C:\ProgramData\Thunder Network O43 - CFD: 17/03/2016 - [] D -- C:\ProgramData\Vitalwerks O43 - CFD: 25/03/2016 - [] D -- C:\ProgramData\VMware O43 - CFD: 18/02/2016 - [] D -- C:\ProgramData\YTD Video Downloader =>PUP.Optional.PDFtoWordConverter O43 - CFD: 23/05/2015 - [] D -- C:\ProgramData\Zbshareware Lab O43 - CFD: 23/05/2015 - [0] SHD -- C:\ProgramData\سطح المكتب O43 - CFD: 23/05/2015 - [0] SHD -- C:\ProgramData\قائمة ابدأ O43 - CFD: 24/12/2015 - [] D -- C:\Program Files\Common Files\Adobe O43 - CFD: 07/10/2015 - [] D -- C:\Program Files\Common Files\AV O43 - CFD: 22/03/2016 - [] D -- C:\Program Files\Common Files\COMODO O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Common Files\designer O43 - CFD: 22/03/2016 - [] D -- C:\Program Files\Common Files\EZB Systems O43 - CFD: 23/03/2016 - [] D -- C:\Program Files\Common Files\InstallShield O43 - CFD: 23/05/2015 - [] D -- C:\Program Files\Common Files\Intel O43 - CFD: 20/03/2016 - [] D -- C:\Program Files\Common Files\Java O43 - CFD: 28/03/2016 - [] D -- C:\Program Files\Common Files\microsoft shared O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Common Files\Services O43 - CFD: 15/10/2015 - [] D -- C:\Program Files\Common Files\Skype O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 17/03/2016 - [] D -- C:\Program Files\Common Files\System O43 - CFD: 21/02/2016 - [] D -- C:\Program Files\Common Files\VMware O43 - CFD: 22/03/2016 - [] D -- C:\Program Files\Common Files\Wise Installation Wizard O43 - CFD: 26/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Adobe O43 - CFD: 15/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Andy O43 - CFD: 26/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Baidu O43 - CFD: 27/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\DMCache O43 - CFD: 19/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\ESET O43 - CFD: 11/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\FileZilla O43 - CFD: 14/01/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\GRETECH O43 - CFD: 20/02/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\HaiYuInst O43 - CFD: 27/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\IDM O43 - CFD: 11/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\KC Softwares O43 - CFD: 20/01/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Macromedia O43 - CFD: 13/12/2015 - [] SD -- C:\Users\ابداع\AppData\Roaming\Microsoft O43 - CFD: 13/01/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Mozilla O43 - CFD: 20/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\NuGet O43 - CFD: 15/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\PowerISO O43 - CFD: 13/01/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Process Hacker 2 O43 - CFD: 23/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Real O43 - CFD: 23/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Samsung O43 - CFD: 18/02/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Shadow Defender O43 - CFD: 28/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Skype O43 - CFD: 13/01/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\SourceTec O43 - CFD: 20/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Sun O43 - CFD: 11/03/2016 - [0] D -- C:\Users\ابداع\AppData\Roaming\TeamViewer O43 - CFD: 27/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\TS3Client O43 - CFD: 21/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\uTorrent O43 - CFD: 18/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\vlc O43 - CFD: 25/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\VMware O43 - CFD: 13/01/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\WinRAR O43 - CFD: 14/03/2016 - [0] D -- C:\Users\ابداع\AppData\Roaming\YaTQA O43 - CFD: 28/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\ZHP O43 - CFD: 25/12/2015 - [] D -- C:\Users\ابداع\AppData\Local\Adobe O43 - CFD: 21/02/2016 - [] D -- C:\Users\ابداع\AppData\Local\Bluestacks O43 - CFD: 25/12/2015 - [] D -- C:\Users\ابداع\AppData\Local\CEF O43 - CFD: 25/05/2015 - [] D -- C:\Users\ابداع\AppData\Local\Chromium O43 - CFD: 21/03/2016 - [] D -- C:\Users\ابداع\AppData\Local\Comodo O43 - CFD: 27/03/2016 - [] D -- C:\Users\ابداع\AppData\Local\CrashDumps O43 - CFD: 26/06/2015 - [] D -- C:\Users\ابداع\AppData\Local\CyberGhost O43 - CFD: 09/01/2016 - [] D -- C:\Users\ابداع\AppData\Local\Diagnostics O43 - CFD: 21/02/2016 - [] D -- C:\Users\ابداع\AppData\Local\Droid4X O43 - CFD: 23/12/2015 - [] D -- C:\Users\ابداع\AppData\Local\ESET O43 - CFD: 24/12/2015 - [] D -- C:\Users\ابداع\AppData\Local\Google O43 - CFD: 18/03/2016 - [] D -- C:\Users\ابداع\AppData\Local\GVSE O43 - CFD: 05/06/2015 - [] D -- C:\Users\ابداع\AppData\Local\IsolatedStorage O43 - CFD: 24/12/2015 - [] D -- C:\Users\ابداع\AppData\Local\Macromedia O43 - CFD: 31/12/2015 - [] D -- C:\Users\ابداع\AppData\Local\Mega Limited O43 - CFD: 31/12/2015 - [] D -- C:\Users\ابداع\AppData\Local\MEGAsync O43 - CFD: 30/12/2015 - [] D -- C:\Users\ابداع\AppData\Local\Microsoft O43 - CFD: 04/10/2015 - [] D -- C:\Users\ابداع\AppData\Local\Microsoft Games O43 - CFD: 23/05/2015 - [0] D -- C:\Users\ابداع\AppData\Local\Microsoft Help O43 - CFD: 26/03/2016 - [] D -- C:\Users\ابداع\AppData\Local\MiniService O43 - CFD: 24/05/2015 - [] D -- C:\Users\ابداع\AppData\Local\Mozilla O43 - CFD: 18/03/2016 - [] D -- C:\Users\ابداع\AppData\Local\PrivateTunnel O43 - CFD: 20/11/2015 - [] D -- C:\Users\ابداع\AppData\Local\Programs O43 - CFD: 06/11/2015 - [] D -- C:\Users\ابداع\AppData\Local\Red Gate O43 - CFD: 24/05/2015 - [] D -- C:\Users\ابداع\AppData\Local\Skype O43 - CFD: 28/03/2016 - [] D -- C:\Users\ابداع\AppData\Local\Temp O43 - CFD: 13/01/2016 - [] D -- C:\Users\ابداع\AppData\Local\VirtualStore O43 - CFD: 17/03/2016 - [] D -- C:\Users\ابداع\AppData\Local\Vitalwerks O43 - CFD: 25/03/2016 - [] D -- C:\Users\ابداع\AppData\Local\VMware O43 - CFD: 14/07/2009 - [] RD -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 17/03/2016 - [] RD -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 21/02/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy O43 - CFD: 27/12/2015 - [0] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bruteforce Save Data O43 - CFD: 15/10/2015 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delete Doctor O43 - CFD: 18/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyVPN O43 - CFD: 23/05/2015 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory O43 - CFD: 23/05/2015 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 14/07/2009 - [] RD -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 31/12/2015 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync O43 - CFD: 23/05/2015 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing O43 - CFD: 27/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC O43 - CFD: 31/05/2015 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js O43 - CFD: 17/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Router Screen Capture O43 - CFD: 26/05/2015 - [0] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SFX Compiler O43 - CFD: 27/03/2016 - [] RD -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 15/03/2016 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TiGeR FireWall O43 - CFD: 23/05/2015 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker O43 - CFD: 24/12/2015 - [] D -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ---\\ ShellIconOverlayIdentifiers (SIOI) (12) - 1s O106 - SIOI: ###MegaShellExtPending [###MegaShellExtPending] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C}. (...) -- C:\Users\ابداع\AppData\Local\MEGAsync\ShellExtX32.dll O106 - SIOI: ###MegaShellExtSynced [###MegaShellExtSynced] - {05B38830-F4E9-4329-978B-1DD28605D202}. (...) -- C:\Users\ابداع\AppData\Local\MEGAsync\ShellExtX32.dll O106 - SIOI: ###MegaShellExtSyncing [###MegaShellExtSyncing] - {0596C850-7BDD-4C9D-AFDF-873BE6890637}. (...) -- C:\Users\ابداع\AppData\Local\MEGAsync\ShellExtX32.dll O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - مكتبة DLL الخاصة بملحق Shell للتخزين المحسّ.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation O106 - SIOI: Groove Explorer Icon Overlay 1 (GFS Unread Stub) [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation® O106 - SIOI: Groove Explorer Icon Overlay 2 (GFS Stub) [Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation® O106 - SIOI: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation® O106 - SIOI: Groove Explorer Icon Overlay 3 (GFS Folder) [Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation® O106 - SIOI: Groove Explorer Icon Overlay 4 (GFS Unread Mark) [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}. (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation® O106 - SIOI: IDM Shell Extension [IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D}. (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\Internet Download Manager\IDMShellExt.dll =>.Tonec Inc.® O106 - SIOI: [Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81}. (.Microsoft Corporation - واجهة مستخدم ذاكرة التخزين المؤقت من جانب ا.) -- C:\Windows\System32\cscui.dll =>.Microsoft Corporation O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - امتداد Shell الخاص بالمشاركة.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation ---\\ ShareTools MSconfig StartupReg (29) - 3s O53 - SMSR:HKLM\...\startupreg\Apoint [Key] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe =>.Alps Electric Co., Ltd. O53 - SMSR:HKLM\...\startupreg\BCSSync [Key] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O53 - SMSR:HKLM\...\startupreg\BLEServicesCtrl [Key] . (.Intel Corporation - Bluetooth LE Services Control Program.) -- C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe =>.Intel Corporation O53 - SMSR:HKLM\...\startupreg\BlueStacks Agent [Key] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe =>.BlueStack Systems, Inc. O53 - SMSR:HKLM\...\startupreg\BTMTrayAgent [Key] . (...) -- C:\Program Files\Intel\Bluetooth\btmshellex.dll",TrayApp (.not file.) O53 - SMSR:HKLM\...\startupreg\cAudioFilterAgent [Key] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe =>.Conexant Systems, Inc. O53 - SMSR:HKLM\...\startupreg\CCleaner Monitoring [Key] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd O53 - SMSR:HKLM\...\startupreg\Dolby Advanced Audio v2 [Key] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Program Files\Dolby Advanced Audio v2\pcee4.exe =>.Dolby Laboratories Inc. O53 - SMSR:HKLM\...\startupreg\GoogleChromeAutoLaunch_D08F2D441B56E34F9C4C0682A574B541 [Key] . (.The Chromium Authors - Chromium.) -- C:\Users\ابداع\AppData\Local\Chromium\Application\chrome.exe =>.The Chromium Authors O53 - SMSR:HKLM\...\startupreg\GoogleChromeAutoLaunch_E5498460C70284B50AFCA084AEBB91DB [Key] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc. O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc. O53 - SMSR:HKLM\...\startupreg\IP Blocker [Key] . (.BeeThink SoftWare, Inc. - BeeThink IP Blocker.) -- C:\Program Files\BeeThink IP_Blocker_2.0\IPBlocker.exe O53 - SMSR:HKLM\...\startupreg\KeyScrambler [Key] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files\KeyScrambler\keyscrambler.exe =>.QFX Software Corporation O53 - SMSR:HKLM\...\startupreg\Malwarebytes Anti-Exploit [Key] . (.Malwarebytes Corporation - Malwarebytes Anti-Exploit.) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe =>.Malwarebytes Corporation O53 - SMSR:HKLM\...\startupreg\MINI IP Blocker [Key] . (.BeeThink SoftWare, Inc. - Mini IP Blocker.) -- C:\Program Files\BeeThink IP_Blocker_2.0\MiniIPBlocker.exe O53 - SMSR:HKLM\...\startupreg\PWRISOVM.EXE [Key] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.EXE =>.Power Software Ltd O53 - SMSR:HKLM\...\startupreg\SandboxieControl [Key] . (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe =>.Sandboxie Holdings, LLC O53 - SMSR:HKLM\...\startupreg\Shadow Defender Daemon [Key] . (.SHADOWDEFENDER.COM - Shadow Defender Daemon Application.) -- C:\Program Files\Shadow Defender\DefenderDaemon.exe O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O53 - SMSR:HKLM\...\startupreg\SmartAudio [Key] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SAII\SACpl.exe =>.Conexant Systems, Inc. O53 - SMSR:HKLM\...\startupreg\SoftEther VPN Client UI Helper [Key] . (.SoftEther VPN Project at University of Tsukuba, Japan - SoftEther VPN.) -- C:\Program Files\SoftEther VPN Client\vpnclient.exe =>.SoftEther VPN Project at University of Tsukuba, Japan O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O53 - SMSR:HKLM\...\startupreg\SynTPEnh [Key] . (.Synaptics Incorporated - Synaptics TouchPad 32-bit Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe =>.Synaptics Incorporated O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\Program Files\Real\RealPlayer\update\realsched.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\TrojanScanner [Key] . (...) -- C:\Program Files\Trojan Remover\Trjscan.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\TunnelBear [Key] . (...) -- C:\Program Files\TunnelBear\TBear.Client.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\tvncontrol [Key] . (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe =>.Comodo Security Solutions, Inc. O53 - SMSR:HKLM\...\startupreg\UnlockerAssistant [Key] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\ابداع\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc. ---\\ System Drivers List (128) - 20s O58 - SDL:2014/04/27 20:40:02 A . (.Lenovo Corporation - ACPI Virtual Power Controller Driver.) -- C:\Windows\System32\drivers\AcpiVpc.sys [27896] =>.Lenovo (Beijing) Limited® O58 - SDL:2009/07/14 04:26:15 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [422976] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:26:17 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [297552] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:26:15 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys [146512] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:26:15 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [14400] =>.Microsoft Windows® O58 - SDL:2010/11/20 15:29:13 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [80256] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:26:15 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [159312] =>.Microsoft Windows® O58 - SDL:2010/11/20 15:29:15 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22400] =>.Microsoft Windows® O58 - SDL:2013/07/13 18:13:28 A . (.Alps Electric Co., Ltd. - Alps Touch Pad Driver.) -- C:\Windows\System32\drivers\Apfiltr.sys [417584] =>.Alps Electric Co., LTD.® O58 - SDL:2009/07/14 04:26:15 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [76368] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:26:15 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [86608] =>.Microsoft Windows® O58 - SDL:2009/07/14 01:02:49 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60x.sys [229888] =>.Broadcom Corporation O58 - SDL:2009/07/14 01:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [13568] =>.Brother Industries, Ltd. O58 - SDL:2009/07/14 01:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [5248] =>.Brother Industries, Ltd. O58 - SDL:2009/07/14 03:57:25 A . (.Brother Industries Ltd. - برنامج تشغيل I/F التسلسلي لـ Brotehr (WDM)‎.) -- C:\Windows\System32\drivers\BrSerId.sys [272128] =>.Brother Industries Ltd. O58 - SDL:2009/07/14 01:53:32 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [62336] =>.Brother Industries Ltd. O58 - SDL:2009/07/14 01:53:33 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [12160] =>.Brother Industries Ltd. O58 - SDL:2009/07/14 01:53:33 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [11904] =>.Brother Industries Ltd. O58 - SDL:2013/03/18 15:25:42 A . (.Motorola Solutions, Inc. - Bluetooth Audio Driver.) -- C:\Windows\System32\drivers\btmaud.sys [71992] =>.Motorola Solutions Inc.® O58 - SDL:2013/04/23 15:50:26 A . (.Motorola Solutions, Inc. - Bluetooth Auxiliary Driver.) -- C:\Windows\System32\drivers\btmaux.sys [109880] =>.Motorola Solutions Inc.® O58 - SDL:2013/04/23 15:50:24 A . (.Motorola Solutions, Inc. - Bluetooth HighSpeed Filter Driver.) -- C:\Windows\System32\drivers\btmhsf.sys [1097528] =>.Motorola Solutions Inc.® O58 - SDL:2009/07/14 01:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbdx.sys [430080] =>.Broadcom Corporation O58 - SDL:2016/03/22 05:38:34 A . (.Windows (R) Win 7 DDK provider - Safe Deletion Driver.) -- C:\Windows\System32\drivers\CFRMD.sys [35064] {4A708F805E46E4A95EC561404DF11189} =>.Windows (R) Win 7 DDK provider O58 - SDL:2013/03/05 08:25:18 A . (.Conexant Systems Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\drivers\CHDRT32.sys [1363040] =>.Conexant Systems, Inc.® O58 - SDL:2016/03/21 22:18:55 A . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\Windows\System32\drivers\cmderd.sys [27488] =>.Comodo Security Solutions® O58 - SDL:2016/03/21 22:19:01 A . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\Windows\System32\drivers\cmdguard.sys [643032] =>.Comodo Security Solutions® O58 - SDL:2016/03/21 22:19:07 A . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\Windows\System32\drivers\cmdhlp.sys [52312] =>.Comodo Security Solutions® O58 - SDL:2009/07/14 04:26:21 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [15952] =>.Microsoft Windows® O58 - SDL:2012/06/15 14:53:30 A . (.Cypress Semiconductor, Inc. - Trackpad Driver.) -- C:\Windows\System32\drivers\cykbfltr.sys [13824] =>.Cypress Semiconductor, Inc. O58 - SDL:2015/01/16 20:00:36 A . (.Faronics Corporation - Deep Freeze driver.) -- C:\Windows\System32\drivers\DeepFrz.sys [154984] =>.Faronics Corporation® O58 - SDL:2015/01/16 20:01:30 A . (.Faronics Corporation - Deep Freeze driver.) -- C:\Windows\System32\drivers\DfDiskLo.sys [30696] =>.Faronics Corporation® O58 - SDL:2015/01/16 20:02:08 A . (.Faronics Corporation - Deep Freeze Driver.) -- C:\Windows\System32\drivers\DFFilter.sys [32360] =>.Faronics Corporation® O58 - SDL:2015/01/01 13:34:26 A . (.SHADOWDEFENDER.COM - Shadow Defender Filter Driver.) -- C:\Windows\System32\drivers\diskpt.sys [341048] {6E47A70BFCE998BFCD7998A98DD821D2} O58 - SDL:2009/07/14 04:20:28 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\drivers\djsvs.sys [70720] =>.Microsoft Windows® O58 - SDL:2016/03/16 00:38:42 A . (.ESET - Amon monitor.) -- C:\Windows\System32\drivers\eamonm.sys [205800] =>.ESET, spol. s r.o.® O58 - SDL:2016/03/23 13:40:20 A . (.ESET - Devmon monitor.) -- C:\Windows\System32\drivers\edevmon.sys [154288] =>.ESET, spol. s r.o.® O58 - SDL:2016/03/16 00:38:43 A . (.ESET - ESET Helper driver.) -- C:\Windows\System32\drivers\ehdrv.sys [146024] =>.ESET, spol. s r.o.® O58 - SDL:2016/03/16 00:38:43 A . (.ESET - ESET OPP Keyboard Filter.) -- C:\Windows\System32\drivers\ekbdflt.sys [111040] =>.ESET, spol. s r.o.® O58 - SDL:2009/07/14 04:20:28 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [453712] =>.Microsoft Windows® O58 - SDL:2016/03/16 00:38:43 A . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\System32\drivers\epfw.sys [161992] =>.ESET, spol. s r.o.® O58 - SDL:2016/03/16 00:38:43 A . (.ESET - Epfw NDIS LightWeight Filter.) -- C:\Windows\System32\drivers\EpfwLWF.sys [44608] =>.ESET, spol. s r.o.® O58 - SDL:2016/03/16 00:38:43 A . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\System32\drivers\epfwwfp.sys [56944] =>.ESET, spol. s r.o.® O58 - SDL:2009/07/14 01:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbdx.sys [3100160] =>.Broadcom Corporation O58 - SDL:2015/01/16 20:01:10 A . (.Faronics Corporation - Deep Freeze driver.) -- C:\Windows\System32\drivers\FarDisk.sys [25704] =>.Faronics Corporation® O58 - SDL:2015/01/16 20:00:54 A . (.Faronics Corporation - Deep Freeze Driver.) -- C:\Windows\System32\drivers\FarSpace.sys [82920] =>.Faronics Corporation® O58 - SDL:2009/09/09 12:23:38 A . (.Intel Corporation - BIOS Update Driver.) -- C:\Windows\System32\drivers\flashud.sys [42496] =>.Intel Corporation O58 - SDL:2014/08/21 08:07:12 A . (.VMware, Inc. - VMware USB monitor.) -- C:\Windows\System32\drivers\hcmon.sys [43968] =>.VMware, Inc.® O58 - SDL:2009/07/14 01:54:14 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [26624] =>.Hauppauge Computer Works, Inc. O58 - SDL:2009/07/14 04:20:28 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [67152] =>.Microsoft Windows® O58 - SDL:2014/04/24 17:34:12 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) -- C:\Windows\System32\drivers\iaStorA.sys [490856] =>.Intel Corporation - Intel® Rapid Storage Technology® O58 - SDL:2014/04/24 17:34:12 A . (.Intel Corporation - Intel Rapid Storage Technology Filter drive.) -- C:\Windows\System32\drivers\iaStorF.sys [24424] =>.Intel Corporation - Intel® Rapid Storage Technology® O58 - SDL:2010/11/20 15:29:54 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [332160] =>.Microsoft Windows® O58 - SDL:2013/04/23 13:24:26 A . (.Intel Corporation - Intel(R) Centrino(R) Wireless (Bluetooth Ad.) -- C:\Windows\System32\drivers\iBtFltCoex.sys [55776] =>.Intel Corporation-Mobile Wireless Group® O58 - SDL:2010/08/18 01:28:34 A . (.Intel Corporation - Intel(R) Watchdog Timer Driver (Intel(R) WD.) -- C:\Windows\System32\drivers\ICCWDT.sys [22040] =>.Intel Corporation® O58 - SDL:2013/11/08 02:41:38 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys [108000] =>.Tonec Inc.® O58 - SDL:2015/03/30 14:49:48 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys [3026360] =>.Intel Corporation - pGFX® O58 - SDL:2009/07/14 04:20:36 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [41040] =>.Microsoft Windows® O58 - SDL:2016/03/21 22:19:13 A . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\Windows\System32\drivers\inspect.sys [102184] =>.Comodo Security Solutions® O58 - SDL:2014/09/26 17:23:30 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\drivers\IntcDAud.sys [368912] =>.Intel Corporation - Client Components Group® O58 - SDL:2012/12/04 04:21:12 A . (.Intel Corporation - Intel(R) USB 3.0 Host Controller Switch Dri.) -- C:\Windows\System32\drivers\iusb3hcs.sys [16440] =>.Intel Corporation - Software and Firmware Products® O58 - SDL:2012/12/04 04:21:12 A . (.Intel Corporation - Intel(R) USB 3.0 Hub Driver.) -- C:\Windows\System32\drivers\iusb3hub.sys [351288] =>.Intel Corporation - Software and Firmware Products® O58 - SDL:2013/12/10 15:15:56 A . (.Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller.) -- C:\Windows\System32\drivers\iusb3xhc.sys [801776] =>.Intel Corporation - Software and Firmware Products® O58 - SDL:2015/06/03 17:59:32 A . (.QFX Software Corporation - KeyScrambler Keyboard Encryption Driver.) -- C:\Windows\System32\drivers\keyscrambler.sys [211408] =>.QFX Software Corporation® O58 - SDL:2013/11/29 13:40:44 A . (.Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabi.) -- C:\Windows\System32\drivers\L1C62x86.sys [110280] =>.Qualcomm Atheros® O58 - SDL:2009/07/14 04:20:36 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [95824] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:20:37 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [89168] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:20:36 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [54864] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:20:36 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [96848] =>.Microsoft Windows® O58 - SDL:2015/10/05 09:50:04 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [23256] =>.Malwarebytes Corporation® O58 - SDL:2015/10/05 09:50:08 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\drivers\mbamchameleon.sys [94936] =>.Malwarebytes Corporation® O58 - SDL:2016/03/23 12:59:46 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [170200] =>.Malwarebytes Corporation® O58 - SDL:2009/07/14 04:20:36 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [30800] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:20:36 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [235584] =>.Microsoft Windows® O58 - SDL:2015/10/05 09:50:16 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\Windows\System32\drivers\mwac.sys [51928] =>.Malwarebytes Corporation® O58 - SDL:2010/05/02 14:10:22 A . (.BeeThink SoftWare, Inc. - BeeThink Network Blocker Driver.) -- C:\Windows\System32\drivers\nblocker.sys [19456] O58 - SDL:2016/03/19 00:52:45 A . (.SoftEther Corporation - SoftEther VPN.) -- C:\Windows\System32\drivers\Neo_0007.sys [37920] =>.SoftEther Corporation® O58 - SDL:2014/12/19 00:04:16 A . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\System32\drivers\NETwsn01.sys [10376704] =>.Intel Corporation O58 - SDL:2009/07/14 04:20:44 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [44624] =>.Microsoft Windows® O58 - SDL:2011/02/12 00:23:34 A . (.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) -- C:\Windows\System32\drivers\npf.sys [35088] =>.CACE Technologies, Inc.® O58 - SDL:2010/11/20 15:30:06 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [117120] =>.Microsoft Windows® O58 - SDL:2010/11/20 15:30:06 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [143744] =>.Microsoft Windows® O58 - SDL:2015/11/10 21:15:14 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) -- C:\Windows\System32\drivers\ptun0901.sys [23552] =>.The OpenVPN Project O58 - SDL:2009/07/14 04:19:04 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1383488] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:19:04 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [106064] =>.Microsoft Windows® O58 - SDL:2016/03/22 22:54:59 A . (.Resplendence Software Projects Sp. - Resplendence WhySoSlow Monitoring Driver.) -- C:\Windows\System32\drivers\rspWhy32.sys [24832] =>.Daniel Terhell® O58 - SDL:2014/12/08 16:13:26 A . (.Realsil Semiconductor Corporation - RTS USB READER Driver.) -- C:\Windows\System32\drivers\RtsUer.sys [283864] =>.Realtek Semiconductor Corp® O58 - SDL:2015/04/08 05:44:39 A . (.Realtek Semiconductor Corp. - Realtek UVC Driver for Vista/Win7/Win8/Win8.) -- C:\Windows\System32\drivers\rtsuvc.sys [1927384] =>.Realtek Semiconductor Corp® O58 - SDL:2015/04/08 05:01:28 A . (.Power Software Ltd - PowerISO Virtual Drive.) -- C:\Windows\System32\drivers\scdemu.sys [113984] =>.Power Software Limited® O58 - SDL:2009/07/13 23:50:20 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480] =>.Macrovision Corporation, Macrovision Europe Limited, O58 - SDL:2009/07/14 04:19:04 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [40016] =>.Microsoft Windows® O58 - SDL:2009/07/14 04:19:04 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [77888] =>.Microsoft Windows® O58 - SDL:2015/01/13 16:02:44 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys [25768] =>.Synaptics Incorporated® O58 - SDL:2009/07/14 04:19:04 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [21072] =>.Microsoft Windows® O58 - SDL:2014/08/08 01:22:00 A . (.Synaptics Incorporated - Synaptics Touchpad Win32 Driver.) -- C:\Windows\System32\drivers\SynTP.sys [414448] =>.Synaptics Incorporated® O58 - SDL:2015/04/28 13:08:10 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\drivers\tap-tb-0901.sys [33280] =>.TunnelBear, Inc.® O58 - SDL:2016/03/18 20:30:14 A . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\drivers\tap0901_openvpn_accl.sys [32152] =>.FlyVPN INC® O58 - SDL:2014/04/23 11:45:14 A . (.TOSHIBA CORPORATION - Bluetooth RF Bus Driver.) -- C:\Windows\System32\drivers\tosrfbd.sys [249200] =>.TOSHIBA CORPORATION® O58 - SDL:2012/08/01 11:02:24 A . (.TOSHIBA Corporation. - Bluetooth HID Driver from TOSHIBA.) -- C:\Windows\System32\drivers\Tosrfhid.sys [80624] =>.TOSHIBA CORPORATION® O58 - SDL:2014/06/22 17:56:22 A . (.TOSHIBA CORPORATION - Bluetooth USB Miniport Driver.) -- C:\Windows\System32\drivers\tosrfusb.sys [78840] =>.TOSHIBA CORPORATION® O58 - SDL:2014/05/16 15:25:48 A . (.Oracle Corporation - VirtualBox Support Driver.) -- C:\Windows\System32\drivers\VBoxDrv.sys [204064] =>.Oracle Corporation® O58 - SDL:2015/05/13 17:29:54 A . (.Oracle Corporation - VirtualBox Host-Only Network Adapter Driver.) -- C:\Windows\System32\drivers\VBoxNetAdp.sys [115672] =>.Oracle Corporation® O58 - SDL:2015/05/13 17:29:54 A . (.Oracle Corporation - VirtualBox USB Monitor Driver.) -- C:\Windows\System32\drivers\VBoxUSBMon.sys [104896] =>.Oracle Corporation® O58 - SDL:2009/07/14 04:19:10 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [16976] =>.Microsoft Windows® O58 - SDL:2013/10/08 18:20:50 A . (.VMware, Inc. - VMware PCI VMCI Bus Device.) -- C:\Windows\System32\drivers\vmci.sys [71888] =>.VMware, Inc.® O58 - SDL:2015/06/24 14:25:26 A . (.VMware, Inc. - VMware keyboard filter driver (32-bit).) -- C:\Windows\System32\drivers\VMkbd.sys [26456] =>.VMware, Inc.® O58 - SDL:2015/06/24 14:25:26 A . (.VMware, Inc. - VMware virtual network driver (32-bit).) -- C:\Windows\System32\drivers\vmnet.sys [20048] =>.VMware, Inc.® O58 - SDL:2015/06/24 14:25:26 A . (.VMware, Inc. - VMware virtual network adapter driver (32-b.) -- C:\Windows\System32\drivers\vmnetadapter.sys [17104] =>.VMware, Inc.® O58 - SDL:2015/06/24 14:25:26 A . (.VMware, Inc. - VMware bridge driver (32-bit).) -- C:\Windows\System32\drivers\vmnetbridge.sys [37456] =>.VMware, Inc.® O58 - SDL:2015/06/24 14:28:48 A . (.VMware, Inc. - VMware network application interface driver.) -- C:\Windows\System32\drivers\vmnetuserif.sys [26968] =>.VMware, Inc.® O58 - SDL:2015/06/24 14:29:54 A . (.VMware, Inc. - VMware kernel driver.) -- C:\Windows\System32\drivers\vmx86.sys [66136] =>.VMware, Inc.® O58 - SDL:2015/05/26 02:56:08 A . (.Eugene V. Muzychenko - Kernel-mode WDM driver.) -- C:\Windows\System32\drivers\vrtaucbl.sys [50728] =>.NTONYX Ltd.® O58 - SDL:2009/07/14 04:19:11 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [141904] =>.Microsoft Windows® O58 - SDL:2013/10/08 18:20:56 A . (.VMware, Inc. - VMware vSockets Service.) -- C:\Windows\System32\drivers\vsock.sys [63824] =>.VMware, Inc.® O58 - SDL:2009/07/14 00:40:41 A . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:2009/07/14 00:40:44 A . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:2009/07/14 00:40:40 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:2009/07/14 00:40:43 A . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:2009/07/14 00:40:43 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:2009/07/14 00:40:23 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:2009/07/14 00:40:31 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:2009/07/14 00:40:35 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:2009/07/14 00:40:39 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:2009/07/14 00:40:27 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:2009/07/14 00:40:11 A . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:2009/07/14 00:40:15 A . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:2009/07/14 00:40:17 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:2009/07/14 00:40:19 A . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:2009/07/14 00:40:13 A . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ---\\ Last modified or created user files (57) - 89s O61 - LFC: 2016/03/21 00:04:38 A . (..) -- C:\Users\ابداع\Downloads\DUCSetup_v4_1_1 (1).exe [241736] {0A81B078D1D4554BBFCF3D0162A9962B} O61 - LFC: 2016/03/27 13:33:20 A . (..) -- C:\Users\ابداع\Downloads\DUCSetup_v4_1_1(1).exe [241736] {0A81B078D1D4554BBFCF3D0162A9962B} O61 - LFC: 2016/03/22 06:07:58 A . (.Armor2net Software Corporation Ltd..) -- C:\Users\ابداع\Downloads\Programs\armor2nt.exe [3730446] O61 - LFC: 2016/03/22 06:06:56 A . (..) -- C:\Users\ابداع\Downloads\Programs\spf.exe [9228440] {2B7B1D7E42AFBF6FE5A832EACBDC9DFA} O61 - LFC: 2016/03/27 14:40:19 A . (..) -- C:\Users\ابداع\Downloads\I386\PRESETUP.CMD [0] O61 - LFC: 2016/03/21 13:31:10 A . (.Copyright © 2016.) -- C:\Users\ابداع\Documents\Visual Studio 2013\Projects\WindowsFormsApplication1\WindowsFormsApplication1\obj\Debug\WindowsFormsApplication1.exe [11264] O61 - LFC: 2016/03/21 12:59:55 A . (..) -- C:\Users\ابداع\Documents\Visual Studio 2013\Projects\WindowsApplication1\WindowsApplication1\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll [7680] O61 - LFC: 2016/03/27 23:50:03 A . (..) -- C:\Users\ابداع\Desktop\cahe free.exe [24064] O61 - LFC: 2016/03/21 19:57:50 A . (.Copyright © 2014.) -- C:\Users\ابداع\Desktop\theme.dll [86016] O61 - LFC: 2016/03/27 23:37:51 A . (.Copyright © 2016.) -- C:\Users\ابداع\Desktop\مجلد جديد ‫(2)‬\Builder njRAT.exe [51712] O61 - LFC: 2016/03/27 23:56:52 A . (..) -- C:\Users\ابداع\Desktop\مجلد جديد ‫(2)‬\cahe free.exe [25088] O61 - LFC: 2016/03/27 23:37:51 A . (.Copyright © 2008 - 2011 Jb Evain.) -- C:\Users\ابداع\Desktop\مجلد جديد ‫(2)‬\Mono.Cecil.dll [312320] O61 - LFC: 2016/03/27 23:38:24 A . (.njq8.) -- C:\Users\ابداع\Desktop\مجلد جديد ‫(2)‬\njRAT v0.7d.exe [1723904] O61 - LFC: 2016/03/27 23:37:51 A . (..) -- C:\Users\ابداع\Desktop\مجلد جديد ‫(2)‬\Stub.exe [26112] O61 - LFC: 2016/03/27 22:50:06 A . (.BD2 Co..) -- C:\Users\ابداع\Desktop\مجلد جديد ‫(2)‬\BD2.Net Injector\BD2.Net Injector.exe [932864] O61 - LFC: 2016/03/27 22:50:06 A . (.DevComponents.com.) -- C:\Users\ابداع\Desktop\مجلد جديد ‫(2)‬\BD2.Net Injector\DevComponents.DotNetBar2.dll [4558848] O61 - LFC: 2016/03/26 01:05:34 A . (.Zaid Al-iRAQi.) -- C:\Users\ابداع\Desktop\VisualBasic4Arab\VisualBasic4Arab\obj\x86\Debug\منتدى فيجوال بيسك.exe [317440] O61 - LFC: 2016/03/26 15:34:07 A . (..) -- C:\Users\ابداع\Desktop\VisualBasic4Arab\VisualBasic4Arab\obj\x86\Debug\TempPE\Properties.Resources.Designer.cs.dll [4608] O61 - LFC: 2016/03/26 01:05:33 A . (.Zaid Al-iRAQi.) -- C:\Users\ابداع\Desktop\VisualBasic4Arab\VisualBasic4Arab\bin\Debug\منتدى فيجوال بيسك.exe [317440] O61 - LFC: 2016/03/21 19:41:11 A . (.Copyright © 2016.) -- C:\Users\ابداع\Desktop\kkkk\Sing In Rghost\Sing In Rghost\obj\Debug\Sing In Rghost.exe [12288] O61 - LFC: 2016/03/21 19:41:11 A . (.Copyright © 2016.) -- C:\Users\ابداع\Desktop\kkkk\Sing In Rghost\Sing In Rghost\obj\Debug\test.exe [12288] O61 - LFC: 2016/03/21 19:41:10 A . (.Copyright © 2016.) -- C:\Users\ابداع\Desktop\kkkk\Sing In Rghost\Sing In Rghost\bin\Debug\Sing In Rghost.exe [12288] O61 - LFC: 2016/03/21 19:41:10 A . (.Copyright © 2016.) -- C:\Users\ابداع\Desktop\kkkk\Sing In Rghost\Sing In Rghost\bin\Debug\test.exe [12288] O61 - LFC: 2016/03/22 12:22:05 A . (.Copyright (C) 2001.) -- C:\Users\ابداع\Desktop\kjhkjh\SUPPORT\TOOLS\GBUNICNV.EXE [27136] O61 - LFC: 2016/03/22 12:22:05 A . (..) -- C:\Users\ابداع\Desktop\kjhkjh\SUPPORT\TOOLS\SETUP.EXE [20480] O61 - LFC: 2016/03/22 12:22:04 A . (..) -- C:\Users\ابداع\Desktop\kjhkjh\OEM\DP_Install_Tool.cmd [3284] O61 - LFC: 2016/03/22 12:22:04 A . (..) -- C:\Users\ابداع\Desktop\kjhkjh\OEM\bin\DevPath.exe [12288] O61 - LFC: 2016/03/22 12:22:04 A . (.STK.) -- C:\Users\ابداع\Desktop\kjhkjh\OEM\bin\un7zip.exe [188928] O61 - LFC: 2016/03/22 12:20:02 A . (..) -- C:\Users\ابداع\Desktop\kjhkjh\I386\NTDETECT.COM [47564] O61 - LFC: 2016/03/22 12:19:51 A . (..) -- C:\Users\ابداع\Desktop\kjhkjh\I386\PRESETUP.CMD [3186] O61 - LFC: 2016/03/22 12:19:42 A . (..) -- C:\Users\ابداع\Desktop\kjhkjh\I386\RUNW32.BAT [2589] O61 - LFC: 2016/03/22 12:19:11 A . (..) -- C:\Users\ابداع\Desktop\kjhkjh\I386\WINNT.EXE [84939] O61 - LFC: 2016/03/22 12:19:05 A . (..) -- C:\Users\ابداع\Desktop\kjhkjh\DOTNETFX\DELTEMP.EXE [36864] O61 - LFC: 2016/03/27 23:50:14 A . (..) -- C:\Users\ابداع\AppData\Roaming\svchost.exe [25088] O61 - LFC: 2016/03/28 11:33:17 A . (..) -- C:\Users\ابداع\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c1fbcceda94af384384c8ff38770d448.exe [25088] O61 - LFC: 2016/03/26 12:07:54 A . (.Copyright (C) 2011.) -- C:\Users\ابداع\AppData\Roaming\Baidu\Spark\SysData\ExtApp\SnapImg\screensnapshot.exe [530064] O61 - LFC: 2016/03/26 12:07:54 A . (.Copyright (C) 2011.) -- C:\Users\ابداع\AppData\Roaming\Baidu\Spark\SysData\ExtApp\SnapImg\SnapImg.dll [83088] O61 - LFC: 2016/03/26 15:36:54 A . (.Zaid Al-iRAQi.) -- C:\Users\ابداع\AppData\Local\Microsoft\VisualStudio\12.0\ProjectAssemblies\ki8p_ree01\منتدى فيجوال بيسك.exe [317440] O61 - LFC: 2016/03/26 16:05:39 A . (.Sven Walter, Dennis Magno.) -- C:\Users\ابداع\AppData\Local\Microsoft\VisualStudio\12.0\ProjectAssemblies\6wipfoz701\MetroFramework.dll [337920] O61 - LFC: 2016/03/21 21:47:00 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\Usages.bin [2432] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\438eae57-e5c3-58a0.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\44eacc5f-e52a-ad22.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\7adf99df-bdfe-48f1.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\84af16d6-3a6f-8d1f.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\a9a54134-3d99-910d.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\fea44a51-7991-19e8.bin [8] O61 - LFC: 2016/03/21 21:46:31 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\RGVjb21waWxlZCBpbnRvIGxhbmd1YWdlIEMjIDQuMA==.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\UGxhdGZvcm06IC5ORVQgNC4wIGluc3RhbGxlZA==.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\UGxhdGZvcm06IFdpbmRvd3MgNy8yMDA4IFIy.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\UGxhdGZvcm0gQ1BVIENvcmVzOiA0.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\UGxhdGZvcm0gQ3VsdHVyZSBMQ0lEOiAxMDI1.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\UGxhdGZvcm0gQ3VsdHVyZSBOYW1lOiBhci1TQQ==.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\UGxhdGZvcm0gT1MgQml0bmVzczogMzI=.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\UGxhdGZvcm0gTnVtYmVyIG9mIE1vbml0b3JzOiAx.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\UGxhdGZvcm0gVUkgQ3VsdHVyZSBMQ0lEOiAxMDI1.bin [8] O61 - LFC: 2016/03/21 21:44:10 A . (..) -- C:\Users\ابداع\AppData\Local\IsolatedStorage\flrq2ci3.0wf\d3bfhzey.gsg\StrongName.lbvo3acdz4hduckfkaot5num5lbpheob\AssemFiles\D7909B95\D\UGxhdGZvcm0gVUkgQ3VsdHVyZSBOYW1lOiBhci1TQQ==.bin [8] O61 - LFC: 2016/03/21 22:16:01 A . (..) -- C:\Users\ابداع\AppData\Local\Adobe\Acrobat\DC\UserCache.bin [83479] ---\\ File Associations Shell Spawning (11) - 0s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - ‎‎مشغل الأداة الإضافية لعارض الأحداث.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - ‎‎محرر التسجيل.) -- C:\Windows\regedit.exe =>.Microsoft Corporation O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation® ---\\ Start Menu Internet (20) - 1s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\Spark.exe =>.Baidu Online Network Technology (Beijing) Co.,Ltd.® O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.The Chromium Authors - Chromium.) -- C:\Users\ابداع\AppData\Local\Chromium\Application\chrome.exe =>.The Chromium Authors O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Comodo - Chromodo.) -- C:\Program Files\Comodo\Chromodo\chromodo.exe =>.Comodo Security Solutions® O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation® O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc® O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.The Chromium Authors - Chromium.) -- C:\Users\ابداع\AppData\Local\Chromium\Application\chrome.exe =>.The Chromium Authors O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Comodo - Chromodo.) -- C:\Program Files\Comodo\Chromodo\chromodo.exe =>.COMODO O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.The Chromium Authors - Chromium.) -- C:\Users\ابداع\AppData\Local\Chromium\Application\chrome.exe =>.The Chromium Authors O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Comodo - Chromodo.) -- C:\Program Files\Comodo\Chromodo\chromodo.exe =>.COMODO O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.The Chromium Authors - Chromium.) -- C:\Users\ابداع\AppData\Local\Chromium\Application\chrome.exe =>.The Chromium Authors O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Comodo - Chromodo.) -- C:\Program Files\Comodo\Chromodo\chromodo.exe =>.COMODO O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc. ---\\ Search Browser Infection (4) - 11s O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ O69 - SBI: SearchScopes [HKCU] {2f23ab71-4ac6-41f2-a955-ea576e553146} - (Google) - http://www.google.cn/ O69 - SBI: SearchScopes [HKCU] {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} [DefaultScope] - (Yahoo! Search) - http://us.search.yahoo.com/ =>.Yahoo Search O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ ---\\ Search Svchost Services (33) - 1s O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [62464] =>.Microsoft Corporation O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [67584] =>.Microsoft Corporation O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [67584] =>.Microsoft Corporation O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمة الخادم.) -- C:\Windows\System32\srvsvc.dll [168960] =>.Microsoft Corporation O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - عميل نهج المجموعة.) -- C:\Windows\System32\gpsvc.dll [593408] =>.Microsoft Corporation O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [679424] =>.Microsoft Corporation O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - خدمة صوت Windows.) -- C:\Windows\System32\audiosrv.dll [475136] =>.Microsoft Corporation O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - إدارة الطلب التلقائي للوصول عن بُعد.) -- C:\Windows\System32\rasauto.dll [90624] =>.Microsoft Corporation O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [286208] =>.Microsoft Corporation O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [75264] =>.Microsoft Corporation O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - خدمة الإعلام بأحداث النظام (SENS).) -- C:\Windows\System32\Sens.dll [49664] =>.Microsoft Corporation O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [300544] =>.Microsoft Corporation O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [242176] =>.Microsoft Corporation O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [523776] =>.Microsoft Corporation O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - عامل Windows Update.) -- C:\Windows\System32\wuaueng.dll [2062848] =>.Microsoft Corporation O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - خدمة النقل الذكي في الخلفية.) -- C:\Windows\System32\qmgr.dll [585728] =>.Microsoft Corporation O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمات Windows Sh.) -- C:\Windows\System32\shsvcs.dll [328192] =>.Microsoft Corporation O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [499712] =>.Microsoft Corporation O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي الخاصة بخدمة تسجي.) -- C:\Windows\System32\seclogon.dll [21504] =>.Microsoft Corporation O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - خدمة معلومات التطبيقات.) -- C:\Windows\System32\appinfo.dll [47104] =>.Microsoft Corporation O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - خدمة اكتشاف iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688] =>.Microsoft Corporation O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - خدمة جدولة فئات تعدد الوسائط.) -- C:\Windows\System32\mmcss.dll [49664] =>.Microsoft Corporation O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - تقارير المشاكل وحلولها.) -- C:\Windows\System32\wercplsupport.dll [61440] =>.Microsoft Corporation O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [98304] =>.Microsoft Corporation O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164864] =>.Microsoft Corporation O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - خدمة جدولة المهام.) -- C:\Windows\System32\schedsvc.dll [751104] =>.Microsoft Corporation O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [71168] =>.Microsoft Corporation O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - خدمة تكوين سطح المكتب البعيد.) -- C:\Windows\System32\SessEnv.dll [113664] =>.Microsoft Corporation O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960] =>.Microsoft Corporation O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمة مستعرض الكم.) -- C:\Windows\System32\browser.dll [102912] =>.Microsoft Corporation O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمات نُسق Windo.) -- C:\Windows\System32\themeservice.dll [37376] =>.Microsoft Corporation O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - خدمة BDE.) -- C:\Windows\System32\bdesvc.dll [76800] =>.Microsoft Corporation O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - خدمة تثبت البرامج.) -- C:\Windows\System32\appmgmts.dll [149504] =>.Microsoft Corporation ---\\ Firewall Active Exception List (17) - 6s O87 - FAEL: "{1CC665AB-E836-40D5-BFD2-7212713D3C17}" [In-None-P6-TRUE] .(.Faronics Corporation - Deep Freeze service.) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe O87 - FAEL: "{2CD8103B-1A28-40F0-AD5A-7AE14C3014A4}" [Out-None-P6-TRUE] .(.Faronics Corporation - Deep Freeze service.) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe O87 - FAEL: "{000777B1-1AEC-444F-B5B2-788778B24348}" [In-None-P17-TRUE] .(.Faronics Corporation - Deep Freeze service.) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe O87 - FAEL: "{291235EE-BA35-41CD-B023-67CA7299B52B}" [Out-None-P17-TRUE] .(.Faronics Corporation - Deep Freeze service.) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe O87 - FAEL: "TCP Query User{E28A9F57-6FA3-40A4-A901-1CF20DFA0A30}C:\users\ابداع\downloads\apatedns\apatedns.exe" [In-None-P6-TRUE] .(.Mandiant - Mandiant.) -- C:\users\ابداع\downloads\apatedns\apatedns.exe O87 - FAEL: "UDP Query User{4DA75583-84E3-4C43-A34F-C35A464E1CB5}C:\users\ابداع\downloads\apatedns\apatedns.exe" [In-None-P17-TRUE] .(.Mandiant - Mandiant.) -- C:\users\ابداع\downloads\apatedns\apatedns.exe O87 - FAEL: "{718BD56A-BDB5-4794-AB97-52A26D026C4A}" [In-None-P6-TRUE] .(.Nsasoft LLC. - Nsauditor Network Security Auditor.) -- C:\Program Files\Nsauditor\Nsauditor.exe {14966A76CD72EED75C01DC5BDA611603} O87 - FAEL: "{D370F1E3-EE8A-40F2-BC42-A7E7742DCCA0}" [In-None-P17-TRUE] .(.Nsasoft LLC. - Nsauditor Network Security Auditor.) -- C:\Program Files\Nsauditor\Nsauditor.exe {14966A76CD72EED75C01DC5BDA611603} O87 - FAEL: "{B4BF4A46-278F-4E80-AE1A-6C6F355000EB}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Droid4X\Droid4X.exe {2B86748125644541E9D799554A0D8F15} O87 - FAEL: "{BBCB035D-0FF0-45F5-8DE5-AE64BE5CAA5A}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Andy\andy.exe (.not file.) O87 - FAEL: "{5E0B9780-5C4C-48C1-9962-A0B443579616}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Andy\andy.exe (.not file.) O87 - FAEL: "{407E70ED-7271-4E67-8851-B6103ED32CE4}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Andy\AndyConsole.exe (.not file.) O87 - FAEL: "{98DF4CB4-F364-4AE4-8072-3F630B5AD583}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Andy\AndyConsole.exe (.not file.) O87 - FAEL: "{0DDEA922-8A04-498F-B570-673AF047BF56}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Andy\SetupFiles\Uninstall.exe (.not file.) O87 - FAEL: "{3E986A3C-4862-4B58-9AD8-F1B0EFC122F4}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Andy\SetupFiles\Uninstall.exe (.not file.) O87 - FAEL: "{C2E8918D-8E1E-463A-AF4A-1CE357CCF692}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Andy\HandyAndy.exe (.not file.) O87 - FAEL: "{900B8D03-0015-4A5C-9CB3-D9DE806F98DA}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Andy\HandyAndy.exe (.not file.) ---\\ Additional Scan (O88) (23) - 0s HKLM\SYSTEM\CurrentControlSet\Services\KMService =>PUP.Optional.Office C:\Windows\System32\srvany.exe =>PUP.Optional.Office C:\Windows\System32\SafeIPs.dll =>Hijacker.Winsock HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} =>.Superfluous.GreenTreeApp HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} =>.Superfluous.GreenTreeApp HKLM\SOFTWARE\Babylon =>PUP.Optional.Babylon HKLM\SOFTWARE\PIP =>Toolbar.Ask HKCU\SOFTWARE\0932343ebc836c39c857a65dc20ea0fb =>PUP.Optional.CrossRider HKCU\SOFTWARE\13b744fe92a3e5c630f8f3abb1fe36d1 =>PUP.Optional.CrossRider HKCU\SOFTWARE\23556fb1360f366337f97c924e76ead3 =>PUP.Optional.CrossRider HKCU\SOFTWARE\6e4916d81978de39ad3dbae2a458fe60 =>PUP.Optional.CrossRider HKCU\SOFTWARE\984559f52d4087243e95e5ad9bb48e8d =>PUP.Optional.CrossRider HKCU\SOFTWARE\APN PIP =>.Superfluous.Conduit HKCU\SOFTWARE\c1fbcceda94af384384c8ff38770d448 =>PUP.Optional.CrossRider HKCU\SOFTWARE\c25b8192b99348e89785aab790446370 =>PUP.Optional.CrossRider HKCU\SOFTWARE\d761084bef63be7e031d4cb42cbf81e5 =>PUP.Optional.CrossRider HKCU\SOFTWARE\GreenTree Applications =>.Superfluous.GreenTreeApp HKCU\SOFTWARE\PIP =>Toolbar.Ask HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore C:\Program Files\GreenTree Applications =>.Superfluous.GreenTreeApp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader =>PUP.Optional.PDFtoWordConverter C:\ProgramData\Babylon =>PUP.Optional.Babylon C:\ProgramData\YTD Video Downloader =>PUP.Optional.PDFtoWordConverter ---\\ Summary of the elements found (8) - 0s http://www.nicolascoolman.fr/?p=888 =>PUP.Optional.Office http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.GreenTreeApp http://www.nicolascoolman.fr/?p=170 =>PUP.Optional.Babylon http://www.nicolascoolman.fr/?p=235 =>Toolbar.Ask http://www.nicolascoolman.fr/?p=180 =>PUP.Optional.CrossRider http://www.nicolascoolman.fr/?p=210 =>.Superfluous.Conduit http://www.nicolascoolman.fr/?p=279 =>Adware.InstallCore http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.PDFtoWordConverter ~ End of the scan, 32457 items in 00h08mn10s (1468)(0)