~ ZHPDiag v2016.6.14.104 By Nicolas Coolman (2016/06/10) ~ Run by Ibrahim (Administrator) (2016/06/17 17:02:35) ~ Web: http://www.nicolascoolman.com ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Users\Ibrahim\Desktop\ZHPDiag.txt ~ Report: C:\Users\Ibrahim\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Activate ~ System startup: Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Internet Browsers (1) - 0s MSIE: Internet Explorer v8.0.7601.17514 ---\\ Windows Product Information (4) - 0s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK Windows Automatic Updates : OK Windows Activation Technologies : KO ---\\ Surveillance software (1) - 0s Adobe Flash Player 19 NPAPI ---\\ Information on the system (6) - 0s ~ Operating System: Intel64 Family 6 Model 61 Stepping 4, GenuineIntel ~ Operating System: 64-bit ~ Boot mode: Normal (Normal boot) Total RAM: 4102.672 MB (49% free) System Restore: Activé (Enable) System drive C: has 74 GB () free of 99 GB ---\\ Connection to the system mode (3) - 0s ~ Computer Name: IBRAHIM-PC ~ User Name: Ibrahim ~ Logged in as Administrator ---\\ Enumeration of the disk units (3) - 0s ~ Drive C: has 74 GB free of 99 GB (System) ~ Drive D: has 102 GB free of 149 GB ~ Drive E: has 214 GB free of 226 GB ---\\ State of the Windows Security Center (11) - 0s [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK ---\\ Search Generic System Files (25) - 1s [MD5.AC4C51EB24AA95B77F705AB159189E24] - 21/11/2010 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2872320] =>.Microsoft Corporation [MD5.DD81D91FF3B0763C392422865C9AC12E] - 14/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [45568] =>.Microsoft Corporation [MD5.94355C28C1970635A31B3FE52EB7CEBA] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation [MD5.F6C5302E1F4813D552F41A0AC82455E5] - 21/11/2010 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1188864] =>.Microsoft Corporation [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - 21/11/2010 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [390656] =>.Microsoft Corporation [MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation [MD5.A52B6CC24063CC83C78C0E6F24DEEC01] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation [MD5.59DF156711A76BCB993253EC6C9BBF41] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation [MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - 21/11/2010 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [499712] =>.Microsoft Corporation [MD5.02062C0B390B7729EDC9E69C680A6F3C] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows® [MD5.B8BD2BB284668C84865658C77574381A] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation [MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [102400] =>.Microsoft Corporation [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation [MD5.FAF015B07E3A2874A790A39B7D2C579F] - 21/11/2010 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [158208] =>.Microsoft Corporation [MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [261632] =>.Microsoft Corporation [MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - 21/11/2010 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1659776] =>.Microsoft Windows® [MD5.0086431C29C35BE1DBC43F52CC273887] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation [MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation [MD5.1B6163C503398B23FF8B939C67747683] - 21/11/2010 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [165888] =>.Microsoft Corporation [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 21/11/2010 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [119296] =>.Microsoft Corporation [MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windows® ---\\ Non Microsoft non disabled Windows Services (9) - 0s O23 - Service: Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe =>.Andrea Electronics® O23 - Service: Avira FireWall (AntiVirFirewallService) . (.Avira Operations GmbH & Co. KG - Firewall NT service process.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe =>.Avira Operations GmbH & Co. KG® O23 - Service: Avira Mail Protection (AntiVirMailService) . (.Avira Operations GmbH & Co. KG - Antivirus MailScanner WFP Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe =>.Avira Operations GmbH & Co. KG® O23 - Service: Avira Scheduler (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe =>.Avira Operations GmbH & Co. KG® O23 - Service: Avira Real-Time Protection (AntiVirService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe =>.Avira Operations GmbH & Co. KG® O23 - Service: Avira Web Protection (AntiVirWebService) . (.Avira Operations GmbH & Co. KG - AntiVir WebGuard WFP Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe =>.Avira Operations GmbH & Co. KG® O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\Windows\System32\igfxCUIService.exe =>.Intel Corporation - pGFX® O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 350.1.) - C:\Windows\System32\nvvsvc.exe =>.NVIDIA Corporation® O23 - Service: Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor - Realtek Audio Service.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe =>.Realtek Semiconductor Corp® ---\\ Services not Microsoft (SR=Run, SS=Stop) (11) - 7s SR - Auto [17/11/2009] [ 98208] Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe =>.Andrea Electronics® SR - Auto [24/02/2015] [ 1044784] Avira FireWall (AntiVirFirewallService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe =>.Avira Operations GmbH & Co. KG® SR - Auto [24/02/2015] [ 806192] Avira Mail Protection (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe =>.Avira Operations GmbH & Co. KG® SR - Auto [24/02/2015] [ 432888] Avira Scheduler (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe =>.Avira Operations GmbH & Co. KG® SR - Auto [24/02/2015] [ 432888] Avira Real-Time Protection (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe =>.Avira Operations GmbH & Co. KG® SR - Auto [24/02/2015] [ 993528] Avira Web Protection (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe =>.Avira Operations GmbH & Co. KG® SS - Demand [21/03/2015] [ 279144] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe =>.Intel Corporation - pGFX® SR - Auto [21/03/2015] [ 344168] Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe =>.Intel Corporation SR - Auto [08/04/2015] [ 936264] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe =>.NVIDIA Corporation SR - Auto [05/03/2015] [ 294104] Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe =>.Realtek Semiconductor Corp® ---\\ Task Planned Automatically (4) - 4s [MD5.00000000000000000000000000000000] [APT] [TaskName] (...) -- Task To Run (.not file.) [0] (.Activate.) =>.Superfluous.Empty [MD5.AEB8F2D52D4D3903F439B3C9EC01D00B] [APT] [RtHDVBg_PushButton] (.Realtek Semiconductor.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392856] (.Activate.) =>.Realtek Semiconductor Corp® [MD5.00000000000000000000000000000000] [APT] [{BE6EF134-4A53-42E8-8815-C73EE3B1EB0C}] (...) -- C:\Users\Ibrahim\Downloads\Compressed\setup.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty O39 - APT: RtHDVBg_PushButton - (.Realtek Semiconductor.) -- C:\Windows\System32\Tasks\RtHDVBg_PushButton [3146] =>.Realtek Semiconductor Corp® ---\\ Process running (39) - 1s [MD5.2A4F832243E869FD7564AA90402D74BD] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 350.1.) -- C:\Windows\System32\nvvsvc.exe [936264] [PID.1008] =>.NVIDIA Corporation® [MD5.1F2596D54A7200D65181287FDD54998E] - (.Intel Corporation - igfxCUIService Module.) -- C:\Windows\System32\igfxCUIService.exe [344168] [PID.1288] =>.Intel Corporation - pGFX® [MD5.36112AD82BC11EC8529A491063F7A19A] - (.Realtek Semiconductor - Realtek Audio Service.) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104] [PID.1344] =>.Realtek Semiconductor Corp® [MD5.AEB8F2D52D4D3903F439B3C9EC01D00B] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392856] [PID.1380] =>.Realtek Semiconductor Corp® [MD5.AEB8F2D52D4D3903F439B3C9EC01D00B] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392856] [PID.1388] =>.Realtek Semiconductor Corp® [MD5.5CDE98ED7F771C6B51CF8576B137CBD5] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1251144] [PID.1564] =>.NVIDIA Corporation® [MD5.2A4F832243E869FD7564AA90402D74BD] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 350.1.) -- C:\Windows\System32\nvvsvc.exe [936264] [PID.1572] =>.NVIDIA Corporation® [MD5.EE4CD8B219CC3C0FA73982C2791819E2] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888] [PID.2020] =>.Avira Operations GmbH & Co. KG® [MD5.D1E343BC00136CE03C4D403194D06A80] - (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [98208] [PID.1800] =>.Andrea Electronics® [MD5.9DDBF6F998B11C6174EB710751B19A5B] - (.Avira Operations GmbH & Co. KG - Firewall NT service process.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784] [PID.1084] =>.Avira Operations GmbH & Co. KG® [MD5.EE4CD8B219CC3C0FA73982C2791819E2] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888] [PID.2060] =>.Avira Operations GmbH & Co. KG® [MD5.00A5B2CCFE62CD4B09B48A2E20D938DC] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8464600] [PID.2408] =>.Realtek Semiconductor Corp® [MD5.AEB8F2D52D4D3903F439B3C9EC01D00B] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392856] [PID.2416] =>.Realtek Semiconductor Corp® [MD5.3F53FCE46C0A587B348AC49ED3D08F50] - (.Cypress Semiconductor Corporation - Trackpad Bus Monitor.) -- C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2461696] [PID.2476] [MD5.83FF3601879A66659BDCF2F9FA543D0F] - (.Cypress Semiconductor, Inc. - Trackpad Gesture Engine Monitor.) -- C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2385920] [PID.2516] =>.Cypress Semiconductor, Inc. [MD5.10ACE1D0BBEA33E512B9825B937F0B02] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464] [PID.2600] =>.Synaptics Incorporated® [MD5.1356F8CE8FF524D819AAB22DE18DBD97] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152] [PID.2624] =>.Tonec Inc. [MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.2632] =>.SFX TEAM [MD5.155D26FEECD57B8F7450B0E123F74243] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe [625400] [PID.3056] =>.Avira Operations GmbH & Co. KG® [MD5.E4FA6C88C94F33FF0D285EBCE3494F59] - (.Avira Operations GmbH & Co. KG - Antivirus MailScanner WFP Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192] [PID.716] =>.Avira Operations GmbH & Co. KG® [MD5.E2909E9905CBDEDD5D8CF2BCCB95EB29] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard WFP Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993528] [PID.3008] =>.Avira Operations GmbH & Co. KG® [MD5.BAC15D03EFC8249216D1D610F3B1E67F] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528] [PID.3156] =>.Lanzhou Itanium Software Technology Co., Ltd.® [MD5.2F0B53858AA78DE66EDC863A6D0E1985] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [298776] [PID.3204] =>.Intel Corporation - Software and Firmware Products® [MD5.4CB8FD50DDA9D28A68A7A27D06768B40] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280] [PID.3240] =>.Avira Operations GmbH & Co. KG® [MD5.048BA392749DE4C370C1D1BF9EAEC8E8] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SynTP\SYNTPHELPER.EXE [201384] [PID.1756] =>.Synaptics Incorporated® [MD5.AEB8F2D52D4D3903F439B3C9EC01D00B] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392856] [PID.3104] =>.Realtek Semiconductor Corp® [MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.3868] =>.Tonec Inc.® [MD5.F07A38A03A0CB06ED65ACB6A4EE8F2A4] - (.Intel Corporation - igfxEM Module.) -- C:\Windows\System32\igfxEM.exe [313448] [PID.4612] =>.Intel Corporation - pGFX® [MD5.F5320A9AD65D13FD050FD0D7FD24ED22] - (.Intel Corporation - igfxHK Module.) -- C:\Windows\System32\igfxHK.exe [248424] [PID.4628] =>.Intel Corporation - pGFX® [MD5.93DD1B271EA7AEBAA40F6643EB9E667E] - (...) -- C:\Windows\System32\igfxTray.exe [391784] [PID.4652] =>.Intel Corporation - pGFX® [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe [811848] [PID.2312] =>.Google Inc® [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe [811848] [PID.3952] =>.Google Inc® [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe [811848] [PID.1472] =>.Google Inc® [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe [811848] [PID.828] =>.Google Inc® [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe [811848] [PID.1244] =>.Google Inc® [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe [811848] [PID.2180] =>.Google Inc® [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe [811848] [PID.2164] =>.Google Inc® [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe [811848] [PID.3584] =>.Google Inc® [MD5.4FA12350B04AAECF0D3893ADFB65101C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Ibrahim\AppData\Roaming\ZHP\ZHPDiag3.exe [2216960] [PID.2688] =>.Nicolas Coolman ---\\ Google Chrome, Start,Search,Extensions (13) - 0s G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com.eg G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [aobeeghhhohhefmlmbpmkcdndgebpfkf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [cagadmdbgilnldcpegonkaifdiekfibf] 123Kora G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [ngpampappnmepgilojfohadhhmbhlaek] IDM Integration Module G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc. ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (1) - 0s P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll =>.Adobe Systems Incorporated ---\\ Internet Explorer Extensions, Start, Search (17) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer ---\\ Internet Explorer, Proxy Management (4) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation ---\\ Hosts file redirection (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (21) ---\\ Browser Helper Object (BHO) (1) - 0s O2 - BHO: IDM Helper [64Bits] - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll =>.Tonec Inc.® ---\\ Auto loading programs from Registry and folders (18) - 0s O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp® O4 - HKLM\..\Run: [RtHDVBg_MAXX6] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe =>.Realtek Semiconductor Corp® O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe =>.Alps Electric Co., LTD.® O4 - HKLM\..\Run: [CyCpIo] . (.Cypress Semiconductor Corporation - Trackpad Bus Monitor.) -- C:\Program Files\Cypress\TrackPad\CyCpIo.exe O4 - HKLM\..\Run: [CyHidWin] . (.Cypress Semiconductor, Inc. - Trackpad Gesture Engine Monitor.) -- C:\Program Files\Cypress\TrackPad\CyHidWin.exe =>.Cypress Semiconductor, Inc. O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe =>.Synaptics Incorporated® O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe =>.SFX TEAM O4 - HKLM\..\Wow6432Node\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe =>.Lanzhou Itanium Software Technology Co., Ltd.® O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe =>.Intel Corporation - Software and Firmware Products® O4 - HKLM\..\Wow6432Node\Run: [8c4ccc2d6bdf9b4f6d465462aeb2f674] C:\Users\Ibrahim\AppData\Local\Temp\chrome.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe =>.Avira Operations GmbH & Co. KG® O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-3911675197-315075566-2707789709-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - HKUS\S-1-5-21-3911675197-315075566-2707789709-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe =>.SFX TEAM ---\\ Global shortcuts Startup (28) - 2s O4 - GS\Desktop [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\Desktop [Administrator]: Gta IV.lnk . (.Sony DADC Austria AG - SecuROM Launcher.) D:\Grand Theft Auto IV\LaunchGTAIV.exe =>.Sony DADC Austria AG O4 - GS\Desktop [Administrator]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - GS\Desktop [Administrator]: KMPlayer.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe {106CB8E1A76002B367F8EC4EAD341212} =>.PandoraTV O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ibrahim\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Administrator]: KMPlayer.exe.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe {106CB8E1A76002B367F8EC4EAD341212} =>.PandoraTV O4 - GS\Desktop [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\Desktop [Guest]: Gta IV.lnk . (.Sony DADC Austria AG - SecuROM Launcher.) D:\Grand Theft Auto IV\LaunchGTAIV.exe =>.Sony DADC Austria AG O4 - GS\Desktop [Guest]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - GS\Desktop [Guest]: KMPlayer.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe {106CB8E1A76002B367F8EC4EAD341212} =>.PandoraTV O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ibrahim\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Guest]: KMPlayer.exe.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe {106CB8E1A76002B367F8EC4EAD341212} =>.PandoraTV O4 - GS\Desktop [Ibrahim]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\Desktop [Ibrahim]: Gta IV.lnk . (.Sony DADC Austria AG - SecuROM Launcher.) D:\Grand Theft Auto IV\LaunchGTAIV.exe =>.Sony DADC Austria AG O4 - GS\Desktop [Ibrahim]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc. O4 - GS\Desktop [Ibrahim]: KMPlayer.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe {106CB8E1A76002B367F8EC4EAD341212} =>.PandoraTV O4 - GS\Desktop [Ibrahim]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ibrahim\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman O4 - GS\Quicklaunch [Ibrahim]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Ibrahim]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O4 - GS\TaskBar [Ibrahim]: KMPlayer.exe.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe {106CB8E1A76002B367F8EC4EAD341212} =>.PandoraTV O4 - GS\CommonDesktop [Public]: Avira Control Center.lnk . (.Avira Operations GmbH & Co. KG - Control Center.) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe =>.Avira Operations GmbH & Co. KG® O4 - GS\CommonDesktop [Public]: USB Disk Security.lnk . (.Zbshareware Lab - USB Disk Security.) C:\Program Files (x86)\USB Disk Security\USBGuard.exe =>.Lanzhou Itanium Software Technology Co., Ltd.® O4 - GS\CommonDesktop [Public]: Web Navigation.lnk . (...) C:\Program Files (x86)\USB Disk Security\linkzb.exe =>.Lanzhou Itanium Software Technology Co., Ltd.® O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) C:\Windows\system32\taskschd.msc ---\\ Lop.com/Domain Hijackers (2) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\..\{39ECAE2E-5C94-4184-97D5-3B9A4562EEB4}: DhcpNameServer = 192.168.1.1 0.0.0.0 ---\\ Extra protocols (22) - 0s O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation® O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation® O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation® O18 - Filter: deflate [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation ---\\ AppInit_DLLs Registry value Autorun (1) - 0s O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 350.) - C:\Windows\System32\nvinitx.dll ---\\ Software installed (20) - 3s O42 - Logiciel: Adobe Flash Player 19 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated® O42 - Logiciel: Avira Internet Security v14.0.8.532 - (.Avira.) [HKLM][64Bits] -- Avira AntiVir Desktop =>.Avira Operations GmbH & Co. KG® O42 - Logiciel: Cypress TrackPad - (.Cypress Semiconductor, Inc..) [HKLM][64Bits] -- {7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1 =>.Cypress Semiconductor, Inc. O42 - Logiciel: Dell Touchpad - (.ALPS ELECTRIC CO., LTD..) [HKLM][64Bits] -- {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} =>.Alps Electric Co., LTD.® O42 - Logiciel: Dell Touchpad - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey =>.Synaptics Incorporated O42 - Logiciel: EGY Super Patch 2016 - (.MODY 99.) [HKLM][64Bits] -- {504F9396-A4BF-4582-A48A-FE1D7B656146} O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU][64Bits] -- Google Chrome =>.Google Inc® O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation - pGFX® O42 - Logiciel: Intel(R) USB 3.0 eXtensible Host Controller Driver - (.Intel Corporation.) [HKLM][64Bits] -- {240C3DDD-C5E9-4029-9DF7-95650D040CF2} =>.Intel Corporation - Software and Firmware Products® O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM][64Bits] -- Internet Download Manager =>.Tonec Inc.® O42 - Logiciel: KMPlayer (remove only) - (.PandoraTV.) [HKLM][64Bits] -- The KMPlayer =>.PandoraTV O42 - Logiciel: NVIDIA Control Panel 350.12 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation O42 - Logiciel: NVIDIA Graphics Driver 350.12 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation O42 - Logiciel: NVIDIA Optimus Update 2.4.1.21 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus =>.NVIDIA Corporation O42 - Logiciel: NVIDIA Update 2.4.1.21 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp® O42 - Logiciel: SuperCopier2 - (...) [HKLM][64Bits] -- SuperCopier2 O42 - Logiciel: USB Disk Security - (.Zbshareware Lab.) [HKLM][64Bits] -- USB Disk Security_is1 =>.Zbshareware Lab O42 - Logiciel: WinRAR 5.11 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH® ---\\ HKCU & HKLM Software Keys (48) - 3s HKLM\SOFTWARE\Wow6432Node\Avira HKLM\SOFTWARE\Wow6432Node\Caphyon HKLM\SOFTWARE\Wow6432Node\Google HKLM\SOFTWARE\Wow6432Node\Intel HKLM\SOFTWARE\Wow6432Node\Internet Download Manager HKLM\SOFTWARE\Wow6432Node\Khronos HKLM\SOFTWARE\Wow6432Node\KMPlayer HKLM\SOFTWARE\Wow6432Node\KONAMI HKLM\SOFTWARE\Wow6432Node\Macromedia HKLM\SOFTWARE\Wow6432Node\MODY 99 HKLM\SOFTWARE\Wow6432Node\Mozilla HKLM\SOFTWARE\Wow6432Node\mozilla.org HKLM\SOFTWARE\Wow6432Node\MozillaPlugins HKLM\SOFTWARE\Wow6432Node\Nuance HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation HKLM\SOFTWARE\Wow6432Node\ODBC HKLM\SOFTWARE\Wow6432Node\Waves Audio HKLM\SOFTWARE\Wow6432Node\X-AVCSD HKLM\SOFTWARE\Wow6432Node\zbshareware HKLM\SOFTWARE\Wow6432Node\RegisteredApplications HKCU\SOFTWARE\8c4ccc2d6bdf9b4f6d465462aeb2f674 =>PUP.Optional.CrossRider HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\Alawar HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\Avira HKCU\SOFTWARE\BNE HKCU\SOFTWARE\BoaSoftware HKCU\SOFTWARE\Bossa Studios HKCU\SOFTWARE\Cypress TrackPad Driver HKCU\SOFTWARE\DownloadManager HKCU\SOFTWARE\drpsu HKCU\SOFTWARE\Google HKCU\SOFTWARE\Intel HKCU\SOFTWARE\KMPlayer HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\NVIDIA Corporation HKCU\SOFTWARE\Realtek HKCU\SOFTWARE\SFX TEAM HKCU\SOFTWARE\Synaptics HKCU\SOFTWARE\Sysinternals HKCU\SOFTWARE\VB and VBA Program Settings HKCU\SOFTWARE\Winamp HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\Wow6432Node HKCU\SOFTWARE\ZebHelpProcess Helper ---\\ Contents of the Common Files folders (123) - 3s O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Common Files O43 - CFD: 12/06/2016 - [] D -- C:\Program Files\Cypress O43 - CFD: 12/06/2016 - [] D -- C:\Program Files\DellTPad =>.Alps Electric Co., LTD.® O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\DVD Maker O43 - CFD: 17/06/2016 - [] D -- C:\Program Files\Enigma Software Group {1C6A8D41C04792FBEEDF142C7A79B1CA} O43 - CFD: 12/06/2016 - [] D -- C:\Program Files\Intel O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Internet Explorer O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Microsoft Games O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\MSBuild O43 - CFD: 12/06/2016 - [] D -- C:\Program Files\NVIDIA Corporation =>.NVIDIA Corporation® O43 - CFD: 12/06/2016 - [] D -- C:\Program Files\Realtek =>.Andrea Electronics® O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Reference Assemblies O43 - CFD: 12/06/2016 - [] D -- C:\Program Files\Synaptics =>.Synaptics Incorporated® O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files\Uninstall Information O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Defender O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Journal O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Mail O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Media Player O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows NT O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation® O43 - CFD: 21/11/2010 - [] D -- C:\Program Files\Windows Portable Devices O43 - CFD: 12/04/2011 - [] D -- C:\Program Files\Windows Sidebar O43 - CFD: 12/06/2016 - [] D -- C:\Program Files\WinRAR =>.win.rar GmbH® O43 - CFD: 17/06/2016 - [] D -- C:\Program Files (x86)\Avira =>.Avira Operations GmbH & Co. KG® O43 - CFD: 12/06/2016 - [] D -- C:\Program Files (x86)\Common Files O43 - CFD: 16/06/2016 - [] D -- C:\Program Files (x86)\Driver Identifier O43 - CFD: 14/06/2016 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation - Software and Firmware Products® O43 - CFD: 12/06/2016 - [] D -- C:\Program Files (x86)\Internet Download Manager O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Internet Explorer O43 - CFD: 12/06/2016 - [] D -- C:\Program Files (x86)\Microsoft.NET O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\MSBuild O43 - CFD: 12/06/2016 - [] D -- C:\Program Files (x86)\NVIDIA Corporation O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Reference Assemblies O43 - CFD: 12/06/2016 - [] D -- C:\Program Files (x86)\SuperCopier2 O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files (x86)\Uninstall Information O43 - CFD: 12/06/2016 - [] D -- C:\Program Files (x86)\USB Disk Security =>.Lanzhou Itanium Software Technology Co., Ltd.® O43 - CFD: 16/06/2016 - [] D -- C:\Program Files (x86)\VideoLAN O43 - CFD: 14/06/2016 - [] D -- C:\Program Files (x86)\WebcamMax O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Defender O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Mail O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Media Player O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Windows NT O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation® O43 - CFD: 21/11/2010 - [] D -- C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Windows Sidebar O43 - CFD: 14/06/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 13/06/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 17/06/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira O43 - CFD: 13/06/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 12/06/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 14/07/2009 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 12/04/2011 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 17/06/2016 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnZixWin O43 - CFD: 12/06/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security O43 - CFD: 12/06/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 14/06/2016 - [] D -- C:\ProgramData\AlawarWrapper O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data O43 - CFD: 17/06/2016 - [] D -- C:\ProgramData\Avira O43 - CFD: 14/06/2016 - [] D -- C:\ProgramData\BlueStacksSetup O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents O43 - CFD: 14/06/2016 - [] D -- C:\ProgramData\FarmFrenzy3_America O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites O43 - CFD: 10/06/2011 - [] D -- C:\ProgramData\Hewlett-Packard O43 - CFD: 12/06/2016 - [0] D -- C:\ProgramData\IDM O43 - CFD: 13/06/2016 - [] D -- C:\ProgramData\KONAMI O43 - CFD: 17/06/2016 - [] SD -- C:\ProgramData\Microsoft O43 - CFD: 12/06/2016 - [] D -- C:\ProgramData\NVIDIA O43 - CFD: 12/06/2016 - [] D -- C:\ProgramData\NVIDIA Corporation O43 - CFD: 13/06/2016 - [] SHD -- C:\ProgramData\SecuROM O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu O43 - CFD: 13/06/2016 - [] D -- C:\ProgramData\Steam O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates O43 - CFD: 12/06/2016 - [] D -- C:\Program Files (x86)\Common Files\Intel O43 - CFD: 13/06/2016 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\Services O43 - CFD: 14/07/2009 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 12/04/2011 - [] D -- C:\Program Files (x86)\Common Files\System O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Adobe O43 - CFD: 17/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Avira O43 - CFD: 17/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\DMCache O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\driveridentifier O43 - CFD: 12/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Identities O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\IDM O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Macromedia O43 - CFD: 12/04/2011 - [0] D -- C:\Users\Ibrahim\AppData\Roaming\Media Center Programs O43 - CFD: 14/06/2016 - [] SD -- C:\Users\Ibrahim\AppData\Roaming\Microsoft O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\MODY 99 O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Mozilla O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\NVIDIA O43 - CFD: 13/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Steam O43 - CFD: 13/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\WebcamMax O43 - CFD: 12/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\WinRAR O43 - CFD: 13/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Zbshareware Lab O43 - CFD: 17/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\ZHP O43 - CFD: 15/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Activision O43 - CFD: 12/06/2016 - [0] SHD -- C:\Users\Ibrahim\AppData\Local\Application Data O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\BlueStacks O43 - CFD: 17/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Diagnostics O43 - CFD: 12/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Google O43 - CFD: 12/06/2016 - [0] SHD -- C:\Users\Ibrahim\AppData\Local\History O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Macromedia O43 - CFD: 17/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Microsoft O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Microsoft Games O43 - CFD: 14/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Mozilla O43 - CFD: 12/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Programs O43 - CFD: 13/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Rockstar Games O43 - CFD: 17/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\Temp O43 - CFD: 12/06/2016 - [0] SHD -- C:\Users\Ibrahim\AppData\Local\Temporary Internet Files O43 - CFD: 15/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Local\VirtualStore O43 - CFD: 12/06/2016 - [0] D -- C:\Users\Ibrahim\AppData\Local\Programs\Common O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 12/06/2016 - [] RD -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 15/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 12/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 12/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 14/07/2009 - [] RD -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 17/06/2016 - [] RD -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 12/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperCopier2 O43 - CFD: 12/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer O43 - CFD: 12/06/2016 - [] D -- C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 14/07/2009 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft ---\\ ShellIconOverlayIdentifiers (SIOI) (2) - 0s O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation ---\\ System Drivers List (71) - 1s O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows® O58 - SDL:2010/11/21 05:23:47 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows® O58 - SDL:2010/11/21 05:23:47 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows® O58 - SDL:2010/06/21 23:07:24 A . (.Alps Electric Co., Ltd. - Alps Touch Pad Driver.) -- C:\Windows\System32\drivers\Apfiltr.sys [304760] =>.Alps Electric Co., LTD.® O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows® O58 - SDL:2015/02/24 09:48:36 A . (.Avira GmbH - Packet filtering kernel driver ( NDIS IM ).) -- C:\Windows\System32\drivers\avfwim.sys [114608] =>.Avira Operations GmbH & Co. KG® O58 - SDL:2015/02/24 09:48:36 A . (.Avira GmbH - TDI filtering kernel driver.) -- C:\Windows\System32\drivers\avfwot.sys [141376] =>.Avira Operations GmbH & Co. KG® O58 - SDL:2015/02/24 09:48:36 A . (.Avira Operations GmbH & Co. KG - Avira Minifilter Driver.) -- C:\Windows\System32\drivers\avgntflt.sys [128536] =>.Avira Operations GmbH & Co. KG® O58 - SDL:2015/02/24 09:48:37 A . (.Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement.) -- C:\Windows\System32\drivers\avipbb.sys [132120] =>.Avira Operations GmbH & Co. KG® O58 - SDL:2015/02/24 09:48:37 A . (.Avira Operations GmbH & Co. KG - Avira Manager Driver.) -- C:\Windows\System32\drivers\avkmgr.sys [28600] =>.Avira Operations GmbH & Co. KG® O58 - SDL:2015/02/24 09:48:38 A . (.Avira Operations GmbH & Co. KG - Avira WFP Network Driver.) -- C:\Windows\System32\drivers\avnetflt.sys [44088] =>.Avira Operations GmbH & Co. KG® O58 - SDL:2009/06/10 22:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation O58 - SDL:2009/06/10 22:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd. O58 - SDL:2009/06/10 22:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd. O58 - SDL:2009/07/14 03:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd. O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd. O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd. O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd. O58 - SDL:2009/06/10 22:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation O58 - SDL:2009/07/14 03:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows® O58 - SDL:2013/09/13 08:28:22 A . (.Cypress Semiconductor, Inc. - Trackpad Driver.) -- C:\Windows\System32\drivers\cykbfltr.sys [19968] =>.Cypress Semiconductor, Inc. O58 - SDL:2013/09/13 08:27:50 A . (.Cypress Semiconductor, Inc. - Trackpad Driver.) -- C:\Windows\System32\drivers\cymfltr.sys [99328] =>.Cypress Semiconductor, Inc. O58 - SDL:2009/07/14 03:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows® O58 - SDL:2009/06/10 22:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation O58 - SDL:2009/09/09 11:23:46 A . (.Intel Corporation - BIOS Update Driver.) -- C:\Windows\System32\drivers\flashud.sys [51712] =>.Intel Corporation O58 - SDL:2009/06/10 22:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc. O58 - SDL:2010/11/21 05:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows® O58 - SDL:2015/01/27 20:33:48 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver -.) -- C:\Windows\System32\drivers\iaStorA.sys [1399536] =>.Intel Corporation - Rapid Storage Technology® O58 - SDL:2015/01/27 20:33:48 A . (.Intel Corporation - Intel(R) Rapid Storage Technology Filter dr.) -- C:\Windows\System32\drivers\iaStorF.sys [30960] =>.Intel Corporation - Rapid Storage Technology® O58 - SDL:2010/11/21 05:23:47 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows® O58 - SDL:2010/08/18 00:28:32 A . (.Intel Corporation - Intel(R) Watchdog Timer Driver (Intel(R) WD.) -- C:\Windows\System32\drivers\ICCWDT.sys [26136] =>.Intel Corporation® O58 - SDL:2015/06/12 04:00:58 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys [197616] =>.Tonec Inc.® O58 - SDL:2015/03/21 01:18:32 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd64.sys [4888368] =>.Intel Corporation - pGFX® O58 - SDL:2009/07/14 03:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows® O58 - SDL:2015/03/21 01:18:22 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\drivers\IntcDAud.sys [460048] =>.Intel Corporation - Client Components Group® O58 - SDL:2016/02/25 12:23:16 A . (.Intel Corporation - Intel(R) USB 3.0 Host Controller Switch Dri.) -- C:\Windows\System32\drivers\iusb3hcs.sys [22768] =>.Intel Corporation - Client Components Group® O58 - SDL:2016/02/25 12:23:18 A . (.Intel Corporation - Intel(R) USB 3.0 Hub Driver.) -- C:\Windows\System32\drivers\iusb3hub.sys [395504] =>.Intel Corporation - Client Components Group® O58 - SDL:2016/02/25 12:23:18 A . (.Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller.) -- C:\Windows\System32\drivers\iusb3xhc.sys [806128] =>.Intel Corporation - Client Components Group® O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows® O58 - SDL:2015/02/22 07:24:28 A . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\System32\drivers\Netwsw02.sys [3438872] =>.Intel Corporation-Wireless Connectivity Solutions® O58 - SDL:2009/07/14 03:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows® O58 - SDL:2015/04/09 02:58:18 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\System32\drivers\nvlddmkm.sys [10423952] =>.NVIDIA Corporation® O58 - SDL:2015/04/09 02:58:18 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\System32\drivers\nvpciflt.sys [31376] =>.NVIDIA Corporation® O58 - SDL:2010/11/21 05:23:47 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows® O58 - SDL:2010/11/21 05:23:47 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows® O58 - SDL:2015/01/15 08:42:24 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Dri.) -- C:\Windows\System32\drivers\Rt64win7.sys [977624] =>.Realtek Semiconductor Corp® O58 - SDL:2015/04/09 19:30:40 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\Windows\System32\drivers\RTKVHD64.sys [4663384] =>.Realtek Semiconductor Corp® O58 - SDL:2014/12/08 15:13:26 A . (.Realsil Semiconductor Corporation - RTS USB READER Driver.) -- C:\Windows\System32\drivers\RtsUer.sys [377560] =>.Realtek Semiconductor Corp® O58 - SDL:2009/06/10 22:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited, O58 - SDL:2009/07/14 03:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows® O58 - SDL:2014/11/06 06:37:42 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008] =>.Synaptics Incorporated® O58 - SDL:2009/07/14 03:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows® O58 - SDL:2015/01/14 02:31:54 A . (.Synaptics Incorporated - Synaptics Touchpad Win64 Driver.) -- C:\Windows\System32\drivers\SynTP.sys [586408] =>.Synaptics Incorporated® O58 - SDL:2014/04/23 10:50:52 A . (.TOSHIBA CORPORATION - Bluetooth RF Bus Driver.) -- C:\Windows\System32\drivers\tosrfbd.sys [308976] =>.TOSHIBA CORPORATION® O58 - SDL:2014/06/22 16:57:12 A . (.TOSHIBA CORPORATION - Bluetooth USB Miniport Driver.) -- C:\Windows\System32\drivers\tosrfusb.sys [95096] =>.TOSHIBA CORPORATION® O58 - SDL:2009/07/14 03:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows® O58 - SDL:2009/07/14 03:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows® O58 - SDL:2012/04/15 23:32:14 A . (.Windows (R) Win 7 DDK provider - WebcamMax Capture.) -- C:\Windows\System32\drivers\wcmvcam64.sys [1071032] {6E0A5E2C7C789BDA175F577FFD554961} =>.Windows (R) Win 7 DDK provider ---\\ Last modified or created user files (5) - 1s O61 - LFC: 2016/06/16 23:24:13 A . (..) -- C:\Users\Ibrahim\Documents\KONAMI\Pro Evolution Soccer 2013\save\OPTION.bin [402008] O61 - LFC: 2016/06/14 01:22:45 A . (..) -- C:\Users\Ibrahim\AppData\Roaming\NVIDIA\GLCache\021d3fd6de95aa968deb6ba54dc7e3bd\9cc7355f83b14f80\12941eaaffc1d2fd.bin [2366] O61 - LFC: 2016/06/15 13:03:12 RA . (..) -- C:\Users\Ibrahim\AppData\Local\VirtualStore\logwmemory.bin [0] O61 - LFC: 2016/06/12 19:49:36 A . (..) -- C:\Users\Ibrahim\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin [297531] O61 - LFC: 2016/06/17 16:48:12 A . (..) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [674082] ---\\ File Associations Shell Spawning (11) - 0s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation® O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® ---\\ Start Menu Internet (8) - 0s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc® O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation® O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Users\Ibrahim\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation ---\\ Search Browser Infection (2) - 2s O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ ---\\ Search Svchost Services (33) - 0s O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [777728] =>.Microsoft Corporation O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [853504] =>.Microsoft Corporation O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [679424] =>.Microsoft Corporation O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328] =>.Microsoft Corporation O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064] =>.Microsoft Corporation O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [680960] =>.Microsoft Corporation O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [2420736] =>.Microsoft Corporation O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920] =>.Microsoft Corporation O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720] =>.Microsoft Corporation O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70656] =>.Microsoft Corporation O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [67584] =>.Microsoft Corporation O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136192] =>.Microsoft Corporation O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [209920] =>.Microsoft Corporation O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [44544] =>.Microsoft Corporation O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [193536] =>.Microsoft Corporation ---\\ Firewall Active Exception List (4) - 1s O87 - FAEL: "{E5EE99C9-7751-49B3-B046-93884DD9DDE2}" [In-None-P17-FALSE] .(...) -- C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe (.not file.) O87 - FAEL: "{56CC04B9-EF4B-45BA-AF81-505DCEB6CD37}" [Out-None-P17-FALSE] .(...) -- C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe (.not file.) O87 - FAEL: "{0FB4A2E2-7C1A-4555-8192-002D252C82E9}" [In-None-P6-FALSE] .(...) -- C:\Users\Ibrahim\AppData\Local\Temp\chrome.exe (.not file.) O87 - FAEL: "{F285A4FB-03E9-4A0B-AD9D-1F18FD4CF9CC}" [In-None-P17-FALSE] .(...) -- C:\Users\Ibrahim\AppData\Local\Temp\chrome.exe (.not file.) ---\\ Search Tracing Registry Key (2) - 1s HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 =>Toolbar.Ask HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS =>Toolbar.Ask ---\\ Additional Scan (O88) (3) - 0s HKCU\SOFTWARE\8c4ccc2d6bdf9b4f6d465462aeb2f674 =>PUP.Optional.CrossRider HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 =>Toolbar.Ask HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS =>Toolbar.Ask ---\\ Summary of the elements found (2) - 0s https://www.nicolascoolman.info/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider http://www.nicolascoolman.fr/?p=235 =>Toolbar.Ask ~ End of the scan, 13164 items in 00h00mn42s (600)(0)