Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ ZHPDiag v2016.8.15.135 By Nicolas Coolman (2016/08/15)
~ Run by Tarek (Administrator) (2016/08/17 14:05:09)
~ Web: https://www.nicolascoolman.com
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Tarek\Desktop\ZHPDiag.txt
~ Report: C:\Users\Tarek\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 8.1 Pro, 32-bit (Build 9600)
---\\ Internet Browsers (3) - 0s
GCIE: Google Chrome v52.0.2743.116
MFIE: Mozilla Firefox 35.0.1 (x86 en-US)
MSIE: Internet Explorer v11.0.9600.16384
---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
---\\ System protection software (2) - 4s
AVG Protection v2016.101.7752
Windows Defender (Deactivate)
---\\ System optimization software (1) - 4s
CCleaner v4.19
---\\ Surveillance software (1) - 4s
Adobe Flash Player 22 NPAPI
---\\ Sharing software PeerToPeer (1) - 4s
µTorrent v3.4.8.42449
---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 3069.804 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 51 GB () free of 100 GB
---\\ Connection to the system mode (3) - 0s
~ Computer Name: GUNDALF
~ User Name: Tarek
~ Logged in as Administrator
---\\ Enumeration of the disk units (3) - 0s
~ Drive C: has 51 GB free of 100 GB (System)
~ Drive E: has 103 GB free of 169 GB
~ Drive F: has 125 GB free of 205 GB
---\\ State of the Windows Security Center (10) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
---\\ Search Generic System Files (23) - 1s
[MD5.2CA8E3C9335C3C8BAEB335345E48364D] - 22/08/2013 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2063408] =>.Microsoft Windows®
[MD5.BE1DAE43DFBCA94FB6B4157C1B16923E] - 22/08/2013 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [49664] =>.Microsoft Corporation
[MD5.02BC073156B3097E94D63C4D609020DD] - 22/08/2013 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [112640] =>.Microsoft Corporation
[MD5.10FD6F9A2A86863B906AFFA74CA5D99D] - 22/08/2013 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1815552] =>.Microsoft Corporation
[MD5.94385F95EF948FB274A70DE3EDE5696D] - 22/08/2013 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [458752] =>.Microsoft Corporation
[MD5.570A1D37FEECE56BBF7A70A02C817B4E] - 22/08/2013 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [438272] =>.Microsoft Corporation
[MD5.9AE11282C83784273732ED155BC9FF4A] - 22/08/2013 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [492032] =>.Microsoft Corporation
[MD5.2AF7DA157FFF947A507FCB4AB8BB4C7C] - 22/08/2013 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [455168] =>.Microsoft Corporation
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - 22/08/2013 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [23392] =>.Microsoft Windows®
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - 22/08/2013 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [73728] =>.Microsoft Corporation
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - 22/08/2013 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [124928] =>.Microsoft Corporation
[MD5.D4ADBFC2409EF883164F3AA49B22F366] - 22/08/2013 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [101376] =>.Microsoft Corporation
[MD5.A31901DE6A22EA67AB83AAF7036F98CC] - 22/08/2013 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [69632] =>.Microsoft Corporation
[MD5.5043E69532392A43549E5D41E22638AA] - 22/08/2013 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [82944] =>.Microsoft Corporation
[MD5.9A2B6C11B55351B5FD7BF609FD8A97F9] - 22/08/2013 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [126464] =>.Microsoft Corporation
[MD5.F1342206FBC747AA20FEBA110DDE43FA] - 22/08/2013 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [333824] =>.Microsoft Corporation
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - 22/08/2013 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [218624] =>.Microsoft Corporation
[MD5.813F49CF41F561C52F3CF69A1B09E967] - 22/08/2013 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1676128] =>.Microsoft Windows®
[MD5.4F30970F15ADCC382544B31D5D7E368E] - 22/08/2013 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [81408] =>.Microsoft Corporation
[MD5.C51AB62AB41A2E8560D12472B204CC00] - 22/08/2013 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [81920] =>.Microsoft Corporation
[MD5.67E91843B0344411820A012063E876B2] - 22/08/2013 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [143872] =>.Microsoft Corporation
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - 22/08/2013 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [87040] =>.Microsoft Corporation
[MD5.5F9A69B5C5C34197037A7EA36F4A7BE7] - 22/08/2013 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [265568] =>.Microsoft Windows®
---\\ Non Microsoft non disabled Windows Services (8) - 1s
O23 - Service: AVG Firewall (avgfws) . (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) - C:\Program Files\AVG\Av\avgfws.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) - C:\Program Files\AVG\Av\avgidsagent.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o. - AVG Service Process.) - C:\Program Files\AVG\Framework\Common\avgsvcx.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVG WatchDog (avgwd) . (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - C:\Program Files\AVG\Av\avgwdsvcx.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) . (.Ralink Technology, Corp. - RalinkRegistryWriter.) - C:\Program Files\Ralink\Common\RaRegistry.exe =>.Ralink Technology Corporation®
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe =>.DEVGURU CO LTD®
O23 - Service: (Update service) . (.Popcorn Time - Updater.) - C:\Program Files\Popcorn Time\Updater.exe =>.Popcorn Time
---\\ Services not Microsoft (SR=Run, SS=Stop) (13) - 13s
SS - Demand [14/07/2016] [ 270016] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SS - Demand [28/07/2016] [ 674552] AvgAMPS (AvgAMPS) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Av\avgamps.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [28/07/2016] [ 1639832] AVG Firewall (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Av\avgfws.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [28/07/2016] [ 4097280] AVGIDSAgent (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Av\avgidsagent.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [20/07/2016] [ 906512] AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Framework\Common\avgsvcx.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [28/07/2016] [ 632632] AVG WatchDog (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Av\avgwdsvcx.exe =>.AVG Technologies CZ, s.r.o.®
SS - Auto [30/08/2015] [ 144200] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [30/08/2015] [ 144200] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [16/05/2015] [ 114800] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SR - Auto [15/12/2009] [ 185632] Ralink Registry Writer (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\Ralink\Common\RaRegistry.exe =>.Ralink Technology Corporation®
SR - Auto [13/10/2014] [ 743688] SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe =>.DEVGURU CO LTD®
SR - Auto [19/10/2015] [ 339968] (Update service) . (.Popcorn Time.) - C:\Program Files\Popcorn Time\Updater.exe =>.Popcorn Time
---\\ Task Planned Automatically (15) - 5s
[MD5.00000000000000000000000000000000] [APT] [TaskName] (...) -- Task To Run (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.32B31B696CB8E8F380831DFEB80A67E4] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [270016] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.EE81C6A4186274E057ADC1EE623137A5] [APT] [AutoPico Daily Restart] (.@ByELDI.) -- C:\Program Files\KMSpico\AutoPico.exe [998080] (.Activate.) =>HackTool.KMSpico
[MD5.870893F2365CA9D91D2AC7C0BD391868] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [4826904] (.Activate.) =>.Piriform Ltd®
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
[MD5.00000000000000000000000000000000] [APT] [{EAC43473-D288-485D-B16D-65B50EFC4481}] (...) -- G:\AutoRun.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830] =>.Adobe Systems Incorporated®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [906] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [910] =>.Google Inc®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3718] =>.Adobe Systems Incorporated®
O39 - APT: AutoPico Daily Restart - (.@ByELDI.) -- C:\Windows\System32\Tasks\AutoPico Daily Restart [3704] =>HackTool.KMSpico
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2772] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3646] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [3882] =>.Google Inc®
---\\ Process running (35) - 1s
[MD5.538191D31E96EE5EE30A00EFCCFC222A] - (.AVG Technologies CZ, s.r.o. - AVG Service Process.) -- C:\Program Files\AVG\Framework\Common\avgsvcx.exe [906512] [PID.440] =>.AVG Technologies CZ, s.r.o.®
[MD5.97E8EA87A5764E7637611D9D7CF24A1E] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\Av\avgwdsvcx.exe [632632] [PID.464] =>.AVG Technologies CZ, s.r.o.®
[MD5.720FEA3AAA15FE7E0BEAB10AC2E6D2B0] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files\Ralink\Common\RaRegistry.exe [185632] [PID.1592] =>.Ralink Technology Corporation®
[MD5.9DA3B55B17B54789AFB8C657D4ACE4D7] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) -- C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688] [PID.1884] =>.DEVGURU CO LTD®
[MD5.BD93D1A0E0A7A96BEA4585F17C9B3307] - (.Popcorn Time - Updater.) -- C:\Program Files\Popcorn Time\Updater.exe [339968] [PID.2084] =>.Popcorn Time
[MD5.60D66CEB34E0F631C206423CEFE35FDB] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [143392] [PID.5716] =>.Intel Corporation - pGFX®
[MD5.2308A07BD53235EC6A0640DE5E58BAE7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [178208] [PID.5344] =>.Intel Corporation - pGFX®
[MD5.BD7D0E6082E90D3AE3676548F64A8251] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [178720] [PID.5072] =>.Intel Corporation - pGFX®
[MD5.94444693EA13A72F6820DFF844A1122E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176] [PID.2932] =>.Synaptics Incorporated®
[MD5.3E802CE450D0E7A234978E9A2EA4772A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SynTP\SYNTPHELPER.EXE [107816] [PID.4648] =>.Synaptics Incorporated®
[MD5.3A767D4CF95CAC1299554B89C4DE5920] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616] [PID.2384] =>.Samsung Electronics CO., LTD.®
[MD5.DEFCF7538D3B04962349E61A302617DA] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\Framework\Common\avguix.exe [1451792] [PID.3652] =>.AVG Technologies CZ, s.r.o.®
[MD5.7EF9633A2409048FB40DBC2B83A42C0F] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [1566016] [PID.4000] =>.Samsung Electronics CO., LTD.®
[MD5.CC436BB2A26391F3DEBE316F6FB0474F] - (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Tarek\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008] [PID.5572] =>.Microsoft Corporation®
[MD5.6DCDD8AF0B44CC5344FE2ED1AFFB60AA] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1672480] [PID.2608] =>.Ralink Technology Corporation®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.5888] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.4340] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.4296] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.5908] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.4360] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.2692] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.3752] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.3640] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.4276] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.1648] =>.Google Inc®
[MD5.BE3D86A4ACFF79C60E79B6CB4CA854BE] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\Av\avgrsx.exe [1050896] [PID.2984] =>.AVG Technologies CZ, s.r.o.®
[MD5.E5A0BA616D5857F1C99FC6F42B8C3DAC] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\Av\avgcsrvx.exe [1004304] [PID.3496] =>.AVG Technologies CZ, s.r.o.®
[MD5.567EE33A5AC494594263A7671DE41AEC] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\Av\avgnsx.exe [1280272] [PID.3196] =>.AVG Technologies CZ, s.r.o.®
[MD5.59E0AD60F6A4F5E9B39BB49068CBEEBB] - (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) -- C:\Program Files\AVG\Av\avgfws.exe [1639832] [PID.3828] =>.AVG Technologies CZ, s.r.o.®
[MD5.7D717B4CC97F4F9676F9AD2EF822E498] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\Av\avgemcx.exe [811280] [PID.3232] =>.AVG Technologies CZ, s.r.o.®
[MD5.23C90F679FBEEF3618AFD3A424A89F8B] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\Av\avgui.exe [5299984] [PID.3100] =>.AVG Technologies CZ, s.r.o.®
[MD5.870893F2365CA9D91D2AC7C0BD391868] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [4826904] [PID.2140] =>.Piriform Ltd®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.96] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.600] =>.Google Inc®
[MD5.451039ECF28F17D3B5A290A13400862F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Tarek\Downloads\ZHPDiag3.exe [2295808] [PID.3000] =>.Nicolas Coolman
---\\ Google Chrome, Start,Search,Extensions (9) - 1s
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [dlekddgkpaddbgbpikkfodhjfjjmomgf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [gfpgaanechfneiboempkfjghninbibjn] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ngpampappnmepgilojfohadhhmbhlaek] IDM Integration Module
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (19) - 2s
M0 - MFSP: prefs.js [Tarek - idrh5t33.default] https://www.malwarebytes.org/restorebrowser//?type=hp&ts=1455230644&z=d6796d9fe92a56961ea94cdgaz7w2w1o8c8e8q5z2z&from=amt&uid=toshibaxmk5076gsx_y2uht0y2txxy2uht0y2t
P2 - EXT FILE: (.Microsoft Corporation - Bing Search.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\bingsearch.full@microsoft.com.xpi =>.Microsoft Corporation
P2 - EXT FILE: (.FBChatSeenBlocker - Blocks the ”seen” feature of the Faceb.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi
P2 - EXT FILE: (.Adblock Plus - Ads were yesterday!.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi =>.Adblock Plus
P2 - EXT FILE: (.Bing - Bing. Search by Microsoft.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\searchplugins\bing-.xml =>.Bing
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\amazondotcom.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} =>.Mozilla
P2 - EXT: (. - PraiceMinus.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\E@GM.org
P2 - EXT: (. - UUnIDeaLSi.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\v@aB6.com
P2 - FPN: [HKCU] [@hola.org/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Users\Tarek\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll =>.Adobe Systems Incorporated
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_22_0_0_209.dll =>.Adobe Systems Incorporated
---\\ Internet Explorer Extensions, Start, Search (10) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/ =>PUP.Optional.MyWebSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0
---\\ Internet Explorer, Proxy Management (4) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation
---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (29)
---\\ Browser Helper Object (BHO) (2) - 0s
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll =>.Tonec Inc.®
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} . (.IDM - QUICKfind BHO Object.) -- C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll =>.IDM
---\\ Auto loading programs from Registry and folders (17) - 1s
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe =>.Intel Corporation - pGFX®
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe =>.Intel Corporation - pGFX®
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe =>.Intel Corporation - pGFX®
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe =>.Synaptics Incorporated®
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - HKLM\..\Run: [AvgUi] . (.AVG Technologies CZ, s.r.o. - AVG Ui (Re)Starter.) -- C:\Program Files\AVG\Framework\Common\avguirnx.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - None.) -- C:\Program Files\AVG\Av\avuirunnerx.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe =>.Samsung Electronics CO., LTD.®
O4 - HKCU\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Tarek\AppData\Local\Microsoft\BingSvc\BingSvc.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe =>.Samsung Electronics CO., LTD.®
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Tarek\AppData\Local\Microsoft\BingSvc\BingSvc.exe =>.Microsoft Corporation®
---\\ Global shortcuts Startup (91) - 7s
O4 - GS\Desktop [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Administrator]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [Administrator]: KMPlayer.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\Desktop [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Desktop [Administrator]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Tarek\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Administrator]: chrome.LNK . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Mozilla Firefox.LNK . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Quicklaunch [Administrator]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\Quicklaunch [Administrator]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Quicklaunch [Administrator]: Samsung Kies (Lite).lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Administrator]: Samsung Kies.lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\TaskBar [Administrator]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\TaskBar [Administrator]: COED11.lnk . (.Oxford University Press - Concise Oxford English Dictionary (Eleventh.) C:\Program Files\COED11\coed11.exe
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: KMPlayer.exe.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\TaskBar [Administrator]: Merriam- Webster References.lnk . (.Merriam-Webster - Merriam-Webster Dictionary Application.) C:\Program Files\Merriam-Webster\merriam-webster.exe =>.Merriam-Webster
O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Administrator]: Oxford Advanced Learner's Dictionary - 7th Edition.lnk . (.mozilla.org - oald7.) C:\Program Files\Oxford\OALD7\oald7.exe =>.mozilla.org
O4 - GS\TaskBar [Administrator]: Oxford Learner's Thesaurus.lnk . (.mozilla.org - olt1.) C:\Program Files\Oxford\Oxford Learner's Thesaurus\olt1.exe =>.mozilla.org
O4 - GS\TaskBar [Administrator]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\TaskBar [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Startup [Administrator]: Kickass_torrent (1).lnk . (...) C:\ProgramData\{c8fed2e6-4aa0-8733-c8fe-ed2e64aa4b99}\Kickass_torrent (1).exe
O4 - GS\Startup [Administrator]: Kickass_torrent.lnk . (...) C:\ProgramData\{46559ba2-0a81-3019-4655-59ba20a86e88}\Kickass_torrent.exe
O4 - GS\Startup [Administrator]: PalTalk.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Guest]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [Guest]: KMPlayer.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\Desktop [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Desktop [Guest]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Tarek\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Guest]: chrome.LNK . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Mozilla Firefox.LNK . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Quicklaunch [Guest]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\Quicklaunch [Guest]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Quicklaunch [Guest]: Samsung Kies (Lite).lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Guest]: Samsung Kies.lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\TaskBar [Guest]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\TaskBar [Guest]: COED11.lnk . (.Oxford University Press - Concise Oxford English Dictionary (Eleventh.) C:\Program Files\COED11\coed11.exe
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: KMPlayer.exe.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\TaskBar [Guest]: Merriam- Webster References.lnk . (.Merriam-Webster - Merriam-Webster Dictionary Application.) C:\Program Files\Merriam-Webster\merriam-webster.exe =>.Merriam-Webster
O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Guest]: Oxford Advanced Learner's Dictionary - 7th Edition.lnk . (.mozilla.org - oald7.) C:\Program Files\Oxford\OALD7\oald7.exe =>.mozilla.org
O4 - GS\TaskBar [Guest]: Oxford Learner's Thesaurus.lnk . (.mozilla.org - olt1.) C:\Program Files\Oxford\Oxford Learner's Thesaurus\olt1.exe =>.mozilla.org
O4 - GS\TaskBar [Guest]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\TaskBar [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Startup [Guest]: Kickass_torrent (1).lnk . (...) C:\ProgramData\{c8fed2e6-4aa0-8733-c8fe-ed2e64aa4b99}\Kickass_torrent (1).exe
O4 - GS\Startup [Guest]: Kickass_torrent.lnk . (...) C:\ProgramData\{46559ba2-0a81-3019-4655-59ba20a86e88}\Kickass_torrent.exe
O4 - GS\Startup [Guest]: PalTalk.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Tarek]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Tarek]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [Tarek]: KMPlayer.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\Desktop [Tarek]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Desktop [Tarek]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Tarek]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Tarek\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Tarek]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Tarek]: chrome.LNK . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Tarek]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Tarek]: Mozilla Firefox.LNK . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Quicklaunch [Tarek]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\Quicklaunch [Tarek]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Quicklaunch [Tarek]: Samsung Kies (Lite).lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Tarek]: Samsung Kies.lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Tarek]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\TaskBar [Tarek]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\TaskBar [Tarek]: COED11.lnk . (.Oxford University Press - Concise Oxford English Dictionary (Eleventh.) C:\Program Files\COED11\coed11.exe
O4 - GS\TaskBar [Tarek]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Tarek]: KMPlayer.exe.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\TaskBar [Tarek]: Merriam- Webster References.lnk . (.Merriam-Webster - Merriam-Webster Dictionary Application.) C:\Program Files\Merriam-Webster\merriam-webster.exe =>.Merriam-Webster
O4 - GS\TaskBar [Tarek]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Tarek]: Oxford Advanced Learner's Dictionary - 7th Edition.lnk . (.mozilla.org - oald7.) C:\Program Files\Oxford\OALD7\oald7.exe =>.mozilla.org
O4 - GS\TaskBar [Tarek]: Oxford Learner's Thesaurus.lnk . (.mozilla.org - olt1.) C:\Program Files\Oxford\Oxford Learner's Thesaurus\olt1.exe =>.mozilla.org
O4 - GS\TaskBar [Tarek]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\TaskBar [Tarek]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Startup [Tarek]: Kickass_torrent (1).lnk . (...) C:\ProgramData\{c8fed2e6-4aa0-8733-c8fe-ed2e64aa4b99}\Kickass_torrent (1).exe
O4 - GS\Startup [Tarek]: Kickass_torrent.lnk . (...) C:\ProgramData\{46559ba2-0a81-3019-4655-59ba20a86e88}\Kickass_torrent.exe
O4 - GS\Startup [Tarek]: PalTalk.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\CommonDesktop [Public]: AVG Protection.lnk . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) C:\Program Files\AVG\Av\avgui.exe =>.AVG Technologies CZ, s.r.o.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: Samsung Kies (Lite).lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\CommonDesktop [Public]: Samsung Kies.lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\CommonDesktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media player.) C:\Program Files\VideoLAN\VLC\vlc.exe =>.VideoLAN®
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - RaUI MFC Application.) C:\Program Files\Ralink\Common\RaUI.exe =>.Ralink Technology Corporation®
---\\ Lop.com/Domain Hijackers (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{8006552B-9B3A-4560-8DC8-F18532DCDD1B}: DhcpNameServer = 192.168.1.1 0.0.0.0 =>.Local IP Adress
---\\ Extra protocols (26) - 0s
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll =>.Microsoft Corporation®
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL =>.Microsoft Corporation®
---\\ Software installed (41) - 12s
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent =>.BitTorrent Inc®
O42 - Logiciel: Adobe Flash Player 22 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: AVG - (.AVG Technologies.) [HKLM] -- {BD2736C9-B69A-4695-936E-A7D4992CA1BD} =>.AVG Technologies
O42 - Logiciel: AVG 2016 - (.AVG Technologies.) [HKLM] -- {064C1329-E15C-4FF4-8885-59BD5E355D8A} =>.AVG Technologies
O42 - Logiciel: AVG Protection - (.AVG Technologies.) [HKLM] -- AVG =>.AVG Technologies CZ, s.r.o.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Concise Oxford English Dictionary (Eleventh Edition) - (...) [HKLM] -- Concise Oxford English Dictionary (Eleventh Edition)
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: FMW 1 - (.AVG Technologies.) [HKLM] -- {FA8DECDC-B351-4B6A-9820-6C818AEE4EDA} =>.AVG Technologies
O42 - Logiciel: Galerie de photos - (.Microsoft Corporation.) [HKLM] -- {439B34FF-F74E-4807-B5E2-4B758551DA6B} =>.Microsoft Corporation
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager =>.Tonec Inc.®
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {0BE9E708-5DC0-4963-9CFD-0AA519090E79} =>.Microsoft Corporation
O42 - Logiciel: KMPlayer (remove only) - (.PandoraTV.) [HKLM] -- The KMPlayer =>.PandoraTV
O42 - Logiciel: KMSpico v9.3.1 - (...) [HKLM] -- KMSpico_is1 =>HackTool.KMSpico
O42 - Logiciel: Merriam-Webster 3.0 - (...) [HKLM] -- {F3812D83-86D2-4445-A841-3E0BA4F9A11C}
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM] -- {95120000-00B9-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU] -- OneDriveSetup.exe =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Text-to-Speech Engine 4.0 (English) - (...) [HKLM] -- MSTTS
O42 - Logiciel: Mozilla Firefox 35.0.1 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 35.0.1 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} =>.Microsoft
O42 - Logiciel: Oxford Advanced Learner's Dictionary - 7th Edition - (...) [HKLM] -- NSIS_oald7
O42 - Logiciel: Oxford Learner's Thesaurus - (...) [HKLM] -- NSIS_olt1
O42 - Logiciel: Oxford Wordpower - (.Oxford University Press.) [HKLM] -- Oxford Wordpower {60201F9DBA128BC02EB0A82438C7FF8D}
O42 - Logiciel: Paltalk Messenger 11.7 - (.AVM Software Inc..) [HKLM] -- Paltalk Messenger =>.AVM Software Inc.
O42 - Logiciel: Popcorn Time - (.Popcorn Time.) [HKLM] -- Popcorn Time_is1 =>.Popcorn Time
O42 - Logiciel: QUICKfind server v1.1 - (.IDM.) [HKLM] -- QUICKfind =>.IDM
O42 - Logiciel: Ralink RT2870 Wireless LAN Card - (.Ralink.) [HKLM] -- {28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D} =>.Ralink Technology Corporation®
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM] -- {758C8301-2696-4855-AF45-534B1200980A} =>.Samsung Electronics Co., Ltd.
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{758C8301-2696-4855-AF45-534B1200980A} =>.Samsung Electronics Co., Ltd.
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44} =>.DEVGURU CO LTD®
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey =>.Synaptics Incorporated
O42 - Logiciel: TAP-Windows 9.9.2 - (...) [HKLM] -- TAP-Windows
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM] -- VLC media player =>.VideoLAN
O42 - Logiciel: WinRAR 4.11 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver =>.win.rar GmbH
---\\ HKCU & HKLM Software Keys (78) - 12s
HKLM\SOFTWARE\Ariss
HKLM\SOFTWARE\Auslogics =>.Auslogics
HKLM\SOFTWARE\Avg
HKLM\SOFTWARE\Google =>.Google
HKLM\SOFTWARE\Hola =>PUP.Optional.HolaSearch
HKLM\SOFTWARE\IDM =>.IDM
HKLM\SOFTWARE\InstalledOptions
HKLM\SOFTWARE\Intel =>.Intel
HKLM\SOFTWARE\Internet Download Manager
HKLM\SOFTWARE\KMPlayer
HKLM\SOFTWARE\Lingea
HKLM\SOFTWARE\Macromedia =>.Macromedia
HKLM\SOFTWARE\Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Merriam-Webster =>.Merriam-Webster
HKLM\SOFTWARE\Mozilla =>.Mozilla
HKLM\SOFTWARE\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\NSIS_oald7
HKLM\SOFTWARE\NSIS_olt1
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Opera Software =>.Opera Software
HKLM\SOFTWARE\OUP
HKLM\SOFTWARE\Piriform =>.Piriform
HKLM\SOFTWARE\Ralink =>.Ralink
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\SAMSUNG =>.Samsung
HKLM\SOFTWARE\SpringFiles =>.Superfluous.SpringFiles
HKLM\SOFTWARE\SUPERAntiSpyware.com =>.SUPERAntiSpyware.com
HKLM\SOFTWARE\Synaptics =>.Synaptics
HKLM\SOFTWARE\TAP-Windows
HKLM\SOFTWARE\TuneUp =>.TuneUp
HKLM\SOFTWARE\VideoLAN =>.VideoLAN
HKLM\SOFTWARE\Voice
HKLM\SOFTWARE\Volatile
HKLM\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AlMawrid.exe
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\Avg
HKCU\SOFTWARE\Avg Secure Update
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\DownloadManager
HKCU\SOFTWARE\drpsu
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\iOSinstaller
HKCU\SOFTWARE\KMPlayer
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Opera Software =>.Opera Software
HKCU\SOFTWARE\OUP
HKCU\SOFTWARE\Paltalk
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\Popcorn Time =>.Popcorn Time
HKCU\SOFTWARE\PopcornTime
HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore
HKCU\SOFTWARE\pth264
HKCU\SOFTWARE\QtProject
HKCU\SOFTWARE\RegisteredApplications
HKCU\SOFTWARE\Samsung =>.Samsung
HKCU\SOFTWARE\SecuROM
HKCU\SOFTWARE\Spoon
HKCU\SOFTWARE\SpringFiles =>.Superfluous.SpringFiles
HKCU\SOFTWARE\SUPERAntiSpyware.com =>.SUPERAntiSpyware.com
HKCU\SOFTWARE\Synaptics =>.Synaptics
HKCU\SOFTWARE\T Quareeb
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\TuneUp =>.TuneUp
HKCU\SOFTWARE\WebApp =>.Superfluous.Downloader
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
---\\ Contents of the Common Files folders (191) - 30s
O43 - CFD: 11/08/2016 - [0] D -- C:\Program Files\30464E43-1455230768-4D34-3530-78ACC044383F =>PUP.Optional.CrossRider
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\Adobe
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\AVG =>.AVG Technologies CZ, s.r.o.®
O43 - CFD: 23/11/2014 - [] D -- C:\Program Files\CCleaner =>.Piriform Ltd®
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\COED11
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\Common Files
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Google =>.Google Inc®
O43 - CFD: 19/02/2016 - [] D -- C:\Program Files\Hola =>.Hola Networks Ltd.®
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\IDM
O43 - CFD: 28/03/2015 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Intel =>.Intel Corporation - pGFX®
O43 - CFD: 28/06/2015 - [] D -- C:\Program Files\Internet Download Manager
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\KMSpico =>HackTool.KMSpico
O43 - CFD: 11/02/2016 - [] D -- C:\Program Files\KMSPico 10.0.6 =>HackTool.KMSpico
O43 - CFD: 16/05/2015 - [] D -- C:\Program Files\MarkAny
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Merriam-Webster {4BC7C2D2C67CBB6209EFC7AC7062AE08}
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft Corporation®
O43 - CFD: 07/02/2016 - [] D -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation®
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Microsoft Works
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 10/08/2016 - [] D -- C:\Program Files\Mozilla Firefox =>.Mozilla Corporation®
O43 - CFD: 27/05/2015 - [] D -- C:\Program Files\Mozilla Maintenance Service =>.Mozilla Corporation®
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 23/11/2014 - [] D -- C:\Program Files\Opera
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Oxford
O43 - CFD: 26/02/2016 - [] D -- C:\Program Files\Paltalk Messenger {17B0C425187E4534E12B02B218563F46}
O43 - CFD: 25/05/2016 - [] D -- C:\Program Files\Popcorn Time
O43 - CFD: 22/02/2015 - [] D -- C:\Program Files\Ralink
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 28/03/2015 - [] D -- C:\Program Files\Samsung =>.DEVGURU CO LTD®
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Synaptics =>.Synaptics Incorporated®
O43 - CFD: 10/08/2016 - [] D -- C:\Program Files\TAP-Windows
O43 - CFD: 07/05/2015 - [] D -- C:\Program Files\The KMPlayer
O43 - CFD: 22/08/2013 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 16/04/2016 - [] D -- C:\Program Files\VideoLAN
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation®
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\Windows Live =>.Microsoft Corporation®
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Multimedia Platform
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 22/08/2013 - [] SHD -- C:\Program Files\Windows Sidebar
O43 - CFD: 10/08/2016 - [] HD -- C:\Program Files\WindowsApps
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\WindowsPowerShell
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 11/08/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG =>.AVG Software
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COED11
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 10/08/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
O43 - CFD: 22/08/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Merriam-Webster
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 07/02/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxford
O43 - CFD: 25/05/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
O43 - CFD: 22/02/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
O43 - CFD: 28/03/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
O43 - CFD: 22/02/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 22/08/2013 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 16/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 24/07/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 11/08/2016 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 11/08/2016 - [0] D -- C:\ProgramData\APN =>Toolbar.Ask
O43 - CFD: 11/03/2016 - [] D -- C:\ProgramData\Apple
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 11/08/2016 - [] D -- C:\ProgramData\Avg =>.AVG Software
O43 - CFD: 08/02/2016 - [] D -- C:\ProgramData\AVG Security Toolbar
O43 - CFD: 11/12/2015 - [] D -- C:\ProgramData\AVG2015
O43 - CFD: 11/08/2016 - [0] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 20/11/2014 - [] HD -- C:\ProgramData\Common Files
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 16/05/2015 - [] D -- C:\ProgramData\hpckgbghmhhaecohkpfkephbmjmdphhf
O43 - CFD: 20/11/2014 - [0] D -- C:\ProgramData\IDM
O43 - CFD: 11/08/2016 - [] D -- C:\ProgramData\Malwarebytes
O43 - CFD: 17/08/2016 - [] D -- C:\ProgramData\MFAData
O43 - CFD: 24/07/2016 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 24/07/2016 - [] D -- C:\ProgramData\Microsoft OneDrive
O43 - CFD: 21/11/2014 - [] D -- C:\ProgramData\Mozilla
O43 - CFD: 22/02/2015 - [0] D -- C:\ProgramData\Ralink
O43 - CFD: 22/02/2015 - [] D -- C:\ProgramData\Ralink Driver
O43 - CFD: 22/08/2013 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 28/03/2015 - [] D -- C:\ProgramData\Samsung
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 23/11/2014 - [] D -- C:\ProgramData\TuneUp Software
O43 - CFD: 21/02/2015 - [] D -- C:\ProgramData\{46559ba2-0a81-3019-4655-59ba20a86e88}
O43 - CFD: 16/05/2015 - [] D -- C:\ProgramData\{764c11d3-72c0-c6fd-764c-c11d372c474d}
O43 - CFD: 21/02/2015 - [] D -- C:\ProgramData\{c8fed2e6-4aa0-8733-c8fe-ed2e64aa4b99}
O43 - CFD: 29/12/2014 - [0] SHD -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\Common Files\AV
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 03/07/2015 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Common Files\Lingea Shared
O43 - CFD: 25/08/2015 - [] D -- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\Common Files\Windows Live
O43 - CFD: 11/03/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\5kplayer
O43 - CFD: 26/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Adobe
O43 - CFD: 11/12/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\AVG =>.AVG Software
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\AVG2015
O43 - CFD: 16/08/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\DMCache
O43 - CFD: 11/03/2016 - [0] D -- C:\Users\Tarek\AppData\Roaming\Hola =>PUP.Optional.HolaSearch
O43 - CFD: 17/04/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\IDM
O43 - CFD: 22/02/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\InstallShield
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Macromedia
O43 - CFD: 24/07/2016 - [] SD -- C:\Users\Tarek\AppData\Roaming\Microsoft
O43 - CFD: 21/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Mozilla
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\oald7
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\olt1
O43 - CFD: 23/11/2014 - [0] D -- C:\Users\Tarek\AppData\Roaming\Opera Software
O43 - CFD: 21/11/2014 - [0] D -- C:\Users\Tarek\AppData\Roaming\Oxford Wordpower Arabic
O43 - CFD: 03/12/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Paltalk
O43 - CFD: 22/06/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\PowerISO
O43 - CFD: 23/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\RHEng =>.Superfluous.Conduit
O43 - CFD: 06/05/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\Samsung
O43 - CFD: 20/11/2014 - [] RHD -- C:\Users\Tarek\AppData\Roaming\SecuROM
O43 - CFD: 23/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\TuneUp Software
O43 - CFD: 17/08/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\uTorrent
O43 - CFD: 16/08/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\vlc
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\WinRAR
O43 - CFD: 17/08/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\ZHP
O43 - CFD: 11/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\Adobe
O43 - CFD: 20/11/2014 - [0] SHD -- C:\Users\Tarek\AppData\Local\Application Data
O43 - CFD: 11/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\Avg =>.AVG Software
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\Avg2014
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\Avg2015
O43 - CFD: 11/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\AvgSetupLog
O43 - CFD: 01/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\Diagnostics
O43 - CFD: 28/03/2015 - [] D -- C:\Users\Tarek\AppData\Local\Downloaded Installations
O43 - CFD: 01/10/2015 - [0] D -- C:\Users\Tarek\AppData\Local\ElevatedDiagnostics
O43 - CFD: 11/09/2015 - [] D -- C:\Users\Tarek\AppData\Local\Google
O43 - CFD: 20/11/2014 - [0] SHD -- C:\Users\Tarek\AppData\Local\History
O43 - CFD: 19/02/2016 - [] D -- C:\Users\Tarek\AppData\Local\Hola =>PUP.Optional.HolaSearch
O43 - CFD: 04/12/2014 - [] D -- C:\Users\Tarek\AppData\Local\Macromedia
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\MFAData
O43 - CFD: 25/07/2016 - [] D -- C:\Users\Tarek\AppData\Local\Microsoft
O43 - CFD: 20/11/2014 - [0] D -- C:\Users\Tarek\AppData\Local\Microsoft Help
O43 - CFD: 21/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\Mozilla
O43 - CFD: 19/11/2015 - [] D -- C:\Users\Tarek\AppData\Local\node-webkit
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\oald7
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\olt1
O43 - CFD: 23/11/2014 - [0] D -- C:\Users\Tarek\AppData\Local\Opera Software
O43 - CFD: 11/02/2016 - [] D -- C:\Users\Tarek\AppData\Local\Oqdlics
O43 - CFD: 05/08/2015 - [] D -- C:\Users\Tarek\AppData\Local\Packages
O43 - CFD: 02/03/2016 - [] D -- C:\Users\Tarek\AppData\Local\Popcorn Time
O43 - CFD: 30/04/2016 - [] D -- C:\Users\Tarek\AppData\Local\Popcorn-Time
O43 - CFD: 07/07/2015 - [] D -- C:\Users\Tarek\AppData\Local\PopcornTimeDesktop
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\Programs
O43 - CFD: 28/03/2015 - [] D -- C:\Users\Tarek\AppData\Local\Samsung
O43 - CFD: 17/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\Temp
O43 - CFD: 20/11/2014 - [0] SHD -- C:\Users\Tarek\AppData\Local\Temporary Internet Files
O43 - CFD: 23/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\TuneUp Software
O43 - CFD: 31/08/2015 - [] D -- C:\Users\Tarek\AppData\Local\VirtualStore
O43 - CFD: 24/07/2016 - [] D -- C:\Users\Tarek\AppData\Local\Windows Live
O43 - CFD: 24/07/2016 - [0] D -- C:\Users\Tarek\AppData\Local\WMTools Downloaded Files
O43 - CFD: 20/11/2014 - [0] D -- C:\Users\Tarek\AppData\Local\Programs\Common
O43 - CFD: 22/08/2013 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 22/08/2013 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 20/11/2014 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 20/11/2014 - [0] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COED11
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 22/08/2013 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxford
O43 - CFD: 26/02/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
O43 - CFD: 02/03/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
O43 - CFD: 26/02/2016 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 22/08/2013 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 07/05/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 25/08/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÇáãæÑÏ ÇáÞÑíÈ
O43 - CFD: 11/08/2016 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Avg =>.AVG Software
O43 - CFD: 02/12/2014 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Avg2015
O43 - CFD: 14/08/2016 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\AvgSetupLog
O43 - CFD: 05/02/2015 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Google
O43 - CFD: 20/11/2014 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\MFAData
O43 - CFD: 20/11/2014 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft
O43 - CFD: 18/06/2016 - [0] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Packages
---\\ Latest files created in Prefetcher (3) - 14s
O45 - LFCP:[MD5.D87089EC9B57129FCA38E0D6F89596BE] 10/08/2016 A -- C:\Windows\Prefetch\KMSPICO_SETUP.TMP-0731F9C8.pf =>HackTool.KMSpico
O45 - LFCP:[MD5.F71C5779B64BFF971C707E859D964B4F] 12/02/2016 A -- C:\Windows\Prefetch\KMSPICO_SETUP.TMP-928B27F5.pf =>HackTool.KMSpico
O45 - LFCP:[MD5.67E973D009EB6596F0D3D3E81A0EA4C4] 10/08/2016 A -- C:\Windows\Prefetch\SRPNFILES.EXE-CDB53A1D.pf =>.Superfluous.SpringFiles
---\\ ShellIconOverlayIdentifiers (SIOI) (5) - 1s
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: IDM Shell Extension [IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D}. (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\Internet Download Manager\IDMShellExt.dll =>.Tonec Inc.®
O106 - SIOI: [Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81}. (.Microsoft Corporation - Client Side Caching UI.) -- C:\Windows\System32\cscui.dll =>.Microsoft Corporation
O106 - SIOI: Sync root make available online verb [StorageProviderError] - {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF}. (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O106 - SIOI: Sync root make available online verb [StorageProviderSyncing] - {0A30F902-8398-4ee8-86F7-4CFB589F04D1}. (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
---\\ System Drivers List (67) - 10s
O58 - SDL:2013/08/22 06:33:26 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\drivers\3ware.sys [86368] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\Windows\System32\drivers\adp80xx.sys [773472] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [72544] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:26 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [215392] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:24 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22880] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:26 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [101728] =>.Microsoft Windows®
O58 - SDL:2016/01/07 16:03:54 A . (.AVG Technologies CZ, s.r.o. - AVG Early Launch Anti-Malware Driver.) -- C:\Windows\System32\drivers\avgbootx.sys [19584] =>.Microsoft Windows Early Launch Anti-malware Publisher®
O58 - SDL:2016/05/13 07:43:30 A . (.AVG Technologies CZ, s.r.o. - AVG File Vault Driver.) -- C:\Windows\System32\drivers\avgdiskx.sys [134912] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/06 08:24:46 A . (.AVG Technologies CZ, s.r.o. - AVG Filter Driver.) -- C:\Windows\System32\drivers\avgfwd6x.sys [67336] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/30 14:46:50 A . (.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Driver.) -- C:\Windows\System32\drivers\avgidsdriverx.sys [259328] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/01 13:28:20 A . (.AVG Technologies CZ, s.r.o. - AVG Application Activity Monitor Helper Dri.) -- C:\Windows\System32\drivers\avgidshx.sys [201472] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2015/11/20 09:05:14 A . (.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Loader.) -- C:\Windows\System32\drivers\avgidsshimw8x.sys [31664] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/01 13:29:40 A . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) -- C:\Windows\System32\drivers\avgldx86.sys [212736] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/02/16 16:20:38 A . (.AVG Technologies CZ, s.r.o. - AVG Logging Driver.) -- C:\Windows\System32\drivers\avglogx.sys [287008] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/07/19 12:28:18 A . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) -- C:\Windows\System32\drivers\avgmfx86.sys [201472] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/01 13:16:40 A . (.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) -- C:\Windows\System32\drivers\avgrkx86.sys [47360] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/20 15:17:38 A . (.AVG Technologies CZ, s.r.o. - AVG Universal Driver.) -- C:\Windows\System32\drivers\avgunivx.sys [65280] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/07/20 08:46:18 A . (.AVG Technologies CZ, s.r.o. - AVG Firewall driver.) -- C:\Windows\System32\drivers\avgwfpx.sys [246536] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2013/08/13 00:25:32 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\drivers\bcmfn2.sys [16088] =>.Broadcom Corporation®
O58 - SDL:2016/08/11 12:14:08 A . (...) -- C:\Windows\System32\drivers\EsgScanner.sys [19984] =>.Enigma Software Group USA, LLC®
O58 - SDL:2009/09/17 20:54:14 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\HECI.sys [41088] =>.Intel Corporation
O58 - SDL:2013/08/22 06:33:29 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [56672] =>.Microsoft Windows®
O58 - SDL:2013/07/23 22:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor GPIO Controller.) -- C:\Windows\System32\drivers\iaiogpio.sys [22016] =>.Intel Corporation
O58 - SDL:2013/07/23 22:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller.) -- C:\Windows\System32\drivers\iaioi2c.sys [61936] =>.Intel Corporation
O58 - SDL:2013/08/10 01:39:44 A . (.Intel Corporation - Intel Rapid Storage Technology driver (inbo.) -- C:\Windows\System32\drivers\iaStorAV.sys [524784] =>.Intel Corporation - Intel® Rapid Storage Technology®
O58 - SDL:2013/08/22 06:33:29 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [333664] =>.Microsoft Windows®
O58 - SDL:2015/05/20 13:55:54 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys [123968] =>.Tonec Inc.®
O58 - SDL:2012/11/27 01:22:30 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys [10860032] =>.Intel Corporation
O58 - SDL:2013/08/22 06:33:29 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [94048] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:30 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [79712] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:30 A . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas3.sys [68960] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:29 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sss.sys [69472] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:30 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [51552] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:29 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\megasr.sys [464736] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:32 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\drivers\mvumis.sys [58208] =>.Microsoft Windows®
O58 - SDL:2013/07/25 20:05:22 A . (.Ralink Technology, Corp. - Ralink 802.11 Wireless Adapter Driver.) -- C:\Windows\System32\drivers\netr28.sys [2346672] =>.Mediatek Inc.®
O58 - SDL:2013/06/18 19:30:37 A . (.Ralink Technology Corp. - Ralink 802.11n Wireless Adapter Driver.) -- C:\Windows\System32\drivers\netr28u.sys [1696528] =>.Mediatek Inc.®
O58 - SDL:2013/08/22 06:33:32 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [120160] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:33 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [141664] =>.Microsoft Windows®
O58 - SDL:2013/06/18 13:23:13 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.30 32-bit Dr.) -- C:\Windows\System32\drivers\Rt630x86.sys [490496] =>.Realtek
O58 - SDL:2013/08/22 09:16:47 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2013/08/22 06:32:56 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [41312] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:32:57 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [79200] =>.Microsoft Windows®
O58 - SDL:2016/04/25 01:36:16 A . (.Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudbus.sys [108032] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/04/25 01:36:20 A . (.Samsung Electronics Co., Ltd. - SAMSUNG Android Modem Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudmdm.sys [199936] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2015/12/08 05:01:24 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (M.) -- C:\Windows\System32\drivers\ssudserd.sys [192944] =>.DEVGURU CO LTD®
O58 - SDL:2013/08/22 06:32:57 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\drivers\stexstor.sys [26976] =>.Microsoft Windows®
O58 - SDL:2011/10/14 05:37:48 A . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\System32\drivers\SynTP.sys [299312] =>.Synaptics Incorporated®
O58 - SDL:2013/08/22 13:40:22 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\drivers\tap0901.sys [35288] =>.OpenVPN Technologies, Inc.®
O58 - SDL:2013/08/22 06:33:00 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [18272] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:01 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\drivers\vsmraid.sys [148832] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:01 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\drivers\VSTXRAID.SYS [276832] =>.Microsoft Windows®
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:2015/08/25 23:06:09 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:2015/08/25 23:06:09 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:2015/08/25 23:06:09 A . (...) -- C:\Windows\System32\NTIO.SYS [33968]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\NTIO404.SYS [34688]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\NTIO412.SYS [35552]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\NTIO804.SYS [34688]
---\\ File Associations Shell Spawning (11) - 0s
O67 - Shell Spawning: <.bat>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- iexplore.exe
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
---\\ Search Browser Infection (5) - 4s
O69 - SBI: prefs.js [Tarek - idrh5t33.default] user_pref("extensions.quick_start.enable_search1", false); =>PUP.Optional.QuickStart
O69 - SBI: prefs.js [Tarek - idrh5t33.default] user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); =>PUP.Optional.QuickStart
O69 - SBI: SearchScopes [HKCU] {2f23ab71-4ac6-41f2-a955-ea576e553146} - (Bing) - http://www.bing.com/
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (AVG Secure Search) - http://mysearch.avg.com/ =>PUP.Optional.MyWebSearch
O69 - SBI: SearchScopes [HKLM] {2f23ab71-4ac6-41f2-a955-ea576e553146} - (@ieframe.dll,-12512) - http://www.bing.com/
---\\ Search Svchost Services (36) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [181248] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [128512] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [128512] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [244224] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [1165312] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [727552] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [795648] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll [23040] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [88576] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [116224] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [91136] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [976384] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [174592] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [73728] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [105472] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [184320] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [280576] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [59392] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [75776] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [37376] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\Windows\System32\wlidsvc.dll [1185280] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Windows Location Framework Service.) -- C:\Windows\System32\GeofenceMonitorService.dll [357376] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [297472] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\Windows\System32\DeviceSetupManager.dll [165376] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\Windows\System32\NcaSvc.dll [141312] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [93696] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [456192] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [177664] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [54784] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [380416] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [248320] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2832896] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [801792] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [564736] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [151040] =>.Microsoft Corporation
O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filt.) -- C:\Windows\System32\KeyboardFilterSvc.dll [75104] =>.Microsoft Windows®
---\\ Firewall Active Exception List (13) - 5s
O87 - FAEL: "TCP Query User{9BA2D813-47C9-4143-AB6F-2E247F319F7C}C:\users\tarek\appdata\local\popcorn time\node-webkit\popcorn time.exe" [In-None-P6-TRUE] .(...) -- C:\users\tarek\appdata\local\popcorn time\node-webkit\popcorn time.exe
O87 - FAEL: "UDP Query User{E3BCC1F5-AF93-4D3C-A8E1-9A618703B0F5}C:\users\tarek\appdata\local\popcorn time\node-webkit\popcorn time.exe" [In-None-P17-TRUE] .(...) -- C:\users\tarek\appdata\local\popcorn time\node-webkit\popcorn time.exe
O87 - FAEL: "{9039252F-D70B-4EB7-B8E2-FC3B42BCF842}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe
O87 - FAEL: "{DCF6E101-4B7E-4AF4-9CD5-C1C47C3FDA8A}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe
O87 - FAEL: "{953F50F1-C576-47CB-BDD2-9445CCDEF043}" [In-None-P17-TRUE] .(...) -- C:\Users\Tarek\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (.not file.)
O87 - FAEL: "{1D2157C5-E72F-45D9-BADC-58AC46B9FA76}" [In-None-P6-TRUE] .(...) -- C:\Program Files\KMSpico\KMSELDI.exe (.not file.) =>HackTool.KMSpico
O87 - FAEL: "{694C20BA-0701-4A5A-A0CC-676B0F5FB9C8}" [In-None-P17-TRUE] .(...) -- C:\Program Files\KMSpico\KMSELDI.exe (.not file.) =>HackTool.KMSpico
O87 - FAEL: "{246DFE0B-DCB4-4A5B-81DA-14A3C30A837C}" [In-None-P6-TRUE] .(.@ByELDI - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>HackTool.KMSpico
O87 - FAEL: "{2ED9AFC2-B2DD-4B0C-BEB5-507902171E01}" [In-None-P17-TRUE] .(.@ByELDI - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>HackTool.KMSpico
O87 - FAEL: "{7175C7D0-E56F-4E84-A03E-40AC9F64B20F}" [In-None-P6-TRUE] .(...) -- C:\Program Files\SrpnFiles\SrpnFiles.exe (.not file.) =>.Superfluous.SpringFiles
O87 - FAEL: "{47CF01E8-4581-49D8-9FB1-300CFDC36E23}" [In-None-P17-TRUE] .(...) -- C:\Program Files\SrpnFiles\SrpnFiles.exe (.not file.) =>.Superfluous.SpringFiles
O87 - FAEL: "{CFC430EE-DBBF-407A-A09A-F3C61025A3BE}" [In-None-P6-TRUE] .(...) -- C:\Program Files\SrpnFiles\downloader.exe (.not file.) =>.Superfluous.SpringFiles
O87 - FAEL: "{924521B7-C7B1-4773-9957-16805A07CAC0}" [In-None-P17-TRUE] .(...) -- C:\Program Files\SrpnFiles\downloader.exe (.not file.) =>.Superfluous.SpringFiles
---\\ Additional Scan (O88) (24) - 0s
C:\Program Files\KMSpico\AutoPico.exe =>HackTool.KMSpico
C:\Windows\System32\Tasks\AutoPico Daily Restart =>HackTool.KMSpico
C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 =>HackTool.KMSpico
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 =>HackTool.KMSpico
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM\SOFTWARE\Hola =>PUP.Optional.HolaSearch
HKLM\SOFTWARE\SpringFiles =>.Superfluous.SpringFiles
HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore
HKCU\SOFTWARE\SpringFiles =>.Superfluous.SpringFiles
HKCU\SOFTWARE\WebApp =>.Superfluous.Downloader
C:\Program Files\30464E43-1455230768-4D34-3530-78ACC044383F =>PUP.Optional.CrossRider
C:\Program Files\KMSpico =>HackTool.KMSpico
C:\Program Files\KMSPico 10.0.6 =>HackTool.KMSpico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
C:\ProgramData\APN =>Toolbar.Ask
C:\Users\Tarek\AppData\Roaming\Hola =>PUP.Optional.HolaSearch
C:\Users\Tarek\AppData\Roaming\RHEng =>.Superfluous.Conduit
C:\Users\Tarek\AppData\Local\Hola =>PUP.Optional.HolaSearch
C:\Windows\Prefetch\KMSPICO_SETUP.TMP-0731F9C8.pf =>HackTool.KMSpico
C:\Windows\Prefetch\KMSPICO_SETUP.TMP-928B27F5.pf =>HackTool.KMSpico
C:\Windows\Prefetch\SRPNFILES.EXE-CDB53A1D.pf =>.Superfluous.SpringFiles
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} =>PUP.Optional.MyWebSearch
---\\ Summary of the elements found (12) - 0s
https://www.nicolascoolman.com/fr/pup-kmspico/ =>HackTool.KMSpico
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.BDYahoo
https://www.nicolascoolman.com/fr/adware-mywebsearch/ =>PUP.Optional.MyWebSearch
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect
https://www.nicolascoolman.com/fr/hijacker-holasearch/ =>PUP.Optional.HolaSearch
https://www.anti-malware.top/2016/04/26/superfluous-springfiles/ =>.Superfluous.SpringFiles
https://www.anti-malware.top/2016/04/22/adware-installcore/ =>Adware.InstallCore
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Downloader
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
https://www.nicolascoolman.com/fr/toolbar-ask/ =>Toolbar.Ask
https://www.nicolascoolman.com/fr/toolbar-conduit/ =>.Superfluous.Conduit
https://www.nicolascoolman.com/fr/pup-quickstart/ =>PUP.Optional.QuickStart
~ End of the scan, 17734 items in 00h02mn42s (900)
~ Run by Tarek (Administrator) (2016/08/17 14:05:09)
~ Web: https://www.nicolascoolman.com
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Tarek\Desktop\ZHPDiag.txt
~ Report: C:\Users\Tarek\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 8.1 Pro, 32-bit (Build 9600)
---\\ Internet Browsers (3) - 0s
GCIE: Google Chrome v52.0.2743.116
MFIE: Mozilla Firefox 35.0.1 (x86 en-US)
MSIE: Internet Explorer v11.0.9600.16384
---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
---\\ System protection software (2) - 4s
AVG Protection v2016.101.7752
Windows Defender (Deactivate)
---\\ System optimization software (1) - 4s
CCleaner v4.19
---\\ Surveillance software (1) - 4s
Adobe Flash Player 22 NPAPI
---\\ Sharing software PeerToPeer (1) - 4s
µTorrent v3.4.8.42449
---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 3069.804 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 51 GB () free of 100 GB
---\\ Connection to the system mode (3) - 0s
~ Computer Name: GUNDALF
~ User Name: Tarek
~ Logged in as Administrator
---\\ Enumeration of the disk units (3) - 0s
~ Drive C: has 51 GB free of 100 GB (System)
~ Drive E: has 103 GB free of 169 GB
~ Drive F: has 125 GB free of 205 GB
---\\ State of the Windows Security Center (10) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
---\\ Search Generic System Files (23) - 1s
[MD5.2CA8E3C9335C3C8BAEB335345E48364D] - 22/08/2013 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2063408] =>.Microsoft Windows®
[MD5.BE1DAE43DFBCA94FB6B4157C1B16923E] - 22/08/2013 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [49664] =>.Microsoft Corporation
[MD5.02BC073156B3097E94D63C4D609020DD] - 22/08/2013 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [112640] =>.Microsoft Corporation
[MD5.10FD6F9A2A86863B906AFFA74CA5D99D] - 22/08/2013 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1815552] =>.Microsoft Corporation
[MD5.94385F95EF948FB274A70DE3EDE5696D] - 22/08/2013 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [458752] =>.Microsoft Corporation
[MD5.570A1D37FEECE56BBF7A70A02C817B4E] - 22/08/2013 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [438272] =>.Microsoft Corporation
[MD5.9AE11282C83784273732ED155BC9FF4A] - 22/08/2013 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [492032] =>.Microsoft Corporation
[MD5.2AF7DA157FFF947A507FCB4AB8BB4C7C] - 22/08/2013 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [455168] =>.Microsoft Corporation
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - 22/08/2013 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [23392] =>.Microsoft Windows®
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - 22/08/2013 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [73728] =>.Microsoft Corporation
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - 22/08/2013 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [124928] =>.Microsoft Corporation
[MD5.D4ADBFC2409EF883164F3AA49B22F366] - 22/08/2013 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [101376] =>.Microsoft Corporation
[MD5.A31901DE6A22EA67AB83AAF7036F98CC] - 22/08/2013 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [69632] =>.Microsoft Corporation
[MD5.5043E69532392A43549E5D41E22638AA] - 22/08/2013 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [82944] =>.Microsoft Corporation
[MD5.9A2B6C11B55351B5FD7BF609FD8A97F9] - 22/08/2013 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [126464] =>.Microsoft Corporation
[MD5.F1342206FBC747AA20FEBA110DDE43FA] - 22/08/2013 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [333824] =>.Microsoft Corporation
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - 22/08/2013 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [218624] =>.Microsoft Corporation
[MD5.813F49CF41F561C52F3CF69A1B09E967] - 22/08/2013 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1676128] =>.Microsoft Windows®
[MD5.4F30970F15ADCC382544B31D5D7E368E] - 22/08/2013 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [81408] =>.Microsoft Corporation
[MD5.C51AB62AB41A2E8560D12472B204CC00] - 22/08/2013 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [81920] =>.Microsoft Corporation
[MD5.67E91843B0344411820A012063E876B2] - 22/08/2013 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [143872] =>.Microsoft Corporation
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - 22/08/2013 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [87040] =>.Microsoft Corporation
[MD5.5F9A69B5C5C34197037A7EA36F4A7BE7] - 22/08/2013 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [265568] =>.Microsoft Windows®
---\\ Non Microsoft non disabled Windows Services (8) - 1s
O23 - Service: AVG Firewall (avgfws) . (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) - C:\Program Files\AVG\Av\avgfws.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) - C:\Program Files\AVG\Av\avgidsagent.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o. - AVG Service Process.) - C:\Program Files\AVG\Framework\Common\avgsvcx.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: AVG WatchDog (avgwd) . (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - C:\Program Files\AVG\Av\avgwdsvcx.exe =>.AVG Technologies CZ, s.r.o.®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) . (.Ralink Technology, Corp. - RalinkRegistryWriter.) - C:\Program Files\Ralink\Common\RaRegistry.exe =>.Ralink Technology Corporation®
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe =>.DEVGURU CO LTD®
O23 - Service: (Update service) . (.Popcorn Time - Updater.) - C:\Program Files\Popcorn Time\Updater.exe =>.Popcorn Time
---\\ Services not Microsoft (SR=Run, SS=Stop) (13) - 13s
SS - Demand [14/07/2016] [ 270016] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SS - Demand [28/07/2016] [ 674552] AvgAMPS (AvgAMPS) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Av\avgamps.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [28/07/2016] [ 1639832] AVG Firewall (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Av\avgfws.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [28/07/2016] [ 4097280] AVGIDSAgent (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Av\avgidsagent.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [20/07/2016] [ 906512] AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Framework\Common\avgsvcx.exe =>.AVG Technologies CZ, s.r.o.®
SR - Auto [28/07/2016] [ 632632] AVG WatchDog (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\Av\avgwdsvcx.exe =>.AVG Technologies CZ, s.r.o.®
SS - Auto [30/08/2015] [ 144200] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [30/08/2015] [ 144200] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [16/05/2015] [ 114800] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SR - Auto [15/12/2009] [ 185632] Ralink Registry Writer (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\Ralink\Common\RaRegistry.exe =>.Ralink Technology Corporation®
SR - Auto [13/10/2014] [ 743688] SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe =>.DEVGURU CO LTD®
SR - Auto [19/10/2015] [ 339968] (Update service) . (.Popcorn Time.) - C:\Program Files\Popcorn Time\Updater.exe =>.Popcorn Time
---\\ Task Planned Automatically (15) - 5s
[MD5.00000000000000000000000000000000] [APT] [TaskName] (...) -- Task To Run (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.32B31B696CB8E8F380831DFEB80A67E4] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [270016] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.EE81C6A4186274E057ADC1EE623137A5] [APT] [AutoPico Daily Restart] (.@ByELDI.) -- C:\Program Files\KMSpico\AutoPico.exe [998080] (.Activate.) =>HackTool.KMSpico
[MD5.870893F2365CA9D91D2AC7C0BD391868] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [4826904] (.Activate.) =>.Piriform Ltd®
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
[MD5.00000000000000000000000000000000] [APT] [{EAC43473-D288-485D-B16D-65B50EFC4481}] (...) -- G:\AutoRun.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830] =>.Adobe Systems Incorporated®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [906] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [910] =>.Google Inc®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3718] =>.Adobe Systems Incorporated®
O39 - APT: AutoPico Daily Restart - (.@ByELDI.) -- C:\Windows\System32\Tasks\AutoPico Daily Restart [3704] =>HackTool.KMSpico
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2772] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3646] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [3882] =>.Google Inc®
---\\ Process running (35) - 1s
[MD5.538191D31E96EE5EE30A00EFCCFC222A] - (.AVG Technologies CZ, s.r.o. - AVG Service Process.) -- C:\Program Files\AVG\Framework\Common\avgsvcx.exe [906512] [PID.440] =>.AVG Technologies CZ, s.r.o.®
[MD5.97E8EA87A5764E7637611D9D7CF24A1E] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\Av\avgwdsvcx.exe [632632] [PID.464] =>.AVG Technologies CZ, s.r.o.®
[MD5.720FEA3AAA15FE7E0BEAB10AC2E6D2B0] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files\Ralink\Common\RaRegistry.exe [185632] [PID.1592] =>.Ralink Technology Corporation®
[MD5.9DA3B55B17B54789AFB8C657D4ACE4D7] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) -- C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688] [PID.1884] =>.DEVGURU CO LTD®
[MD5.BD93D1A0E0A7A96BEA4585F17C9B3307] - (.Popcorn Time - Updater.) -- C:\Program Files\Popcorn Time\Updater.exe [339968] [PID.2084] =>.Popcorn Time
[MD5.60D66CEB34E0F631C206423CEFE35FDB] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [143392] [PID.5716] =>.Intel Corporation - pGFX®
[MD5.2308A07BD53235EC6A0640DE5E58BAE7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [178208] [PID.5344] =>.Intel Corporation - pGFX®
[MD5.BD7D0E6082E90D3AE3676548F64A8251] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [178720] [PID.5072] =>.Intel Corporation - pGFX®
[MD5.94444693EA13A72F6820DFF844A1122E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176] [PID.2932] =>.Synaptics Incorporated®
[MD5.3E802CE450D0E7A234978E9A2EA4772A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SynTP\SYNTPHELPER.EXE [107816] [PID.4648] =>.Synaptics Incorporated®
[MD5.3A767D4CF95CAC1299554B89C4DE5920] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616] [PID.2384] =>.Samsung Electronics CO., LTD.®
[MD5.DEFCF7538D3B04962349E61A302617DA] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\Framework\Common\avguix.exe [1451792] [PID.3652] =>.AVG Technologies CZ, s.r.o.®
[MD5.7EF9633A2409048FB40DBC2B83A42C0F] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [1566016] [PID.4000] =>.Samsung Electronics CO., LTD.®
[MD5.CC436BB2A26391F3DEBE316F6FB0474F] - (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Tarek\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008] [PID.5572] =>.Microsoft Corporation®
[MD5.6DCDD8AF0B44CC5344FE2ED1AFFB60AA] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1672480] [PID.2608] =>.Ralink Technology Corporation®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.5888] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.4340] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.4296] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.5908] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.4360] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.2692] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.3752] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.3640] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.4276] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.1648] =>.Google Inc®
[MD5.BE3D86A4ACFF79C60E79B6CB4CA854BE] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\Av\avgrsx.exe [1050896] [PID.2984] =>.AVG Technologies CZ, s.r.o.®
[MD5.E5A0BA616D5857F1C99FC6F42B8C3DAC] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\Av\avgcsrvx.exe [1004304] [PID.3496] =>.AVG Technologies CZ, s.r.o.®
[MD5.567EE33A5AC494594263A7671DE41AEC] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\Av\avgnsx.exe [1280272] [PID.3196] =>.AVG Technologies CZ, s.r.o.®
[MD5.59E0AD60F6A4F5E9B39BB49068CBEEBB] - (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) -- C:\Program Files\AVG\Av\avgfws.exe [1639832] [PID.3828] =>.AVG Technologies CZ, s.r.o.®
[MD5.7D717B4CC97F4F9676F9AD2EF822E498] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\Av\avgemcx.exe [811280] [PID.3232] =>.AVG Technologies CZ, s.r.o.®
[MD5.23C90F679FBEEF3618AFD3A424A89F8B] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\Av\avgui.exe [5299984] [PID.3100] =>.AVG Technologies CZ, s.r.o.®
[MD5.870893F2365CA9D91D2AC7C0BD391868] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [4826904] [PID.2140] =>.Piriform Ltd®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.96] =>.Google Inc®
[MD5.D6393757CDE040A51306221842EA5C0A] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [961352] [PID.600] =>.Google Inc®
[MD5.451039ECF28F17D3B5A290A13400862F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Tarek\Downloads\ZHPDiag3.exe [2295808] [PID.3000] =>.Nicolas Coolman
---\\ Google Chrome, Start,Search,Extensions (9) - 1s
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [dlekddgkpaddbgbpikkfodhjfjjmomgf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [gfpgaanechfneiboempkfjghninbibjn] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ngpampappnmepgilojfohadhhmbhlaek] IDM Integration Module
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (19) - 2s
M0 - MFSP: prefs.js [Tarek - idrh5t33.default] https://www.malwarebytes.org/restorebrowser//?type=hp&ts=1455230644&z=d6796d9fe92a56961ea94cdgaz7w2w1o8c8e8q5z2z&from=amt&uid=toshibaxmk5076gsx_y2uht0y2txxy2uht0y2t
P2 - EXT FILE: (.Microsoft Corporation - Bing Search.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\bingsearch.full@microsoft.com.xpi =>.Microsoft Corporation
P2 - EXT FILE: (.FBChatSeenBlocker - Blocks the ”seen” feature of the Faceb.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi
P2 - EXT FILE: (.Adblock Plus - Ads were yesterday!.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi =>.Adblock Plus
P2 - EXT FILE: (.Bing - Bing. Search by Microsoft.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\searchplugins\bing-.xml =>.Bing
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\amazondotcom.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} =>.Mozilla
P2 - EXT: (. - PraiceMinus.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\E@GM.org
P2 - EXT: (. - UUnIDeaLSi.) -- C:\Users\Tarek\AppData\Roaming\Mozilla\Firefox\Profiles\idrh5t33.default\extensions\v@aB6.com
P2 - FPN: [HKCU] [@hola.org/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Users\Tarek\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll =>.Adobe Systems Incorporated
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_22_0_0_209.dll =>.Adobe Systems Incorporated
---\\ Internet Explorer Extensions, Start, Search (10) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/ =>PUP.Optional.MyWebSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0
---\\ Internet Explorer, Proxy Management (4) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.) =>.Microsoft Corporation
---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (29)
---\\ Browser Helper Object (BHO) (2) - 0s
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll =>.Tonec Inc.®
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} . (.IDM - QUICKfind BHO Object.) -- C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll =>.IDM
---\\ Auto loading programs from Registry and folders (17) - 1s
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe =>.Intel Corporation - pGFX®
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe =>.Intel Corporation - pGFX®
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe =>.Intel Corporation - pGFX®
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe =>.Synaptics Incorporated®
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - HKLM\..\Run: [AvgUi] . (.AVG Technologies CZ, s.r.o. - AVG Ui (Re)Starter.) -- C:\Program Files\AVG\Framework\Common\avguirnx.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - None.) -- C:\Program Files\AVG\Av\avuirunnerx.exe =>.AVG Technologies CZ, s.r.o.®
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe =>.Samsung Electronics CO., LTD.®
O4 - HKCU\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Tarek\AppData\Local\Microsoft\BingSvc\BingSvc.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe =>.Samsung Electronics CO., LTD.®
O4 - HKUS\S-1-5-21-2421664334-232088483-1854949758-1001\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Tarek\AppData\Local\Microsoft\BingSvc\BingSvc.exe =>.Microsoft Corporation®
---\\ Global shortcuts Startup (91) - 7s
O4 - GS\Desktop [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Administrator]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [Administrator]: KMPlayer.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\Desktop [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Desktop [Administrator]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Tarek\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Administrator]: chrome.LNK . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Mozilla Firefox.LNK . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Quicklaunch [Administrator]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\Quicklaunch [Administrator]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Quicklaunch [Administrator]: Samsung Kies (Lite).lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Administrator]: Samsung Kies.lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\TaskBar [Administrator]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\TaskBar [Administrator]: COED11.lnk . (.Oxford University Press - Concise Oxford English Dictionary (Eleventh.) C:\Program Files\COED11\coed11.exe
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: KMPlayer.exe.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\TaskBar [Administrator]: Merriam- Webster References.lnk . (.Merriam-Webster - Merriam-Webster Dictionary Application.) C:\Program Files\Merriam-Webster\merriam-webster.exe =>.Merriam-Webster
O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Administrator]: Oxford Advanced Learner's Dictionary - 7th Edition.lnk . (.mozilla.org - oald7.) C:\Program Files\Oxford\OALD7\oald7.exe =>.mozilla.org
O4 - GS\TaskBar [Administrator]: Oxford Learner's Thesaurus.lnk . (.mozilla.org - olt1.) C:\Program Files\Oxford\Oxford Learner's Thesaurus\olt1.exe =>.mozilla.org
O4 - GS\TaskBar [Administrator]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\TaskBar [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Startup [Administrator]: Kickass_torrent (1).lnk . (...) C:\ProgramData\{c8fed2e6-4aa0-8733-c8fe-ed2e64aa4b99}\Kickass_torrent (1).exe
O4 - GS\Startup [Administrator]: Kickass_torrent.lnk . (...) C:\ProgramData\{46559ba2-0a81-3019-4655-59ba20a86e88}\Kickass_torrent.exe
O4 - GS\Startup [Administrator]: PalTalk.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Guest]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [Guest]: KMPlayer.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\Desktop [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Desktop [Guest]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Tarek\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Guest]: chrome.LNK . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Mozilla Firefox.LNK . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Quicklaunch [Guest]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\Quicklaunch [Guest]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Quicklaunch [Guest]: Samsung Kies (Lite).lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Guest]: Samsung Kies.lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\TaskBar [Guest]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\TaskBar [Guest]: COED11.lnk . (.Oxford University Press - Concise Oxford English Dictionary (Eleventh.) C:\Program Files\COED11\coed11.exe
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: KMPlayer.exe.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\TaskBar [Guest]: Merriam- Webster References.lnk . (.Merriam-Webster - Merriam-Webster Dictionary Application.) C:\Program Files\Merriam-Webster\merriam-webster.exe =>.Merriam-Webster
O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Guest]: Oxford Advanced Learner's Dictionary - 7th Edition.lnk . (.mozilla.org - oald7.) C:\Program Files\Oxford\OALD7\oald7.exe =>.mozilla.org
O4 - GS\TaskBar [Guest]: Oxford Learner's Thesaurus.lnk . (.mozilla.org - olt1.) C:\Program Files\Oxford\Oxford Learner's Thesaurus\olt1.exe =>.mozilla.org
O4 - GS\TaskBar [Guest]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\TaskBar [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Startup [Guest]: Kickass_torrent (1).lnk . (...) C:\ProgramData\{c8fed2e6-4aa0-8733-c8fe-ed2e64aa4b99}\Kickass_torrent (1).exe
O4 - GS\Startup [Guest]: Kickass_torrent.lnk . (...) C:\ProgramData\{46559ba2-0a81-3019-4655-59ba20a86e88}\Kickass_torrent.exe
O4 - GS\Startup [Guest]: PalTalk.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Tarek]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Tarek]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [Tarek]: KMPlayer.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\Desktop [Tarek]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Desktop [Tarek]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Desktop [Tarek]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Tarek\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Tarek]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Tarek]: chrome.LNK . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Tarek]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Tarek]: Mozilla Firefox.LNK . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\Quicklaunch [Tarek]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\Quicklaunch [Tarek]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\Quicklaunch [Tarek]: Samsung Kies (Lite).lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Tarek]: Samsung Kies.lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\Quicklaunch [Tarek]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\TaskBar [Tarek]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\TaskBar [Tarek]: COED11.lnk . (.Oxford University Press - Concise Oxford English Dictionary (Eleventh.) C:\Program Files\COED11\coed11.exe
O4 - GS\TaskBar [Tarek]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Tarek]: KMPlayer.exe.lnk . (.PandoraTV - The KMPlayer.) C:\KMPlayer\KMPlayer.exe =>.Pandora TV Co., Ltd.®
O4 - GS\TaskBar [Tarek]: Merriam- Webster References.lnk . (.Merriam-Webster - Merriam-Webster Dictionary Application.) C:\Program Files\Merriam-Webster\merriam-webster.exe =>.Merriam-Webster
O4 - GS\TaskBar [Tarek]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Tarek]: Oxford Advanced Learner's Dictionary - 7th Edition.lnk . (.mozilla.org - oald7.) C:\Program Files\Oxford\OALD7\oald7.exe =>.mozilla.org
O4 - GS\TaskBar [Tarek]: Oxford Learner's Thesaurus.lnk . (.mozilla.org - olt1.) C:\Program Files\Oxford\Oxford Learner's Thesaurus\olt1.exe =>.mozilla.org
O4 - GS\TaskBar [Tarek]: Oxford Wordpower.lnk . (.Oxford University Press - Oxford Pocket.) C:\Program Files\Oxford\Oxford Wordpower\Oxford Arabic.exe
O4 - GS\TaskBar [Tarek]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) C:\Users\Tarek\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Startup [Tarek]: Kickass_torrent (1).lnk . (...) C:\ProgramData\{c8fed2e6-4aa0-8733-c8fe-ed2e64aa4b99}\Kickass_torrent (1).exe
O4 - GS\Startup [Tarek]: Kickass_torrent.lnk . (...) C:\ProgramData\{46559ba2-0a81-3019-4655-59ba20a86e88}\Kickass_torrent.exe
O4 - GS\Startup [Tarek]: PalTalk.lnk . (.AVM Software Inc. - Paltalk Messenger.) C:\Program Files\Paltalk Messenger\paltalk.exe {17B0C425187E4534E12B02B218563F46} =>.AVM Software Inc.
O4 - GS\CommonDesktop [Public]: AVG Protection.lnk . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) C:\Program Files\AVG\Av\avgui.exe =>.AVG Technologies CZ, s.r.o.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: Samsung Kies (Lite).lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\CommonDesktop [Public]: Samsung Kies.lnk . (...) C:\Program Files\Samsung\Kies\KiesAgent.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\CommonDesktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media player.) C:\Program Files\VideoLAN\VLC\vlc.exe =>.VideoLAN®
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - RaUI MFC Application.) C:\Program Files\Ralink\Common\RaUI.exe =>.Ralink Technology Corporation®
---\\ Lop.com/Domain Hijackers (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{8006552B-9B3A-4560-8DC8-F18532DCDD1B}: DhcpNameServer = 192.168.1.1 0.0.0.0 =>.Local IP Adress
---\\ Extra protocols (26) - 0s
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll =>.Microsoft Corporation®
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL =>.Microsoft Corporation®
---\\ Software installed (41) - 12s
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent =>.BitTorrent Inc®
O42 - Logiciel: Adobe Flash Player 22 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: AVG - (.AVG Technologies.) [HKLM] -- {BD2736C9-B69A-4695-936E-A7D4992CA1BD} =>.AVG Technologies
O42 - Logiciel: AVG 2016 - (.AVG Technologies.) [HKLM] -- {064C1329-E15C-4FF4-8885-59BD5E355D8A} =>.AVG Technologies
O42 - Logiciel: AVG Protection - (.AVG Technologies.) [HKLM] -- AVG =>.AVG Technologies CZ, s.r.o.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Concise Oxford English Dictionary (Eleventh Edition) - (...) [HKLM] -- Concise Oxford English Dictionary (Eleventh Edition)
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: FMW 1 - (.AVG Technologies.) [HKLM] -- {FA8DECDC-B351-4B6A-9820-6C818AEE4EDA} =>.AVG Technologies
O42 - Logiciel: Galerie de photos - (.Microsoft Corporation.) [HKLM] -- {439B34FF-F74E-4807-B5E2-4B758551DA6B} =>.Microsoft Corporation
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager =>.Tonec Inc.®
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {0BE9E708-5DC0-4963-9CFD-0AA519090E79} =>.Microsoft Corporation
O42 - Logiciel: KMPlayer (remove only) - (.PandoraTV.) [HKLM] -- The KMPlayer =>.PandoraTV
O42 - Logiciel: KMSpico v9.3.1 - (...) [HKLM] -- KMSpico_is1 =>HackTool.KMSpico
O42 - Logiciel: Merriam-Webster 3.0 - (...) [HKLM] -- {F3812D83-86D2-4445-A841-3E0BA4F9A11C}
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM] -- {95120000-00B9-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU] -- OneDriveSetup.exe =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Text-to-Speech Engine 4.0 (English) - (...) [HKLM] -- MSTTS
O42 - Logiciel: Mozilla Firefox 35.0.1 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 35.0.1 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} =>.Microsoft
O42 - Logiciel: Oxford Advanced Learner's Dictionary - 7th Edition - (...) [HKLM] -- NSIS_oald7
O42 - Logiciel: Oxford Learner's Thesaurus - (...) [HKLM] -- NSIS_olt1
O42 - Logiciel: Oxford Wordpower - (.Oxford University Press.) [HKLM] -- Oxford Wordpower {60201F9DBA128BC02EB0A82438C7FF8D}
O42 - Logiciel: Paltalk Messenger 11.7 - (.AVM Software Inc..) [HKLM] -- Paltalk Messenger =>.AVM Software Inc.
O42 - Logiciel: Popcorn Time - (.Popcorn Time.) [HKLM] -- Popcorn Time_is1 =>.Popcorn Time
O42 - Logiciel: QUICKfind server v1.1 - (.IDM.) [HKLM] -- QUICKfind =>.IDM
O42 - Logiciel: Ralink RT2870 Wireless LAN Card - (.Ralink.) [HKLM] -- {28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D} =>.Ralink Technology Corporation®
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM] -- {758C8301-2696-4855-AF45-534B1200980A} =>.Samsung Electronics Co., Ltd.
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{758C8301-2696-4855-AF45-534B1200980A} =>.Samsung Electronics Co., Ltd.
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44} =>.DEVGURU CO LTD®
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey =>.Synaptics Incorporated
O42 - Logiciel: TAP-Windows 9.9.2 - (...) [HKLM] -- TAP-Windows
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM] -- VLC media player =>.VideoLAN
O42 - Logiciel: WinRAR 4.11 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver =>.win.rar GmbH
---\\ HKCU & HKLM Software Keys (78) - 12s
HKLM\SOFTWARE\Ariss
HKLM\SOFTWARE\Auslogics =>.Auslogics
HKLM\SOFTWARE\Avg
HKLM\SOFTWARE\Google =>.Google
HKLM\SOFTWARE\Hola =>PUP.Optional.HolaSearch
HKLM\SOFTWARE\IDM =>.IDM
HKLM\SOFTWARE\InstalledOptions
HKLM\SOFTWARE\Intel =>.Intel
HKLM\SOFTWARE\Internet Download Manager
HKLM\SOFTWARE\KMPlayer
HKLM\SOFTWARE\Lingea
HKLM\SOFTWARE\Macromedia =>.Macromedia
HKLM\SOFTWARE\Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Merriam-Webster =>.Merriam-Webster
HKLM\SOFTWARE\Mozilla =>.Mozilla
HKLM\SOFTWARE\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\NSIS_oald7
HKLM\SOFTWARE\NSIS_olt1
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Opera Software =>.Opera Software
HKLM\SOFTWARE\OUP
HKLM\SOFTWARE\Piriform =>.Piriform
HKLM\SOFTWARE\Ralink =>.Ralink
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\SAMSUNG =>.Samsung
HKLM\SOFTWARE\SpringFiles =>.Superfluous.SpringFiles
HKLM\SOFTWARE\SUPERAntiSpyware.com =>.SUPERAntiSpyware.com
HKLM\SOFTWARE\Synaptics =>.Synaptics
HKLM\SOFTWARE\TAP-Windows
HKLM\SOFTWARE\TuneUp =>.TuneUp
HKLM\SOFTWARE\VideoLAN =>.VideoLAN
HKLM\SOFTWARE\Voice
HKLM\SOFTWARE\Volatile
HKLM\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AlMawrid.exe
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\Avg
HKCU\SOFTWARE\Avg Secure Update
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\DownloadManager
HKCU\SOFTWARE\drpsu
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\iOSinstaller
HKCU\SOFTWARE\KMPlayer
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Opera Software =>.Opera Software
HKCU\SOFTWARE\OUP
HKCU\SOFTWARE\Paltalk
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\Popcorn Time =>.Popcorn Time
HKCU\SOFTWARE\PopcornTime
HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore
HKCU\SOFTWARE\pth264
HKCU\SOFTWARE\QtProject
HKCU\SOFTWARE\RegisteredApplications
HKCU\SOFTWARE\Samsung =>.Samsung
HKCU\SOFTWARE\SecuROM
HKCU\SOFTWARE\Spoon
HKCU\SOFTWARE\SpringFiles =>.Superfluous.SpringFiles
HKCU\SOFTWARE\SUPERAntiSpyware.com =>.SUPERAntiSpyware.com
HKCU\SOFTWARE\Synaptics =>.Synaptics
HKCU\SOFTWARE\T Quareeb
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\TuneUp =>.TuneUp
HKCU\SOFTWARE\WebApp =>.Superfluous.Downloader
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
---\\ Contents of the Common Files folders (191) - 30s
O43 - CFD: 11/08/2016 - [0] D -- C:\Program Files\30464E43-1455230768-4D34-3530-78ACC044383F =>PUP.Optional.CrossRider
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\Adobe
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\AVG =>.AVG Technologies CZ, s.r.o.®
O43 - CFD: 23/11/2014 - [] D -- C:\Program Files\CCleaner =>.Piriform Ltd®
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\COED11
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\Common Files
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Google =>.Google Inc®
O43 - CFD: 19/02/2016 - [] D -- C:\Program Files\Hola =>.Hola Networks Ltd.®
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\IDM
O43 - CFD: 28/03/2015 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Intel =>.Intel Corporation - pGFX®
O43 - CFD: 28/06/2015 - [] D -- C:\Program Files\Internet Download Manager
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\KMSpico =>HackTool.KMSpico
O43 - CFD: 11/02/2016 - [] D -- C:\Program Files\KMSPico 10.0.6 =>HackTool.KMSpico
O43 - CFD: 16/05/2015 - [] D -- C:\Program Files\MarkAny
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Merriam-Webster {4BC7C2D2C67CBB6209EFC7AC7062AE08}
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft Corporation®
O43 - CFD: 07/02/2016 - [] D -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation®
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Microsoft Works
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 10/08/2016 - [] D -- C:\Program Files\Mozilla Firefox =>.Mozilla Corporation®
O43 - CFD: 27/05/2015 - [] D -- C:\Program Files\Mozilla Maintenance Service =>.Mozilla Corporation®
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 23/11/2014 - [] D -- C:\Program Files\Opera
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Oxford
O43 - CFD: 26/02/2016 - [] D -- C:\Program Files\Paltalk Messenger {17B0C425187E4534E12B02B218563F46}
O43 - CFD: 25/05/2016 - [] D -- C:\Program Files\Popcorn Time
O43 - CFD: 22/02/2015 - [] D -- C:\Program Files\Ralink
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 28/03/2015 - [] D -- C:\Program Files\Samsung =>.DEVGURU CO LTD®
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Synaptics =>.Synaptics Incorporated®
O43 - CFD: 10/08/2016 - [] D -- C:\Program Files\TAP-Windows
O43 - CFD: 07/05/2015 - [] D -- C:\Program Files\The KMPlayer
O43 - CFD: 22/08/2013 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 16/04/2016 - [] D -- C:\Program Files\VideoLAN
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation®
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\Windows Live =>.Microsoft Corporation®
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Multimedia Platform
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 22/08/2013 - [] SHD -- C:\Program Files\Windows Sidebar
O43 - CFD: 10/08/2016 - [] HD -- C:\Program Files\WindowsApps
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\WindowsPowerShell
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 11/08/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG =>.AVG Software
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COED11
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 10/08/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
O43 - CFD: 22/08/2013 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Merriam-Webster
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 07/02/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxford
O43 - CFD: 25/05/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
O43 - CFD: 22/02/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
O43 - CFD: 28/03/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
O43 - CFD: 22/02/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 22/08/2013 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 22/08/2013 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 16/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 24/07/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 11/08/2016 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 11/08/2016 - [0] D -- C:\ProgramData\APN =>Toolbar.Ask
O43 - CFD: 11/03/2016 - [] D -- C:\ProgramData\Apple
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 11/08/2016 - [] D -- C:\ProgramData\Avg =>.AVG Software
O43 - CFD: 08/02/2016 - [] D -- C:\ProgramData\AVG Security Toolbar
O43 - CFD: 11/12/2015 - [] D -- C:\ProgramData\AVG2015
O43 - CFD: 11/08/2016 - [0] D -- C:\ProgramData\boost_interprocess
O43 - CFD: 20/11/2014 - [] HD -- C:\ProgramData\Common Files
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 16/05/2015 - [] D -- C:\ProgramData\hpckgbghmhhaecohkpfkephbmjmdphhf
O43 - CFD: 20/11/2014 - [0] D -- C:\ProgramData\IDM
O43 - CFD: 11/08/2016 - [] D -- C:\ProgramData\Malwarebytes
O43 - CFD: 17/08/2016 - [] D -- C:\ProgramData\MFAData
O43 - CFD: 24/07/2016 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 20/11/2014 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 24/07/2016 - [] D -- C:\ProgramData\Microsoft OneDrive
O43 - CFD: 21/11/2014 - [] D -- C:\ProgramData\Mozilla
O43 - CFD: 22/02/2015 - [0] D -- C:\ProgramData\Ralink
O43 - CFD: 22/02/2015 - [] D -- C:\ProgramData\Ralink Driver
O43 - CFD: 22/08/2013 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 28/03/2015 - [] D -- C:\ProgramData\Samsung
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 22/08/2013 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 23/11/2014 - [] D -- C:\ProgramData\TuneUp Software
O43 - CFD: 21/02/2015 - [] D -- C:\ProgramData\{46559ba2-0a81-3019-4655-59ba20a86e88}
O43 - CFD: 16/05/2015 - [] D -- C:\ProgramData\{764c11d3-72c0-c6fd-764c-c11d372c474d}
O43 - CFD: 21/02/2015 - [] D -- C:\ProgramData\{c8fed2e6-4aa0-8733-c8fe-ed2e64aa4b99}
O43 - CFD: 29/12/2014 - [0] SHD -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 11/08/2016 - [] D -- C:\Program Files\Common Files\AV
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 03/07/2015 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Common Files\Lingea Shared
O43 - CFD: 25/08/2015 - [] D -- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 22/08/2013 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 20/11/2014 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 24/07/2016 - [] D -- C:\Program Files\Common Files\Windows Live
O43 - CFD: 11/03/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\5kplayer
O43 - CFD: 26/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Adobe
O43 - CFD: 11/12/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\AVG =>.AVG Software
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\AVG2015
O43 - CFD: 16/08/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\DMCache
O43 - CFD: 11/03/2016 - [0] D -- C:\Users\Tarek\AppData\Roaming\Hola =>PUP.Optional.HolaSearch
O43 - CFD: 17/04/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\IDM
O43 - CFD: 22/02/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\InstallShield
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Macromedia
O43 - CFD: 24/07/2016 - [] SD -- C:\Users\Tarek\AppData\Roaming\Microsoft
O43 - CFD: 21/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Mozilla
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\oald7
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\olt1
O43 - CFD: 23/11/2014 - [0] D -- C:\Users\Tarek\AppData\Roaming\Opera Software
O43 - CFD: 21/11/2014 - [0] D -- C:\Users\Tarek\AppData\Roaming\Oxford Wordpower Arabic
O43 - CFD: 03/12/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Paltalk
O43 - CFD: 22/06/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\PowerISO
O43 - CFD: 23/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\RHEng =>.Superfluous.Conduit
O43 - CFD: 06/05/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\Samsung
O43 - CFD: 20/11/2014 - [] RHD -- C:\Users\Tarek\AppData\Roaming\SecuROM
O43 - CFD: 23/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\TuneUp Software
O43 - CFD: 17/08/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\uTorrent
O43 - CFD: 16/08/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\vlc
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\WinRAR
O43 - CFD: 17/08/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\ZHP
O43 - CFD: 11/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\Adobe
O43 - CFD: 20/11/2014 - [0] SHD -- C:\Users\Tarek\AppData\Local\Application Data
O43 - CFD: 11/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\Avg =>.AVG Software
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\Avg2014
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\Avg2015
O43 - CFD: 11/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\AvgSetupLog
O43 - CFD: 01/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\Diagnostics
O43 - CFD: 28/03/2015 - [] D -- C:\Users\Tarek\AppData\Local\Downloaded Installations
O43 - CFD: 01/10/2015 - [0] D -- C:\Users\Tarek\AppData\Local\ElevatedDiagnostics
O43 - CFD: 11/09/2015 - [] D -- C:\Users\Tarek\AppData\Local\Google
O43 - CFD: 20/11/2014 - [0] SHD -- C:\Users\Tarek\AppData\Local\History
O43 - CFD: 19/02/2016 - [] D -- C:\Users\Tarek\AppData\Local\Hola =>PUP.Optional.HolaSearch
O43 - CFD: 04/12/2014 - [] D -- C:\Users\Tarek\AppData\Local\Macromedia
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\MFAData
O43 - CFD: 25/07/2016 - [] D -- C:\Users\Tarek\AppData\Local\Microsoft
O43 - CFD: 20/11/2014 - [0] D -- C:\Users\Tarek\AppData\Local\Microsoft Help
O43 - CFD: 21/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\Mozilla
O43 - CFD: 19/11/2015 - [] D -- C:\Users\Tarek\AppData\Local\node-webkit
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\oald7
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\olt1
O43 - CFD: 23/11/2014 - [0] D -- C:\Users\Tarek\AppData\Local\Opera Software
O43 - CFD: 11/02/2016 - [] D -- C:\Users\Tarek\AppData\Local\Oqdlics
O43 - CFD: 05/08/2015 - [] D -- C:\Users\Tarek\AppData\Local\Packages
O43 - CFD: 02/03/2016 - [] D -- C:\Users\Tarek\AppData\Local\Popcorn Time
O43 - CFD: 30/04/2016 - [] D -- C:\Users\Tarek\AppData\Local\Popcorn-Time
O43 - CFD: 07/07/2015 - [] D -- C:\Users\Tarek\AppData\Local\PopcornTimeDesktop
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\Programs
O43 - CFD: 28/03/2015 - [] D -- C:\Users\Tarek\AppData\Local\Samsung
O43 - CFD: 17/08/2016 - [] D -- C:\Users\Tarek\AppData\Local\Temp
O43 - CFD: 20/11/2014 - [0] SHD -- C:\Users\Tarek\AppData\Local\Temporary Internet Files
O43 - CFD: 23/11/2014 - [] D -- C:\Users\Tarek\AppData\Local\TuneUp Software
O43 - CFD: 31/08/2015 - [] D -- C:\Users\Tarek\AppData\Local\VirtualStore
O43 - CFD: 24/07/2016 - [] D -- C:\Users\Tarek\AppData\Local\Windows Live
O43 - CFD: 24/07/2016 - [0] D -- C:\Users\Tarek\AppData\Local\WMTools Downloaded Files
O43 - CFD: 20/11/2014 - [0] D -- C:\Users\Tarek\AppData\Local\Programs\Common
O43 - CFD: 22/08/2013 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 22/08/2013 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 20/11/2014 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 20/11/2014 - [0] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COED11
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 22/08/2013 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxford
O43 - CFD: 26/02/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
O43 - CFD: 02/03/2016 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
O43 - CFD: 26/02/2016 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 22/08/2013 - [] RD -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 07/05/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
O43 - CFD: 20/11/2014 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 25/08/2015 - [] D -- C:\Users\Tarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÇáãæÑÏ ÇáÞÑíÈ
O43 - CFD: 11/08/2016 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Avg =>.AVG Software
O43 - CFD: 02/12/2014 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Avg2015
O43 - CFD: 14/08/2016 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\AvgSetupLog
O43 - CFD: 05/02/2015 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Google
O43 - CFD: 20/11/2014 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\MFAData
O43 - CFD: 20/11/2014 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Microsoft
O43 - CFD: 18/06/2016 - [0] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\Packages
---\\ Latest files created in Prefetcher (3) - 14s
O45 - LFCP:[MD5.D87089EC9B57129FCA38E0D6F89596BE] 10/08/2016 A -- C:\Windows\Prefetch\KMSPICO_SETUP.TMP-0731F9C8.pf =>HackTool.KMSpico
O45 - LFCP:[MD5.F71C5779B64BFF971C707E859D964B4F] 12/02/2016 A -- C:\Windows\Prefetch\KMSPICO_SETUP.TMP-928B27F5.pf =>HackTool.KMSpico
O45 - LFCP:[MD5.67E973D009EB6596F0D3D3E81A0EA4C4] 10/08/2016 A -- C:\Windows\Prefetch\SRPNFILES.EXE-CDB53A1D.pf =>.Superfluous.SpringFiles
---\\ ShellIconOverlayIdentifiers (SIOI) (5) - 1s
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: IDM Shell Extension [IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D}. (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\Internet Download Manager\IDMShellExt.dll =>.Tonec Inc.®
O106 - SIOI: [Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81}. (.Microsoft Corporation - Client Side Caching UI.) -- C:\Windows\System32\cscui.dll =>.Microsoft Corporation
O106 - SIOI: Sync root make available online verb [StorageProviderError] - {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF}. (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O106 - SIOI: Sync root make available online verb [StorageProviderSyncing] - {0A30F902-8398-4ee8-86F7-4CFB589F04D1}. (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
---\\ System Drivers List (67) - 10s
O58 - SDL:2013/08/22 06:33:26 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\drivers\3ware.sys [86368] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\Windows\System32\drivers\adp80xx.sys [773472] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [72544] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:26 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [215392] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:24 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22880] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:26 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [101728] =>.Microsoft Windows®
O58 - SDL:2016/01/07 16:03:54 A . (.AVG Technologies CZ, s.r.o. - AVG Early Launch Anti-Malware Driver.) -- C:\Windows\System32\drivers\avgbootx.sys [19584] =>.Microsoft Windows Early Launch Anti-malware Publisher®
O58 - SDL:2016/05/13 07:43:30 A . (.AVG Technologies CZ, s.r.o. - AVG File Vault Driver.) -- C:\Windows\System32\drivers\avgdiskx.sys [134912] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/06 08:24:46 A . (.AVG Technologies CZ, s.r.o. - AVG Filter Driver.) -- C:\Windows\System32\drivers\avgfwd6x.sys [67336] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/30 14:46:50 A . (.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Driver.) -- C:\Windows\System32\drivers\avgidsdriverx.sys [259328] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/01 13:28:20 A . (.AVG Technologies CZ, s.r.o. - AVG Application Activity Monitor Helper Dri.) -- C:\Windows\System32\drivers\avgidshx.sys [201472] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2015/11/20 09:05:14 A . (.AVG Technologies CZ, s.r.o. - AVG IDS Application Activity Monitor Loader.) -- C:\Windows\System32\drivers\avgidsshimw8x.sys [31664] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/01 13:29:40 A . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) -- C:\Windows\System32\drivers\avgldx86.sys [212736] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/02/16 16:20:38 A . (.AVG Technologies CZ, s.r.o. - AVG Logging Driver.) -- C:\Windows\System32\drivers\avglogx.sys [287008] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/07/19 12:28:18 A . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) -- C:\Windows\System32\drivers\avgmfx86.sys [201472] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/01 13:16:40 A . (.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) -- C:\Windows\System32\drivers\avgrkx86.sys [47360] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/06/20 15:17:38 A . (.AVG Technologies CZ, s.r.o. - AVG Universal Driver.) -- C:\Windows\System32\drivers\avgunivx.sys [65280] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2016/07/20 08:46:18 A . (.AVG Technologies CZ, s.r.o. - AVG Firewall driver.) -- C:\Windows\System32\drivers\avgwfpx.sys [246536] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2013/08/13 00:25:32 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\drivers\bcmfn2.sys [16088] =>.Broadcom Corporation®
O58 - SDL:2016/08/11 12:14:08 A . (...) -- C:\Windows\System32\drivers\EsgScanner.sys [19984] =>.Enigma Software Group USA, LLC®
O58 - SDL:2009/09/17 20:54:14 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\HECI.sys [41088] =>.Intel Corporation
O58 - SDL:2013/08/22 06:33:29 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [56672] =>.Microsoft Windows®
O58 - SDL:2013/07/23 22:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor GPIO Controller.) -- C:\Windows\System32\drivers\iaiogpio.sys [22016] =>.Intel Corporation
O58 - SDL:2013/07/23 22:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller.) -- C:\Windows\System32\drivers\iaioi2c.sys [61936] =>.Intel Corporation
O58 - SDL:2013/08/10 01:39:44 A . (.Intel Corporation - Intel Rapid Storage Technology driver (inbo.) -- C:\Windows\System32\drivers\iaStorAV.sys [524784] =>.Intel Corporation - Intel® Rapid Storage Technology®
O58 - SDL:2013/08/22 06:33:29 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [333664] =>.Microsoft Windows®
O58 - SDL:2015/05/20 13:55:54 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys [123968] =>.Tonec Inc.®
O58 - SDL:2012/11/27 01:22:30 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys [10860032] =>.Intel Corporation
O58 - SDL:2013/08/22 06:33:29 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [94048] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:30 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [79712] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:30 A . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas3.sys [68960] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:29 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sss.sys [69472] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:30 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [51552] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:29 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\megasr.sys [464736] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:32 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\drivers\mvumis.sys [58208] =>.Microsoft Windows®
O58 - SDL:2013/07/25 20:05:22 A . (.Ralink Technology, Corp. - Ralink 802.11 Wireless Adapter Driver.) -- C:\Windows\System32\drivers\netr28.sys [2346672] =>.Mediatek Inc.®
O58 - SDL:2013/06/18 19:30:37 A . (.Ralink Technology Corp. - Ralink 802.11n Wireless Adapter Driver.) -- C:\Windows\System32\drivers\netr28u.sys [1696528] =>.Mediatek Inc.®
O58 - SDL:2013/08/22 06:33:32 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [120160] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:33 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [141664] =>.Microsoft Windows®
O58 - SDL:2013/06/18 13:23:13 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.30 32-bit Dr.) -- C:\Windows\System32\drivers\Rt630x86.sys [490496] =>.Realtek
O58 - SDL:2013/08/22 09:16:47 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2013/08/22 06:32:56 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [41312] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:32:57 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [79200] =>.Microsoft Windows®
O58 - SDL:2016/04/25 01:36:16 A . (.Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudbus.sys [108032] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/04/25 01:36:20 A . (.Samsung Electronics Co., Ltd. - SAMSUNG Android Modem Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudmdm.sys [199936] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2015/12/08 05:01:24 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (M.) -- C:\Windows\System32\drivers\ssudserd.sys [192944] =>.DEVGURU CO LTD®
O58 - SDL:2013/08/22 06:32:57 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\drivers\stexstor.sys [26976] =>.Microsoft Windows®
O58 - SDL:2011/10/14 05:37:48 A . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\System32\drivers\SynTP.sys [299312] =>.Synaptics Incorporated®
O58 - SDL:2013/08/22 13:40:22 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\drivers\tap0901.sys [35288] =>.OpenVPN Technologies, Inc.®
O58 - SDL:2013/08/22 06:33:00 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [18272] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:01 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\drivers\vsmraid.sys [148832] =>.Microsoft Windows®
O58 - SDL:2013/08/22 06:33:01 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\drivers\VSTXRAID.SYS [276832] =>.Microsoft Windows®
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:2015/08/25 23:06:09 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:2015/08/25 23:06:09 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:2015/08/25 23:06:07 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:2015/08/25 23:06:09 A . (...) -- C:\Windows\System32\NTIO.SYS [33968]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\NTIO404.SYS [34688]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\NTIO412.SYS [35552]
O58 - SDL:2015/08/25 23:06:08 A . (...) -- C:\Windows\System32\NTIO804.SYS [34688]
---\\ File Associations Shell Spawning (11) - 0s
O67 - Shell Spawning: <.bat>
O67 - Shell Spawning: <.cpl>
O67 - Shell Spawning: <.cmd>
O67 - Shell Spawning: <.com>
O67 - Shell Spawning: <.evt>
O67 - Shell Spawning: <.exe>
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.js>
O67 - Shell Spawning: <.reg>
O67 - Shell Spawning: <.scr>
O67 - Shell Spawning: <.html>
---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
---\\ Search Browser Infection (5) - 4s
O69 - SBI: prefs.js [Tarek - idrh5t33.default] user_pref("extensions.quick_start.enable_search1", false); =>PUP.Optional.QuickStart
O69 - SBI: prefs.js [Tarek - idrh5t33.default] user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); =>PUP.Optional.QuickStart
O69 - SBI: SearchScopes [HKCU] {2f23ab71-4ac6-41f2-a955-ea576e553146} - (Bing) - http://www.bing.com/
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (AVG Secure Search) - http://mysearch.avg.com/ =>PUP.Optional.MyWebSearch
O69 - SBI: SearchScopes [HKLM] {2f23ab71-4ac6-41f2-a955-ea576e553146} - (@ieframe.dll,-12512) - http://www.bing.com/
---\\ Search Svchost Services (36) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [181248] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [128512] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [128512] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [244224] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [1165312] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [727552] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [795648] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll [23040] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [88576] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [116224] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [91136] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [976384] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [174592] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [73728] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [105472] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [184320] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [280576] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [59392] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [75776] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [37376] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\Windows\System32\wlidsvc.dll [1185280] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Windows Location Framework Service.) -- C:\Windows\System32\GeofenceMonitorService.dll [357376] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [297472] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\Windows\System32\DeviceSetupManager.dll [165376] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\Windows\System32\NcaSvc.dll [141312] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [93696] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [456192] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [177664] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [54784] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [380416] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [248320] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2832896] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [801792] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [564736] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [151040] =>.Microsoft Corporation
O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filt.) -- C:\Windows\System32\KeyboardFilterSvc.dll [75104] =>.Microsoft Windows®
---\\ Firewall Active Exception List (13) - 5s
O87 - FAEL: "TCP Query User{9BA2D813-47C9-4143-AB6F-2E247F319F7C}C:\users\tarek\appdata\local\popcorn time\node-webkit\popcorn time.exe" [In-None-P6-TRUE] .(...) -- C:\users\tarek\appdata\local\popcorn time\node-webkit\popcorn time.exe
O87 - FAEL: "UDP Query User{E3BCC1F5-AF93-4D3C-A8E1-9A618703B0F5}C:\users\tarek\appdata\local\popcorn time\node-webkit\popcorn time.exe" [In-None-P17-TRUE] .(...) -- C:\users\tarek\appdata\local\popcorn time\node-webkit\popcorn time.exe
O87 - FAEL: "{9039252F-D70B-4EB7-B8E2-FC3B42BCF842}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe
O87 - FAEL: "{DCF6E101-4B7E-4AF4-9CD5-C1C47C3FDA8A}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe
O87 - FAEL: "{953F50F1-C576-47CB-BDD2-9445CCDEF043}" [In-None-P17-TRUE] .(...) -- C:\Users\Tarek\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (.not file.)
O87 - FAEL: "{1D2157C5-E72F-45D9-BADC-58AC46B9FA76}" [In-None-P6-TRUE] .(...) -- C:\Program Files\KMSpico\KMSELDI.exe (.not file.) =>HackTool.KMSpico
O87 - FAEL: "{694C20BA-0701-4A5A-A0CC-676B0F5FB9C8}" [In-None-P17-TRUE] .(...) -- C:\Program Files\KMSpico\KMSELDI.exe (.not file.) =>HackTool.KMSpico
O87 - FAEL: "{246DFE0B-DCB4-4A5B-81DA-14A3C30A837C}" [In-None-P6-TRUE] .(.@ByELDI - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>HackTool.KMSpico
O87 - FAEL: "{2ED9AFC2-B2DD-4B0C-BEB5-507902171E01}" [In-None-P17-TRUE] .(.@ByELDI - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe =>HackTool.KMSpico
O87 - FAEL: "{7175C7D0-E56F-4E84-A03E-40AC9F64B20F}" [In-None-P6-TRUE] .(...) -- C:\Program Files\SrpnFiles\SrpnFiles.exe (.not file.) =>.Superfluous.SpringFiles
O87 - FAEL: "{47CF01E8-4581-49D8-9FB1-300CFDC36E23}" [In-None-P17-TRUE] .(...) -- C:\Program Files\SrpnFiles\SrpnFiles.exe (.not file.) =>.Superfluous.SpringFiles
O87 - FAEL: "{CFC430EE-DBBF-407A-A09A-F3C61025A3BE}" [In-None-P6-TRUE] .(...) -- C:\Program Files\SrpnFiles\downloader.exe (.not file.) =>.Superfluous.SpringFiles
O87 - FAEL: "{924521B7-C7B1-4773-9957-16805A07CAC0}" [In-None-P17-TRUE] .(...) -- C:\Program Files\SrpnFiles\downloader.exe (.not file.) =>.Superfluous.SpringFiles
---\\ Additional Scan (O88) (24) - 0s
C:\Program Files\KMSpico\AutoPico.exe =>HackTool.KMSpico
C:\Windows\System32\Tasks\AutoPico Daily Restart =>HackTool.KMSpico
C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 =>HackTool.KMSpico
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 =>HackTool.KMSpico
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM\SOFTWARE\Hola =>PUP.Optional.HolaSearch
HKLM\SOFTWARE\SpringFiles =>.Superfluous.SpringFiles
HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore
HKCU\SOFTWARE\SpringFiles =>.Superfluous.SpringFiles
HKCU\SOFTWARE\WebApp =>.Superfluous.Downloader
C:\Program Files\30464E43-1455230768-4D34-3530-78ACC044383F =>PUP.Optional.CrossRider
C:\Program Files\KMSpico =>HackTool.KMSpico
C:\Program Files\KMSPico 10.0.6 =>HackTool.KMSpico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
C:\ProgramData\APN =>Toolbar.Ask
C:\Users\Tarek\AppData\Roaming\Hola =>PUP.Optional.HolaSearch
C:\Users\Tarek\AppData\Roaming\RHEng =>.Superfluous.Conduit
C:\Users\Tarek\AppData\Local\Hola =>PUP.Optional.HolaSearch
C:\Windows\Prefetch\KMSPICO_SETUP.TMP-0731F9C8.pf =>HackTool.KMSpico
C:\Windows\Prefetch\KMSPICO_SETUP.TMP-928B27F5.pf =>HackTool.KMSpico
C:\Windows\Prefetch\SRPNFILES.EXE-CDB53A1D.pf =>.Superfluous.SpringFiles
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} =>PUP.Optional.MyWebSearch
---\\ Summary of the elements found (12) - 0s
https://www.nicolascoolman.com/fr/pup-kmspico/ =>HackTool.KMSpico
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.BDYahoo
https://www.nicolascoolman.com/fr/adware-mywebsearch/ =>PUP.Optional.MyWebSearch
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect
https://www.nicolascoolman.com/fr/hijacker-holasearch/ =>PUP.Optional.HolaSearch
https://www.anti-malware.top/2016/04/26/superfluous-springfiles/ =>.Superfluous.SpringFiles
https://www.anti-malware.top/2016/04/22/adware-installcore/ =>Adware.InstallCore
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Downloader
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
https://www.nicolascoolman.com/fr/toolbar-ask/ =>Toolbar.Ask
https://www.nicolascoolman.com/fr/toolbar-conduit/ =>.Superfluous.Conduit
https://www.nicolascoolman.com/fr/pup-quickstart/ =>PUP.Optional.QuickStart
~ End of the scan, 17734 items in 00h02mn42s (900)