~ ZHPDiag v2018.6.11.135 By Nicolas Coolman (2018/06/11)
~ Run by شعس (Administrator) (2018/06/13 18:30:56)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Certificate ZHPDiag: Legal
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\شعس\Desktop\ZHPDiag.txt
~ Report: C:\Users\شعس\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Home Single Language, 64-bit (Build 17134) =>.Microsoft Corporation

---\\ Internet Browsers (3) - 0s
~ GCIE: Google Chrome v67.0.3396.79
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.112.17134.0

---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK

---\\ System protection software (3) - 2s
Kaspersky Internet Security v18.0.0.405 (Protection)
Kaspersky Secure Connection v18.0.0.405 (Protection)
Windows Defender W10 (Activate) (Protection)

---\\ Informations on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 142 Stepping 9, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 8268.916 MB (64% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 867 GB (91%) free of 952 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-VJVC51D
~ User Name: شعس
~ Logged in as Administrator

---\\ Enumeration of the disk units (1) - 0s
~ Drive C: has 867 GB free of 952 GB (System)

---\\ State of the Windows Security Center (7) - 0s
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM64\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (25) - 2s
[MD5.AD5296B280E8F522A8A897C96BAB0E1D] - 12/04/2018 - (.Microsoft Corporation - مستكشف Windows.) -- C:\WINDOWS\Explorer.exe [3933184] =>.Microsoft Windows®
[MD5.73C519F050C20580F8A62C849D49215A] - 12/04/2018 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [69632] =>.Microsoft Corporation
[MD5.A58B0CB069DA7840B935872ADCD7F0C2] - 12/04/2018 - (.Microsoft Corporation - ‎‎تطبيق بدء تشغيل Windows.) -- C:\WINDOWS\System32\Wininit.exe [366792] =>.Microsoft Corporation
[MD5.05934E377D6EE957BFDC7D05FA0DE3DE] - 08/06/2018 - (.Microsoft Corporation - ملحقات الإنترنت لـ Win32.) -- C:\WINDOWS\System32\wininet.dll [3441152] =>.Microsoft Corporation
[MD5.F9017F2DC455AD373DF036F5817A8870] - 12/04/2018 - (.Microsoft Corporation - تطبيق تسجيل دخول Windows.) -- C:\WINDOWS\System32\Winlogon.exe [677376] =>.Microsoft Corporation
[MD5.7A377800FF15426B7D89768A8727CFEF] - 12/04/2018 - (.Microsoft Corporation - مكتبة تراخيص البرامج.) -- C:\WINDOWS\System32\sppcomapi.dll [415232] =>.Microsoft Corporation
[MD5.912DDBEC210B4B47941319BF991CFD98] - 12/04/2018 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [766608] =>.Microsoft Windows®
[MD5.E393B53837F6778C8FE0B27B58478B37] - 12/04/2018 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [573392] =>.Microsoft Windows®
[MD5.80BC3B8D2055BC38ECD84769C074C18F] - 05/06/2018 - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows m.) -- C:\WINDOWS\System32\fr-FR\user32.dll.mui [19968] =>.Microsoft Corporation
[MD5.4DCCC3E02A22ED4A4ADB11386F226071] - 12/04/2018 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [626592] =>.Microsoft Corporation
[MD5.90AB4ED8EBD72A1C096A40CC35404B91] - 12/04/2018 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [28568] =>.Microsoft Corporation
[MD5.D3CBC6DE5955D014407C7BD1FFE80F00] - 12/04/2018 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [93696] =>.Microsoft Corporation
[MD5.AD4D24434C058AFAFD5AB319B4BF5B66] - 12/04/2018 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [159744] =>.Microsoft Corporation
[MD5.9E74A900CCCA3EA6C8533CF94B3F8223] - 12/04/2018 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [141312] =>.Microsoft Corporation
[MD5.DED74127C7A2266715C0B8EA2EE75214] - 12/04/2018 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [86016] =>.Microsoft Corporation
[MD5.DA179667B8CEC22E4ECBBF4210DC0E35] - 12/04/2018 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [105984] =>.Microsoft Corporation
[MD5.7408B83959A4B8271EF67FD06A6B366B] - 12/04/2018 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
[MD5.3C0FA2ED75875481D00F3D77B1A3E336] - 12/04/2018 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [500632] =>.Microsoft Corporation
[MD5.045A018E0BA5F9B75C5928A31C0E822C] - 12/04/2018 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [311296] =>.Microsoft Corporation
[MD5.60B42947B51D1C6D2DD7250295DF4161] - 08/06/2018 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2422688] =>.Microsoft Corporation
[MD5.13B175715A4391E4E5D2AB2EBC8CDBB5] - 12/04/2018 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [98816] =>.Microsoft Corporation
[MD5.775ED7E51B58CF9EB415A1DBA540DACF] - 12/04/2018 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [106496] =>.Microsoft Corporation
[MD5.52A6CC99F5934CFAE88353C47B6193E7] - 12/04/2018 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [182784] =>.Microsoft Corporation
[MD5.16071C42E21CE3378FA449322FB9AB1D] - 12/04/2018 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [121248] =>.Microsoft Corporation
[MD5.F0EE4E6028CCA58BEA9A04E7BEAB7DB4] - 12/04/2018 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [398240] =>.Microsoft Corporation

---\\ No disabled Windows Services (73) - 2s
O23 - Service: ASUS Battery Health Charging Service (AsBhcService) . (.ASUSTek Computer Inc. - .) - C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe =>.ASUSTeK Computer Inc.®
O23 - Service: ASLDR Service (ASLDRService) . (.ASUSTek Computer Inc. - ASLDR Service.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe =>.ASUSTeK Computer Inc.®
O23 - Service: AtherosSvc (AtherosSvc) . (. - Windows Setup API.) - C:\Program Files (x86)\Qualcomm\Bluetooth Suite\adminservice.exe =>.Qualcomm Atheros®
O23 - Service: C:\WINDOWS\System32\AudioEndpointBuilder.dll (AudioEndpointBuilder) . (.Microsoft Corporation - Windows Audio Endpoint Builder.) - C:\WINDOWS\System32\AudioEndpointBuilder.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\audiosrv.dll (Audiosrv) . (.Microsoft Corporation - Windows Audio Service.) - C:\WINDOWS\System32\Audiosrv.dll =>.Microsoft Corporation
O23 - Service: خدمة Kaspersky Anti-Virus 18.0.0 (AVP18.0.0) . (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe =>.Kaspersky Lab®
O23 - Service: C:\WINDOWS\System32\bfe.dll (BFE) . (.Microsoft Corporation - Base Filtering Engine.) - C:\WINDOWS\System32\bfe.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\qmgr.dll (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) - C:\WINDOWS\System32\qmgr.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\system32\bisrv.dll (BrokerInfrastructure) . (.Microsoft Corporation - Background Tasks Infrastructure Service.) - C:\WINDOWS\System32\bisrv.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\cdpusersvc.dll (CDPUserSvc) . (.Microsoft Corporation - Microsoft (R) CDP User Components.) - C:\WINDOWS\System32\CDPUserSvc.dll =>.Microsoft Corporation
O23 - Service: Connected Devices Platform User Service_5d52e (CDPUserSvc_5d52e) . (.Microsoft Corporation - ‎‎عملية مضيفة لخدمات Windows.) - C:\Windows\System32\svchost.exe =>.Microsoft Windows Publisher®
O23 - Service: Microsoft Office Click-to-Run Service (ClickToRunSvc) . (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe =>.Microsoft Corporation®
O23 - Service: C:\Windows\System32\coremessaging.dll (CoreMessagingRegistrar) . (.Microsoft Corporation - Microsoft CoreMessaging Dll.) - C:\Windows\System32\coremessaging.dll =>.Microsoft Windows®
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) . (.Intel Corporation - IntelCpHDCPSvc Executable.) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\IntelCpHDCPSvc.exe =>.Intel(R) pGFX®
O23 - Service: C:\WINDOWS\System32\cryptsvc.dll (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) - C:\WINDOWS\System32\cryptsvc.dll =>.Microsoft Corporation
O23 - Service: C:\Windows\System32\dhcpcore.dll (Dhcp) . (.Microsoft Corporation - DHCP Client Service.) - C:\Windows\System32\dhcpcore.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\diagtrack.dll (DiagTrack) . (.Microsoft Corporation - Microsoft Windows Diagnostics Tracking.) - C:\WINDOWS\System32\diagtrack.dll =>.Microsoft Corporation
O23 - Service: C:\Windows\System32\dnsapi.dll (Dnscache) . (.Microsoft Corporation - DNS Caching Resolver Service.) - C:\WINDOWS\System32\dnsrslvr.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\dosvc.dll (DoSvc) . (.Microsoft Corporation - ‎‎عملية مضيفة لخدمات Windows.) - C:\Windows\System32\svchost.exe =>.Microsoft Windows Publisher®
O23 - Service: C:\WINDOWS\System32\dusmsvc.dll (DusmSvc) . (.Microsoft Corporation - خدمة استخدام البيانات.) - C:\WINDOWS\System32\dusmsvc.dll =>.Microsoft Corporation
O23 - Service: @oem8.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) . (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Frame.) - C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe =>.Intel Corporation
O23 - Service: C:\WINDOWS\System32\wevtsvc.dll (EventLog) . (.Microsoft Corporation - ‎‎عملية مضيفة لخدمات Windows.) - C:\Windows\System32\svchost.exe =>.Microsoft Windows Publisher®
O23 - Service: @comres.dll,-2450 (EventSystem) . (.Microsoft Corporation - COM+.) - C:\Windows\System32\es.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\FntCache.dll (FontCache) . (.Microsoft Corporation - Windows Font Cache Service.) - C:\WINDOWS\System32\FntCache.dll =>.Microsoft Corporation
O23 - Service: @gpapi.dll,-112 (gpsvc) . (.Microsoft Corporation - عميل نهج المجموعة.) - C:\WINDOWS\System32\gpsvc.dll =>.Microsoft Corporation
O23 - Service: خدمة Google Update (gupdate) (gupdate) . (.Google Inc. - مثبِّت Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\igfxCUIService.exe =>.Intel(R) pGFX®
O23 - Service: C:\WINDOWS\System32\ikeext.dll (IKEEXT) . (.Microsoft Corporation - IKE extension.) - C:\WINDOWS\System32\ikeext.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\iphlpsvc.dll (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) - C:\WINDOWS\System32\iphlpsvc.dll =>.Microsoft Corporation
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O23 - Service: KMS-R@1n (KMS-R@1n) . (...) - C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator
O23 - Service: Kaspersky Secure Connection خدمة 2.0.0 (KSDE2.0.0) . (.AO Kaspersky Lab - Kaspersky Secure Connection.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe =>.Kaspersky Lab®
O23 - Service: C:\WINDOWS\System32\srvsvc.dll (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) - C:\WINDOWS\System32\srvsvc.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\wkssvc.dll (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) - C:\WINDOWS\System32\wkssvc.dll =>.Microsoft Corporation
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Intel(R) Local Management Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O23 - Service: C:\WINDOWS\system32\lsm.dll (LSM) . (.Microsoft Corporation - Local Session Manager Service.) - C:\WINDOWS\System32\lsm.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\moshost.dll (MapsBroker) . (.Microsoft Corporation - مدير الخرائط التي تم تنزيلها.) - C:\WINDOWS\System32\moshost.dll =>.Microsoft Corporation
O23 - Service: C:\Windows\System32\FirewallAPI.dll (mpssvc) . (.Microsoft Corporation - خدمة حماية Microsoft.) - C:\WINDOWS\System32\mpssvc.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\nlasvc.dll (NlaSvc) . (.Microsoft Corporation - Network Location Awareness 2.) - C:\WINDOWS\System32\nlasvc.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\nsisvc.dll (nsi) . (.Microsoft Corporation - Network Store Interface RPC server.) - C:\WINDOWS\System32\nsisvc.dll =>.Microsoft Corporation
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
O23 - Service: C:\WINDOWS\System32\APHostRes.dll (OneSyncSvc) . (.Microsoft Corporation - Accounts Host Service.) - C:\WINDOWS\System32\APHostService.dll =>.Microsoft Corporation
O23 - Service: Sync Host_5d52e (OneSyncSvc_5d52e) . (.Microsoft Corporation - ‎‎عملية مضيفة لخدمات Windows.) - C:\Windows\System32\svchost.exe =>.Microsoft Windows Publisher®
O23 - Service: C:\WINDOWS\System32\umpo.dll (Power) . (.Microsoft Corporation - User-mode Power Service.) - C:\WINDOWS\System32\umpo.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\profsvc.dll (ProfSvc) . (.Microsoft Corporation - ProfSvc.) - C:\WINDOWS\System32\profsvc.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\rasmans.dll (RasMan) . (.Microsoft Corporation - Remote Access Connection Manager.) - C:\WINDOWS\System32\rasmans.dll =>.Microsoft Corporation
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) . (.Copyright 2004 - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe =>.CyberLink Corp.®
O23 - Service: C:\WINDOWS\system32\RpcEpMap.dll (RpcEptMapper) . (.Microsoft Corporation - RPC Endpoint Mapper.) - C:\WINDOWS\System32\RpcEpMap.dll =>.Microsoft Corporation
O23 - Service: @combase.dll,-5010 (RpcSs) . (.Microsoft Corporation - Distributed COM Services.) - C:\WINDOWS\System32\rpcss.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\schedsvc.dll (Schedule) . (.Microsoft Corporation - خدمة جدولة المهام.) - C:\WINDOWS\System32\schedsvc.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\SecurityHealthAgent.dll (SecurityHealthService) . (.Microsoft Corporation - Windows Security Health Service.) - C:\WINDOWS\System32\SecurityHealthService.exe =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\Sens.dll (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) - C:\WINDOWS\System32\sens.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\SgrmBroker.exe,-100 (SgrmBroker) . (.Microsoft Corporation - System Guard Runtime Monitor Broker Service.) - C:\WINDOWS\System32\SgrmBroker.exe =>.Microsoft Corporation
O23 - Service: C:\Windows\System32\shsvcs.dll (ShellHWDetection) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمات Windows Sh.) - C:\Windows\System32\shsvcs.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\spoolsv.exe,-1 (Spooler) . (.Microsoft Corporation - Spooler SubSystem App.) - C:\WINDOWS\System32\spoolsv.exe =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\sppsvc.exe,-101 (sppsvc) . (.Microsoft Corporation - Microsoft Software Protection Platform Serv.) - C:\WINDOWS\System32\sppsvc.exe =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\sysmain.dll (SysMain) . (.Microsoft Corporation - مضيف خدمة الإحضار المسبق.) - C:\WINDOWS\System32\sysmain.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\system32\SystemEventsBrokerServer.dll (SystemEventsBroker) . (.Microsoft Corporation - System Events Broker.) - C:\WINDOWS\System32\SystemEventsBrokerServer.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\themeservice.dll (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) - C:\WINDOWS\System32\themeservice.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\usermgr.dll (UserManager) . (.Microsoft Corporation - UserMgr.) - C:\WINDOWS\System32\usermgr.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\usocore.dll (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) - C:\WINDOWS\System32\usocore.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\w32time.dll (W32Time) . (.Microsoft Corporation - Windows Time Service.) - C:\WINDOWS\System32\w32time.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\wcmsvc.dll (Wcmsvc) . (.Microsoft Corporation - Windows Connection Manager Service DLL.) - C:\WINDOWS\System32\wcmsvc.dll =>.Microsoft Corporation
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) . (.Microsoft Corporation - Antimalware Service Executable.) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe =>.Microsoft Corporation®
O23 - Service: C:\WINDOWS\System32\wbem\wmisvc.dll (Winmgmt) . (.Microsoft Corporation - WMI.) - C:\WINDOWS\System32\wbem\WMIsvc.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\wlansvc.dll (WlanSvc) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمة التكوين الت.) - C:\WINDOWS\System32\wlansvc.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\wpnservice.dll (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) - C:\WINDOWS\System32\WpnService.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\WpnUserService.dll (WpnUserService) . (.Microsoft Corporation - خدمة مستخدم الإعلامات المنبثقة في Windows.) - C:\WINDOWS\System32\WpnUserService.dll =>.Microsoft Corporation
O23 - Service: Windows Push Notifications User Service_5d52e (WpnUserService_5d52e) . (.Microsoft Corporation - ‎‎عملية مضيفة لخدمات Windows.) - C:\Windows\System32\svchost.exe =>.Microsoft Windows Publisher®
O23 - Service: C:\WINDOWS\System32\wscsvc.dll (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) - C:\WINDOWS\System32\wscsvc.dll =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\SearchIndexer.exe,-103 (WSearch) . (.Microsoft Corporation - Microsoft Windows Search Indexer.) - C:\Windows\System32\SearchIndexer.exe =>.Microsoft Corporation
O23 - Service: C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation - عامل Windows Update.) - C:\WINDOWS\System32\wuaueng.dll =>.Microsoft Corporation

---\\ Services not Microsoft (SR=Run, SS=Stop) (24) - 12s
SR - Auto [21/10/2016] [ 114360] ASUS Battery Health Charging Service (AsBhcService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe =>.ASUSTeK Computer Inc.®
SR - Auto [29/07/2016] [ 130744] ASLDR Service (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe =>.ASUSTeK Computer Inc.®
SR - Auto [17/04/2017] [ 338312] AtherosSvc (AtherosSvc) . (...) - C:\Program Files (x86)\Qualcomm\Bluetooth Suite\adminservice.exe =>.Qualcomm Atheros®
SR - Auto [24/01/2017] [ 354672] خدمة Kaspersky Anti-Virus 18.0.0 (AVP18.0.0) . (.AO Kaspersky Lab.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe =>.Kaspersky Lab®
SR - Demand [25/06/2017] [ 397272] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\IntelCpHeciSvc.exe =>.Intel(R) pGFX®
SR - Auto [25/06/2017] [ 613336] Intel(R) Content Protection HDCP Service (cplspcon) . (.Intel Corporation.) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\IntelCpHDCPSvc.exe =>.Intel(R) pGFX®
SS - Demand [05/06/2018] [ 326032] Device Activation Service (DevActSvc) . (...) - C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe =>.ASUSTeK Computer Inc.®
SR - Auto [06/02/2017] [ 2210936] @oem8.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) . (.Intel Corporation.) - C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe =>.Intel Corporation - pGFX®
SS - Auto [02/06/2018] [ 153168] خدمة Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [02/06/2018] [ 153168] خدمة Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SR - Auto [25/06/2017] [ 415192] Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\igfxCUIService.exe =>.Intel(R) pGFX®
SS - Demand [14/10/2016] [ 630048] Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe =>.Intel(R) Trust Services®
SR - Auto [05/12/2016] [ 177440] Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
SS - Demand [11/06/2018] [ 426416] klvssbridge64_18.0.0 (klvssbridge64_18.0.0) . (.AO Kaspersky Lab.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe =>.Kaspersky Lab®
SR - Auto [06/06/2018] [ 26112] KMS-R@1n (KMS-R@1n) . (...) - C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator
SR - Auto [24/01/2017] [ 354672] Kaspersky Secure Connection خدمة 2.0.0 (KSDE2.0.0) . (.AO Kaspersky Lab.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe =>.Kaspersky Lab®
SR - Auto [05/12/2016] [ 419616] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
SS - Demand [23/02/2017] [ 464440] NVIDIA LocalSystem Container (NvContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
SR - Auto [04/12/2017] [ 462920] NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®
SR - Auto [23/02/2017] [ 427064] NVIDIA Telemetry Container (NvTelemetryContainer) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
SR - Auto [15/04/2014] [ 389896] Cyberlink RichVideo64 Service(CRVS) (RichVideo64) . (.Copyright 2004.) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe =>.CyberLink Corp.®
SS - Demand [17/05/2018] [ 156056] ASUS ZenAnywhere (ZenAnywhere) . (.Orbweb Inc..) - C:\Program Files\Orbweb Inc\ZenAnywhere\ZenAnywhere.exe {00F19FDCD325B71DE8} =>.Orbweb Inc.
SS - Demand [17/05/2018] [ 156056] ASUS ZenAnywhere Updater (ZenAnywhere Updater) . (.Orbweb Inc..) - C:\Program Files\Orbweb Inc\ZenAnywhere\updater.exe {00F19FDCD325B71DE8} =>.Orbweb Inc.
SS - Demand [07/04/2017] [ 69016] ASUS ZenAnywhere Network (ZenAnywhereNetworkService) . (.Orbweb Inc..) - C:\Program Files\Orbweb Inc\ZenAnywhere\bin\ZenAnywhereNetworkService.exe {00F19FDCD325B71DE8} =>.Orbweb Inc.

---\\ Task Planned Automatically (Register) (42) - 3s
O38 - TASK: {01BE0B79-A3D8-4FAD-B215-8C54B6FCFAD9} [64Bits][\Update Checker] - (.ASUSTeK - .) -- C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [17920] =>.ASUSTeK
O38 - TASK: {097399E9-CCA1-4D56-8570-2B4AD8899203} [64Bits][\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA driver profile updater.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [648248] =>.NVIDIA Corporation
O38 - TASK: {23286F2A-6E9F-49FF-887B-C6B9FF34ED67} [64Bits][\ASUS Live Update2] - (.ASUSTeK - .) -- C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [17920] =>.ASUSTeK
O38 - TASK: {3877A7FA-D608-4423-80E6-2101DEE35B6D} [64Bits][\ATK Package 36D18D69AFC3] - (.ASUSTek Computer Inc. - Simulate Store App Execution Application.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008] =>.ASUSTek Computer Inc.
O38 - TASK: {5DCE383E-12D6-4702-AC0E-F0A69BB35A88} [64Bits][\GoogleUpdateTaskMachineUA] - (.Google Inc. - مثبِّت Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168] =>.Google Inc.
O38 - TASK: {630158AC-D548-4564-8565-7FCA9F52F20A} [64Bits][\ATK Package A22126881260] - (.ASUSTek Computer Inc. - Simulate Store App Execution Application.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008] =>.ASUSTek Computer Inc.
O38 - TASK: {7DAEC1CD-7DCC-4911-9665-65856C203631} [64Bits][\R@1n-KMS\Windows64CoreSingleLanguage] - (.DESKTOP-VJVC51D\شعس - .) -- wmic [0] =>HackTool.WinActivator
O38 - TASK: {902957EE-5C7D-44AC-873A-58826AC34825} [64Bits][\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA telemetry monitor.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [437816] =>.NVIDIA Corporation
O38 - TASK: {96F58776-C4DE-4A3A-A6AD-0B00927E8C34} [64Bits][\ASUS Live Update1] - (.ASUSTeK - .) -- C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [17920] =>.ASUSTeK
O38 - TASK: {9CB4D7DE-C963-4DA0-8754-06848815B2FD} [64Bits][\ASUS Splendid ACMON] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [55808] =>.ASUS
O38 - TASK: {A42AB7BB-F5A7-440E-8491-5EE4E76BD668} [64Bits][\ASUS USB Charger Plus] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19967504] =>.ASUSTek Computer Inc.
O38 - TASK: {BBAF23E1-293A-4B04-ADA3-1DC1315F5ED9} [64Bits][\RTKCPL] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312] =>.Realtek Semiconductor
O38 - TASK: {C05B14DE-029A-4738-AB0A-3CFE697E0A64} [64Bits][\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA crash and telemetry reporter.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [718904] =>.NVIDIA Corporation
O38 - TASK: {C0E64952-1470-4B50-B9FB-83BC6121E1F6} [64Bits][\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}] - (.AO Kaspersky Lab - Kaspersky Upgrade Launcher.) -- C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232] =>.AO Kaspersky Lab
O38 - TASK: {C21CC41D-55CC-45D8-99A5-8FBCF5DF9CCB} [64Bits][\GoogleUpdateTaskMachineCore] - (.Google Inc. - مثبِّت Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168] =>.Google Inc.
O38 - TASK: {C7F1015C-C648-4D75-B26C-0D8834FF9454} [64Bits][\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA crash and telemetry reporter.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [718904] =>.NVIDIA Corporation
O38 - TASK: {CB17402D-849B-488A-9FB2-54E15AC1849D} [64Bits][\ASUS\ASUS Product Register Service] - (.ASUSTek COMPUTER INC. - ASUS Product Register Program.) -- C:\Program Files (x86)\ASUS\APRP\aprp.exe [1579296] =>.ASUSTek Computer Inc.
O38 - TASK: {D1F676DC-EA8D-4E14-89A9-37C724CE051E} [64Bits][\Intel PTT EK Recertification] - (.Intel(R) Corporation - Intel(R)PTT EK Recertification Service.) -- C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536] =>.Intel(R) Corporation
O38 - TASK: {E30BE555-2EB9-4FF8-8C31-850C36BE85F5} [64Bits][\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}] - (.NVIDIA Corporation - NVIDIA driver profile updater.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [648248] =>.NVIDIA Corporation
O38 - TASK: {E34C515B-2F4E-4A7C-9A4B-D58B953562E2} [64Bits][\ASUS Battery Health Charging Notification] - (.ASUSTek Computer Inc. - .) -- C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe [2480504] =>.ASUSTek Computer Inc.
O38 - TASK: {E4FF86F9-E6C2-4CD9-BE99-733B490CFD0C} [64Bits][\RtHDVBg_ListenToDevice] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312] =>.Realtek Semiconductor
C:\WINDOWS\System32\Tasks\Update Checker - (.ASUSTeK.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [] =>.ASUSTeK
C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [] =>.NVIDIA Corporation
C:\WINDOWS\System32\Tasks\ASUS Live Update2 - (.ASUSTeK.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [-check] =>.ASUSTeK
C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3 - (.ASUSTek Computer Inc..) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [-CancelShutdown] =>.ASUSTek Computer Inc.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [/ua] =>.Google Inc.
C:\WINDOWS\System32\Tasks\ATK Package A22126881260 - (.ASUSTek Computer Inc..) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [] =>.ASUSTek Computer Inc.
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64CoreSingleLanguage - (.DESKTOP-VJVC51D\شعس.) -- wmic [path SoftwareLicensingProduct where (ID="cd918a57-] =>HackTool.WinActivator
C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [] =>.NVIDIA Corporation
C:\WINDOWS\System32\Tasks\ASUS Live Update1 - (.ASUSTeK.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [-critical] =>.ASUSTeK
C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON - (.ASUS.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [] =>.ASUS
C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus - (.ASUSTek Computer Inc..) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [] =>.ASUSTek Computer Inc.
C:\WINDOWS\System32\Tasks\RTKCPL - (.Realtek Semiconductor.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [/runcplsilence] =>.Realtek Semiconductor
C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [] =>.NVIDIA Corporation
C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - (.AO Kaspersky Lab.) -- C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [/waitUpgrade] =>.AO Kaspersky Lab
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [/c] =>.Google Inc.
C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [--logon] =>.NVIDIA Corporation
C:\WINDOWS\System32\Tasks\ASUS\ASUS Product Register Service - (.ASUSTek COMPUTER INC..) -- C:\Program Files (x86)\ASUS\APRP\aprp.exe [] =>.ASUSTek Computer Inc.
C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification - (.Intel(R) Corporation.) -- C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [] =>.Intel(R) Corporation
C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [] =>.NVIDIA Corporation
C:\WINDOWS\System32\Tasks\ASUS Battery Health Charging Notification - (.ASUSTek Computer Inc..) -- C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe [] =>.ASUSTek Computer Inc.
C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice - (.Realtek Semiconductor.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [/AECBYLISTENTOSTATUS] =>.Realtek Semiconductor

---\\ Auto loading programs from Registry and folders (12) - 1s
O4 - HKLM\..\Run: [SecurityHealth] . (.Microsoft Corporation - Windows Defender notification icon.) -- C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Windows®
O4 - HKLM\..\Run: [ShadowPlay] . (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\شعس\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - HKCU\..\Run: [utweb] . (.BitTorrent Inc. - µTorrent Web.) -- C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] . (.Microsoft Corporation - Windows Contacts.) -- C:\Program Files\Windows Mail\wab.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] . (.Microsoft Corporation - Windows Contacts.) -- C:\Program Files\Windows Mail\wab.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3969353691-2879946913-2896901535-1001\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\شعس\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-3969353691-2879946913-2896901535-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - HKUS\S-1-5-21-3969353691-2879946913-2896901535-1001\..\Run: [utweb] . (.BitTorrent Inc. - µTorrent Web.) -- C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®

---\\ Process running (44) - 5s
[MD5.EEA75EA98001A939E04DED83758E20EE] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462920] [PID.2176] =>.NVIDIA Corporation®
[MD5.AC06FF7E36563C51702C2898E440801F] - (.Intel Corporation - igfxCUIService Module.) -- C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\igfxCUIService.exe [415192] [PID.2484] =>.Intel(R) pGFX®
[MD5.EEA75EA98001A939E04DED83758E20EE] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462920] [PID.1956] =>.NVIDIA Corporation®
[MD5.A6CE5B2DA054BDA36FAF34B895C6F02A] - (.ASUSTek Computer Inc. - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [130744] [PID.3280] =>.ASUSTeK Computer Inc.®
[MD5.F7B17BED750A329FBE2510162EACB9F6] - (. - Windows Setup API.) -- C:\Program Files (x86)\Qualcomm\Bluetooth Suite\adminservice.exe [338312] [PID.3972] =>.Qualcomm Atheros®
[MD5.76810613973E94435CF77655370D37C1] - (.ASUSTek Computer Inc. - .) -- C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe [114360] [PID.3980] =>.ASUSTeK Computer Inc.®
[MD5.24B91DEBF94F19292C32DB76190036C9] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [354672] [PID.3988] =>.Kaspersky Lab®
[MD5.27308435CE66876CDC084F33FFB31158] - (.Intel Corporation - IntelCpHDCPSvc Executable.) -- C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\IntelCpHDCPSvc.exe [613336] [PID.3996] =>.Intel(R) pGFX®
[MD5.2856859703296BA2C27EF306E24AAF21] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Frame.) -- C:\Windows\System32\Intel\DPTF\esif_uf.exe [2210936] [PID.4040] =>.Intel Corporation
[MD5.0F9FD9565E6EB157FA9BE11ED9C1DC9F] - (...) -- C:\Windows\KMS-R@1n.exe [26112] [PID.4056] =>HackTool.WinActivator
[MD5.F0E82FD4F609E50CBF198F04C9F66A46] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064] [PID.4076] =>.NVIDIA Corporation®
[MD5.9E18DF158751CF968E7DF83256D70233] - (.Copyright 2004 - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896] [PID.3720] =>.CyberLink Corp.®
[MD5.F108C9D74F563C25CB3FAF25F383784A] - (.Intel Corporation - IntelCpHeciSvc Executable.) -- C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\IntelCpHeciSvc.exe [397272] [PID.4512] =>.Intel(R) pGFX®
[MD5.9E29AF1CF4376E8B73B524384C2595A9] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Frame.) -- C:\Windows\Temp\DPTF\esif_assist_64.exe [525864] [PID.6016] =>.Intel Corporation®
[MD5.08B9B61EDEDF25500990C39E3A9F8E96] - (.ASUSTek Computer Inc. - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [294584] [PID.6040] =>.ASUSTeK Computer Inc.®
[MD5.10C970EA228DDDDCB3DF7777907B47E5] - (.ASUSTek Computer Inc. - .) -- C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe [2480504] [PID.3552] =>.ASUSTeK Computer Inc.®
[MD5.F618F4877C4826DDA7BAA7DCEF30C2B4] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19967504] [PID.5928] =>.ASUSTeK Computer Inc.®
[MD5.A659575594010E7841516F3E72303877] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [433848] [PID.6960] =>.ASUSTeK Computer Inc.®
[MD5.ED4A9E5B02A1E5AF7B8B6DC35FF73A35] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [224952] [PID.6968] =>.ASUSTeK Computer Inc.®
[MD5.B97BAFCF898BB8BA356C321BE9D17DE7] - (.Intel Corporation - igfxEM Module.) -- C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\igfxEM.exe [567768] [PID.2616] =>.Intel(R) pGFX®
[MD5.C4C9C511E914496BE04079A32901EA5E] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312] [PID.2776] =>.Realtek Semiconductor Corp.®
[MD5.11481570F396AF5D196F16E64DF3AAB8] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe [334632] [PID.1788] =>.Kaspersky Lab®
[MD5.B89D7384E2F3FCDCB35BB3FBAFED0411] - (...) -- C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe [86528] [PID.7952] =>.Skype Technologies
[MD5.ECA4AC9BB620912FE828C8EF92D7B23F] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520] [PID.8900] =>.Tonec Inc.
[MD5.B289C20C10B241F6016FECD92B267098] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [275512] [PID.7852] =>.Tonec Inc.®
[MD5.FC5AE5FDC2FFDCE0FEC357FD78C39D5B] - (.Realtek Semiconductor - إدارة صوت Realtek HD.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18371072] [PID.9768] =>.Realtek Semiconductor Corp.®
[MD5.4D65E61E02F2CB6CE0258DF066796562] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440] [PID.10280] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
[MD5.4DCE20849E789DC24A867E7D7B15CE5B] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672] [PID.10348] =>.Kaspersky Lab®
[MD5.7272488AE5FE56630A2CEA262012BB15] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [419616] [PID.10468] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
[MD5.D7F11E499F4F6545A06480712AE2F377] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe [595752] [PID.11044] =>.Kaspersky Lab®
[MD5.BDB20DFCF0E1F3D63EF6A1436FF62EFE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [55808] [PID.11052] =>.ASUS
[MD5.3B1D5CA8B2B3221D6D0546D379477937] - (...) -- C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [478720] [PID.9808] =>.Microsoft Corporation
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.5696] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.7844] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.8040] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.10868] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.10204] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.8540] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.5496] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.11728] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.4348] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.12220] =>.Google Inc®
[MD5.F7586062687A453368058A94C4506594] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568] [PID.7512] =>.Google Inc®
[MD5.73AD5512B1F1AB48E8A16A22F7CB8CAD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\شعس\Downloads\Programs\ZHPDiag3.exe [3125632] [PID.11524] =>.Nicolas Coolman

---\\ Google Chrome, Start,Search,Extensions (25) - 0s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://adservice.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://clients5.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://lh3.googleusercontent.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://notifications.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ogs.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.gstatic.com =>.Google Inc.
G2 - GCE: Preference [شعس][User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] =>.Google Inc. {Slides}
G2 - GCE: Preference [شعس][User Data\Default] [ahkaibaglkkminpjaalgkeicgigblana] TVNewtab(Lambda)
G2 - GCE: Preference [شعس][User Data\Default] [aohghmighlieiainnegkcijnfilokake] =>.Google Inc. {Docs}
G2 - GCE: Preference [شعس][User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] http://drive.google.com/ =>.Google Inc. {Drive}
G2 - GCE: Preference [شعس][User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] http://www.youtube.com =>.Youtube {Youtube}
G2 - GCE: Preference [شعس][User Data\Default] [bofbpdmkbmlancfihdncikcigpokmdda] MySmartPrice
G2 - GCE: Preference [شعس][User Data\Default] [cmfgjfhhmajdnadjbfflgjjkgdbhihdc] NewtabTV(MyTV)
G2 - GCE: Preference [شعس][User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] =>.Google Inc. {Sheets}
G2 - GCE: Preference [شعس][User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] =>.Google Inc. {Docs hors connexion}
G2 - GCE: Preference [شعس][User Data\Default] [hehijbfgiekmjfkfjpbkbammjbdenadd] IE Tab =>.ietab.net
G2 - GCE: Preference [شعس][User Data\Default] [mchjnmdbdlkdbfliogedbnpnanfjnolk] =>.Kaspersky Labs
G2 - GCE: Preference [شعس][User Data\Default] [ngpampappnmepgilojfohadhhmbhlaek] IDM Integration Module =>.IDM Computer Solutions, Inc.
G2 - GCE: Preference [شعس][User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] =>.Google Inc. {Wallet}
G2 - GCE: Preference [شعس][User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] http://mail.google.com/ =>.Google Inc. {Gmail}
G2 - GCE: Preference [شعس][User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Internet Explorer Extensions, Start, Search (16) - 1s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus17win10.msn.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name)[HKCU] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - مستعرض الإنترنت.) (11.00.17134.1 (WinBuild.160101.0800)) -- C:\Windows\System32\ieframe.dll =>.Microsoft Corporation

---\\ INTERNET EXPLORER, trusted site and sensitive site (1) - 0s
~ Microsoft Internet Explorer Restricted Site(s) Domains: 0(Good) / 0(Bad)

---\\ Internet Explorer, Proxy Management (2) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 =>.Default.Value
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 =>.Default.Value

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Browser Helper Object (BHO) (2) - 1s
O2 - BHO: IDM Helper [64Bits] - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll =>.Tonec Inc.®
O2 - BHO: ScriptInjectionPluginBrowserHelperObject [64Bits] - {0E2877D3-2641-4970-B794-A553E295428D} . (.AO Kaspersky Lab - Kaspersky Protection plugins.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ieext\ie_plugin.dll =>.Kaspersky Lab®

---\\ Global shortcuts Startup (91) - 6s
O4 - GS\Desktop [Administrator]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [Administrator]: Telegram.lnk . (.Telegram Messenger LLP - Telegram Desktop.) C:\Users\شعس\AppData\Roaming\Telegram Desktop\Telegram.exe =>.Telegram Messenger LLP®
O4 - GS\Desktop [Administrator]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\شعس\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: _أفلام تورنت _ Aflam Torrent _ موقع ال..._.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default --app-id=hieeconcjgddkfhmnhpfnhdaifcjcekd =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: مستلم الفاكس.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: نقل الملفات عبر Bluetooth.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\شعس\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Programs [Administrator]: ‏‏ميزات اختيارية.lnk . (.Microsoft Corporation - ‎‎الميزات على مساعد الطلب.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Desktop [fardo]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [fardo]: Telegram.lnk . (.Telegram Messenger LLP - Telegram Desktop.) C:\Users\شعس\AppData\Roaming\Telegram Desktop\Telegram.exe =>.Telegram Messenger LLP®
O4 - GS\Desktop [fardo]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Desktop [fardo]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\شعس\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [fardo]: _أفلام تورنت _ Aflam Torrent _ موقع ال..._.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default --app-id=hieeconcjgddkfhmnhpfnhdaifcjcekd =>.Google Inc®
O4 - GS\Quicklaunch [fardo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [fardo]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [fardo]: مستلم الفاكس.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [fardo]: نقل الملفات عبر Bluetooth.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\Programs [fardo]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\شعس\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [fardo]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Programs [fardo]: ‏‏ميزات اختيارية.lnk . (.Microsoft Corporation - ‎‎الميزات على مساعد الطلب.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [Guest]: Telegram.lnk . (.Telegram Messenger LLP - Telegram Desktop.) C:\Users\شعس\AppData\Roaming\Telegram Desktop\Telegram.exe =>.Telegram Messenger LLP®
O4 - GS\Desktop [Guest]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\شعس\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: _أفلام تورنت _ Aflam Torrent _ موقع ال..._.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default --app-id=hieeconcjgddkfhmnhpfnhdaifcjcekd =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: مستلم الفاكس.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: نقل الملفات عبر Bluetooth.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\شعس\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Programs [Guest]: ‏‏ميزات اختيارية.lnk . (.Microsoft Corporation - ‎‎الميزات على مساعد الطلب.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Desktop [WDAGUtilityAccount]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [WDAGUtilityAccount]: Telegram.lnk . (.Telegram Messenger LLP - Telegram Desktop.) C:\Users\شعس\AppData\Roaming\Telegram Desktop\Telegram.exe =>.Telegram Messenger LLP®
O4 - GS\Desktop [WDAGUtilityAccount]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Desktop [WDAGUtilityAccount]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\شعس\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [WDAGUtilityAccount]: _أفلام تورنت _ Aflam Torrent _ موقع ال..._.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default --app-id=hieeconcjgddkfhmnhpfnhdaifcjcekd =>.Google Inc®
O4 - GS\Quicklaunch [WDAGUtilityAccount]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [WDAGUtilityAccount]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [WDAGUtilityAccount]: مستلم الفاكس.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [WDAGUtilityAccount]: نقل الملفات عبر Bluetooth.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\Programs [WDAGUtilityAccount]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\شعس\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [WDAGUtilityAccount]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Programs [WDAGUtilityAccount]: ‏‏ميزات اختيارية.lnk . (.Microsoft Corporation - ‎‎الميزات على مساعد الطلب.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Desktop [شعس]: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) C:\Program Files (x86)\Internet Download Manager\IDMan.exe =>.Tonec Inc.
O4 - GS\Desktop [شعس]: Telegram.lnk . (.Telegram Messenger LLP - Telegram Desktop.) C:\Users\شعس\AppData\Roaming\Telegram Desktop\Telegram.exe =>.Telegram Messenger LLP®
O4 - GS\Desktop [شعس]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Desktop [شعس]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\شعس\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [شعس]: _أفلام تورنت _ Aflam Torrent _ موقع ال..._.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default --app-id=hieeconcjgddkfhmnhpfnhdaifcjcekd =>.Google Inc®
O4 - GS\Quicklaunch [شعس]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\sendTo [شعس]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [شعس]: مستلم الفاكس.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [شعس]: نقل الملفات عبر Bluetooth.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\Programs [شعس]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\شعس\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [شعس]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Programs [شعس]: ‏‏ميزات اختيارية.lnk . (.Microsoft Corporation - ‎‎الميزات على مساعد الطلب.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: Kaspersky Secure Connection.lnk . (.AO Kaspersky Lab - Kaspersky Secure Connection.) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe -navigate ksde://mainwindow =>.Kaspersky Lab®
O4 - GS\CommonDesktop [Public]: الخدمات النقدية الآمنة.lnk . (.AO Kaspersky Lab - Kaspersky Anti-Virus.) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe -safebanking =>.Kaspersky Lab®
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\شعس\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: uTorrent Web.lnk . (.BitTorrent Inc. - µTorrent Web.) C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O4 - GS\Programs [Public]: ‏‏ميزات اختيارية.lnk . (.Microsoft Corporation - ‎‎الميزات على مساعد الطلب.) C:\Windows\System32\fodhelper.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\internet explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - ‎‎المفكرة.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - ‎‎الرسام.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - ‎‎الاتصال بسطح المكتب البعيد.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - ‎‎أداة القصاصة.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - ‎‎مسجل الخطوات.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - ‎‎Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - ‎‎تطبيق المفكرة لـ Windows.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - ‎‎عارض XPS.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - ‎‎مخطط توزيع الأحرف.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Access.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: ASUS ZenAnywhere.lnk . (.Orbweb Inc. - Launches ZenAnywhere login page.) C:\Program Files\Orbweb Inc\ZenAnywhere\launch.exe {00F19FDCD325B71DE8} =>.Orbweb Inc.
O4 - GS\ProgramsCommon [Public]: Excel 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Excel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: OneNote 2016.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Outlook.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: PowerPoint.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Publisher.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - ‎‎Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Word.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (4) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{0c746ac5-40fc-4b41-b942-d4698b69114b}: DhcpNameServer = 192.168.1.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{10fb78cd-4c7f-43cf-a46d-160f289f0fa3}: DhcpNameServer = 8.8.8.8 8.8.4.4 =>.France Google Cloud
O17 - HKLM\System\CCS\Services\Tcpip\..\{52af2eb8-d422-46a2-a3be-46b621c3cf0c}: DhcpNameServer = 10.66.88.1 =>.Private IP (10.0.0.0 - 10.255.255.255) =>.Private IP

---\\ Extra protocols (27) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: mso-minsb-roaming.16 [64Bits] - {83C25742-A9F7-49FB-9138-434302C88D07} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: mso-minsb.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf-roaming.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf.16 [64Bits] - {5504BE45-A83B-4808-900A-3A5C36E7F77A} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\System32\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\System32\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL =>.Microsoft Corporation®

---\\ AppInit_DLLs Registry value Autorun (1) - 0s
O20 - Winlogon : UserInit . (.Microsoft Corporation - تطبيق تسجيل دخول Userinit.) - C:\Windows\system32\userinit.exe =>.Microsoft Corporation

---\\ ASIC (ActiveSetup Installed Components) (5) - 1s
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - ‎‎الأداة المساعدة لإعداد Microsoft Windows.) -- C:\Windows\System32\unregmp2.exe =>.Microsoft Corporation
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll =>.Microsoft Corporation®
O40 - ASIC: Google Chrome [64Bits] - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.79\Installer\chrmstp.exe =>.Google Inc®

---\\ Software installed (94) - 10s
O42 - Logiciel: Alcor Micro USB Card Reader Driver - (.Alcor Micro Corp..) [HKLM][64Bits] -- {AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6} =>.Alcor Micro Corp.
O42 - Logiciel: Alcor Micro USB Card Reader Driver - (.Alcor Micro Corp..) [HKLM][64Bits] -- InstallShield_{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6} =>.Alcor Micro Corp.
O42 - Logiciel: ASUS Battery Health Charging - (.ASUS.) [HKLM][64Bits] -- {3A7E73B6-3A04-49ED-811E-CC39F7EA2E34} =>.ASUS
O42 - Logiciel: ASUS Device Activation - (.ASUSTeK COMPUTER INC..) [HKLM][64Bits] -- {9C4B0706-9F9A-47BF-B417-0A111FC52B04} =>.ASUSTek Computer Inc.
O42 - Logiciel: ASUS Live Update - (.ASUS.) [HKLM][64Bits] -- {FA540E67-095C-4A1B-97BA-4D547DEC9AF4} =>.ASUS
O42 - Logiciel: ASUS PTP Driver - (.ASUS.) [HKLM][64Bits] -- {7618E419-9124-4E6C-9AF4-487A6DDEC1C5} =>.ASUS
O42 - Logiciel: ASUS Splendid Video Enhancement Technology - (.ASUS.) [HKLM][64Bits] -- {0969AF05-4FF6-4C00-9406-43599238DE0D} =>.ASUS
O42 - Logiciel: ASUS USB Charger Plus - (.ASUS.) [HKLM][64Bits] -- {A859E3E5-C62F-4BFA-AF1D-2B95E03166AF} =>.ASUS
O42 - Logiciel: ASUS ZenAnywhere - (.Orbweb Inc..) [HKLM][64Bits] -- {8596252F-FCA3-4333-8574-BF0C6A8F2A7B} =>.Orbweb Inc.
O42 - Logiciel: ASUS ZenAnywhere - (.Orbweb Inc..) [HKLM][64Bits] -- ASUS ZenAnywhere 4.6.1 {00F19FDCD325B71DE8} =>.Orbweb Inc.
O42 - Logiciel: ATK Package - (.ASUS.) [HKLM][64Bits] -- {AB5C933E-5C7D-4D30-B314-9C83A49B94BE} =>.ASUS
O42 - Logiciel: AudioWizard - (.ICEpower a/s.) [HKLM][64Bits] -- {57E770A2-2BAF-4CAA-BAA3-BD896E2254D3} =>.ICEpower a/s
O42 - Logiciel: CyberLink PhotoDirector 5 - (.CyberLink Corp..) [HKLM][64Bits] -- {5A454EC5-217A-42a5-8CE1-2DDEC4E70E01} =>.CyberLink Corp.®
O42 - Logiciel: CyberLink PhotoDirector 5 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01} =>.CyberLink Corp.®
O42 - Logiciel: CyberLink PowerDirector 12 - (.CyberLink Corp..) [HKLM][64Bits] -- {E1646825-D391-42A0-93AA-27FA810DA093} =>.CyberLink Corp.®
O42 - Logiciel: CyberLink PowerDirector 12 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093} =>.CyberLink Corp.®
O42 - Logiciel: Device Setup - (.ASUSTek COMPUTER INC..) [HKLM][64Bits] -- {8D6B05E0-F457-408C-9D13-549334D8FAE1} =>.ASUSTek Computer Inc.
O42 - Logiciel: Google Chrome - (.Google Inc‎.‎.) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel Corporation.) [HKLM][64Bits] -- {81520FC5-3518-40E9-9803-70CE8A801D07} =>.Intel Corporation
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel(R) Corporation.) [HKLM][64Bits] -- {bb0592a7-5772-4736-9d55-2402740085db} =>.Intel(R) Software and Firmware Products®
O42 - Logiciel: Intel(R) Dynamic Platform and Thermal Framework - (.Intel Corporation.) [HKLM][64Bits] -- {654EE65D-FAA4-4EA6-8C07-DC94E6A304D4} =>.Intel Corporation - pGFX®
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {0546450D-6D6B-477D-81FE-49436EB76ED2} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {1CEAC85D-2590-4760-800F-8DE5E91F3700} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {8E619D44-484D-4519-90C5-C05C837180EC} =>.Intel Corporation
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {409CB30E-E457-4008-9B1A-ED1B9EA21140} =>.Intel Corporation - pGFX®
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {A7F51276-EE1F-401F-869E-488DB902C7E7} =>.Intel Corporation
O42 - Logiciel: Intel(R) Serial IO - (.Intel Corporation.) [HKLM][64Bits] -- {9FD91C5C-44AE-4D9D-85BE-AE52816B0294} =>.Intel Corporation
O42 - Logiciel: Intel(R) Serial IO - (.Intel Corporation.) [HKLM][64Bits] -- {AEDB97C8-18E1-4053-B7DD-B66E9531B207} =>.Intel Corporation
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {F255C3B6-F053-4592-9325-34898BF5EB46} =>.Intel Corporation
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM][64Bits] -- Internet Download Manager =>.Tonec Inc.®
O42 - Logiciel: Kaspersky Internet Security - (.Kaspersky Lab.) [HKLM][64Bits] -- {5AAE61FF-858E-453E-B8F3-944618149975} =>.Kaspersky Lab
O42 - Logiciel: Kaspersky Internet Security - (.Kaspersky Lab.) [HKLM][64Bits] -- InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975} =>.Kaspersky Lab
O42 - Logiciel: Kaspersky Secure Connection - (.Kaspersky Lab.) [HKLM][64Bits] -- {F33C0717-8E04-4EB5-90C8-47221287DB4F} =>.Kaspersky Lab
O42 - Logiciel: Kaspersky Secure Connection - (.Kaspersky Lab.) [HKLM][64Bits] -- InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F} =>.Kaspersky Lab
O42 - Logiciel: Microsoft Office 365 - ar-sa - (.Microsoft Corporation.) [HKLM][64Bits] -- O365HomePremRetail - ar-sa =>.Microsoft Corporation®
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- OneDriveSetup.exe =>.Microsoft Corporation®
O42 - Logiciel: Microsoft VC++ redistributables repacked. - (.Intel Corporation.) [HKLM][64Bits] -- {63560A3E-A429-4819-A15F-E638F52AAEB2} =>.Intel Corporation
O42 - Logiciel: Microsoft VC++ redistributables repacked. - (.Intel Corporation.) [HKLM][64Bits] -- {B611E551-04F4-4F90-A593-ABCEF96C5CCE} =>.Intel Corporation
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM][64Bits] -- {8220EEFE-38CD-377E-8595-13398D740ACE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM][64Bits] -- {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1D8E6291-B0D5-35EC-8441-6616F567A0F7} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 - (.Microsoft Corporation.) [HKLM][64Bits] -- {7f51bdb9-ee21-49ee-94d6-90afc321780e} =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 - (.Microsoft Corporation.) [HKLM][64Bits] -- {ce085a78-074e-4823-8dc1-8a721b94b76d} =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 - (.Microsoft Corporation.) [HKLM][64Bits] -- {929FBD26-9020-399B-9A7A-751D61F0B942} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 - (.Microsoft Corporation.) [HKLM][64Bits] -- {A749D8E6-B613-3BE3-8F5F-045C84EBA29B} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 - (.Microsoft Corporation.) [HKLM][64Bits] -- {F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 - (.Microsoft Corporation.) [HKLM][64Bits] -- {13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 - (.Microsoft Corporation.) [HKLM][64Bits] -- {e2803110-78b3-4664-a479-3611a381656a} =>.Microsoft Corporation®
O42 - Logiciel: Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 - (.Microsoft Corporation.) [HKLM][64Bits] -- {69BCE4AC-9572-3271-A2FB-9423BDA36A43} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 - (.Microsoft Corporation.) [HKLM][64Bits] -- {BBF2AC74-720C-3CB3-8291-5E34039232FA} =>.Microsoft Corporation
O42 - Logiciel: NVIDIA Ansel - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Container LS - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Session Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Watchdog Plugin - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA LocalSystem Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Message Bus for NvContainer - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Optimus Update 23.23.30.0 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.16.0318 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA ShadowPlay 3.4.0.70 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Telemetry Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update 23.23.30.0 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update Core - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Virtual Audio 3.51.2 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver =>.NVIDIA Corporation
O42 - Logiciel: NvNodejs - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs =>.NVIDIA Corporation
O42 - Logiciel: NvTelemetry - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry =>.NVIDIA Corporation
O42 - Logiciel: NvvHci - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci =>.NVIDIA Corporation
O42 - Logiciel: Office 16 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-007E-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0401-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: osrss - (.Microsoft Corporation.) [HKLM][64Bits] -- {1BA1133B-1C7A-41A0-8CBF-9B993E63D296} =>.Microsoft Corporation
O42 - Logiciel: Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer - (.Qualcomm.) [HKLM][64Bits] -- {3241744A-BA36-41F0-B4AA-EF3946D00632} =>.Qualcomm Atheros®
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp.®
O42 - Logiciel: SHIELD Wireless Controller Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController =>.NVIDIA Corporation
O42 - Logiciel: Telegram Desktop version 1.3.7 - (.Telegram Messenger LLP.) [HKCU][64Bits] -- {53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1 =>.Telegram Messenger LLP
O42 - Logiciel: Update for Windows 10 for x64-based Systems (KB4023057) - (.Microsoft Corporation.) [HKLM][64Bits] -- {5009B7EE-8A15-4A23-B404-15E31D02DA67} =>.Microsoft Corporation
O42 - Logiciel: uTorrent Web - (.BitTorrent, Inc..) [HKCU][64Bits] -- utweb =>.BitTorrent Inc®
O42 - Logiciel: Vulkan Run Time Libraries 1.0.42.0 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.42.0 =>.LunarG, Inc.®
O42 - Logiciel: Vulkan Run Time Libraries 1.0.42.0 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.42.0-2 =>.LunarG, Inc.®
O42 - Logiciel: Vulkan Run Time Libraries 1.0.61.0 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.61.0 =>.LunarG, Inc.®
O42 - Logiciel: Windows Driver Package - ASUS (AsusPTPDrv) HIDClass (09/23/2016 11.0.0.14) - (.ASUS.) [HKLM][64Bits] -- F95583A62AB902A3FC263F668380483F9E0113CD =>.ASUSTeK Computer Inc.®
O42 - Logiciel: Windows Setup Remediations (x64) (KB4023057) - (.Microsoft Corporation.) [HKLM][64Bits] -- {5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb =>.Microsoft Corporation
O42 - Logiciel: WinFlash - (.ASUSTeK COMPUTER INC..) [HKLM][64Bits] -- {8F21291E-0444-4B1D-B9F9-4370A73E346D} =>.ASUSTek Computer Inc.
O42 - Logiciel: WinRAR 5.60 beta 5 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH®
O42 - Logiciel: لوحة تحكم NVIDIA 388.57 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation

---\\ HKCU & HKLM Software Keys (136) - 10s
HKLM\SOFTWARE\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\ASUS =>.ASUS
HKLM\SOFTWARE\ATHEROS =>.Qualcomm Atheros
HKLM\SOFTWARE\Caphyon =>.Caphyon
HKLM\SOFTWARE\Chromium =>.Chromium
HKLM\SOFTWARE\CPUZ
HKLM\SOFTWARE\CyberLink =>.CyberLink Corporation
HKLM\SOFTWARE\Google =>.Google
HKLM\SOFTWARE\Intel =>.Intel
HKLM\SOFTWARE\Internet Download Manager =>.Tonec Inc
HKLM\SOFTWARE\KasperskyLab =>.Kaspersky Labs
HKLM\SOFTWARE\Khronos =>.Khronos
HKLM\SOFTWARE\Macromedia =>.Macromedia
HKLM\SOFTWARE\Mail.Ru =>.Mail.Ru
HKLM\SOFTWARE\McAfee =>.McAfee Inc.
HKLM\SOFTWARE\Mozilla =>.Mozilla
HKLM\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Norton =>.Symantec Corporation
HKLM\SOFTWARE\Nuance =>.Nuance
HKLM\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Orbweb Inc. =>.Orbweb Inc.
HKLM\SOFTWARE\Qualcomm =>.Qualcomm Atheros
HKLM\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Soda PDF Desktop 10 =>.Lulu Software
HKLM\SOFTWARE\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\SYLSoft
HKLM\SOFTWARE\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKLM\SOFTWARE\WOW6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\WOW6432Node\ASUS =>.ASUS
HKLM\SOFTWARE\WOW6432Node\ATHEROS =>.Qualcomm Atheros
HKLM\SOFTWARE\WOW6432Node\Caphyon =>.Caphyon
HKLM\SOFTWARE\WOW6432Node\Chromium =>.Chromium
HKLM\SOFTWARE\WOW6432Node\CPUZ
HKLM\SOFTWARE\WOW6432Node\CyberLink =>.CyberLink Corporation
HKLM\SOFTWARE\WOW6432Node\Google =>.Google
HKLM\SOFTWARE\WOW6432Node\Intel =>.Intel
HKLM\SOFTWARE\WOW6432Node\Internet Download Manager =>.Tonec Inc
HKLM\SOFTWARE\WOW6432Node\KasperskyLab =>.Kaspersky Labs
HKLM\SOFTWARE\WOW6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\WOW6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\WOW6432Node\Mail.Ru =>.Mail.Ru
HKLM\SOFTWARE\WOW6432Node\McAfee =>.McAfee Inc.
HKLM\SOFTWARE\WOW6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\WOW6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\WOW6432Node\Norton =>.Symantec Corporation
HKLM\SOFTWARE\WOW6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\WOW6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\WOW6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\WOW6432Node\Orbweb Inc. =>.Orbweb Inc.
HKLM\SOFTWARE\WOW6432Node\Qualcomm =>.Qualcomm Atheros
HKLM\SOFTWARE\WOW6432Node\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\WOW6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\WOW6432Node\Soda PDF Desktop 10 =>.Lulu Software
HKLM\SOFTWARE\WOW6432Node\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\WOW6432Node\SYLSoft
HKLM\SOFTWARE\WOW6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\WOW6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\ASUS =>.ASUS
HKCU\SOFTWARE\AutoTransferPC
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\Corel =>.Corel
HKCU\SOFTWARE\Downloader =>.SQ sDownloader
HKCU\SOFTWARE\DownloadManager =>.DownloadManager
HKCU\SOFTWARE\ecareme =>.Ecareme
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\KasperskyLab =>.Kaspersky Labs
HKCU\SOFTWARE\Mail.Ru =>.Mail.Ru
HKCU\SOFTWARE\MAL =>Adware.ICLoader
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\nwjs =>.NW.js
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Opera Stable Offer
HKCU\SOFTWARE\PDF Tools AG =>.PDF Tools AG
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Rtp =>.RTP Software
HKCU\SOFTWARE\Soda PDF Desktop 10 =>.Lulu Software
HKCU\SOFTWARE\SyncEngines =>.Microsoft Corporation
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\TelegramDesktop
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\WixSharp =>.Legitimate
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\Mail.Ru =>.Mail.Ru
HKU\.DEFAULT\SOFTWARE\Corel =>.Corel
HKU\.DEFAULT\SOFTWARE\McAfee =>.McAfee Inc.
HKU\.DEFAULT\SOFTWARE\Nico Mak Computing =>.Nico Mak Computing
HKU\.DEFAULT\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKU\.DEFAULT\SOFTWARE\PDF Tools AG =>.PDF Tools AG
HKU\.DEFAULT\SOFTWARE\Soda PDF Desktop 10 =>.Lulu Software
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\ASUS =>.ASUS
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\AutoTransferPC
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Chromium =>.Chromium
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Corel =>.Corel
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Downloader =>.SQ sDownloader
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\DownloadManager =>.DownloadManager
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\ecareme =>.Ecareme
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Google =>.Google
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Intel =>.Intel
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\KasperskyLab =>.Kaspersky Labs
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Mail.Ru =>.Mail.Ru
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\MAL =>Adware.ICLoader
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Malwarebytes =>.Malwarebytes
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Mozilla =>.Mozilla
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Netscape =>.Netscape
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\nwjs =>.NW.js
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Opera Stable Offer
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\PDF Tools AG =>.PDF Tools AG
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\QtProject =>.QtProject
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Rtp =>.RTP Software
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Soda PDF Desktop 10 =>.Lulu Software
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\SyncEngines =>.Microsoft Corporation
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Sysinternals =>.Sysinternals
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\TelegramDesktop
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\WinRAR =>.WinRAR
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\WinRAR SFX =>.RarLab
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\WixSharp =>.Legitimate
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKU\S-1-5-21-3969353691-2879946913-2896901535-1001\SOFTWARE\ZHP =>.Nicolas Coolman

---\\ Contents of the Common Files folders (178) - 2s
O43 - CFD: 11/06/2018 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files\CyberLink =>.CyberLink Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files\DIFX =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files\internet explorer =>.Microsoft Corporation
O43 - CFD: 02/06/2018 - [] AD -- C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files\Microsoft Office 15 =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 10/06/2018 - [0] D -- C:\Program Files\My Program
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 03/06/2018 - [] D -- C:\Program Files\Orbweb Inc {00F19FDCD325B71DE8}
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 03/06/2018 - [] AD -- C:\Program Files\rempl =>.Microsoft Corporation®
O43 - CFD: 04/05/2017 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 09/06/2018 - [] D -- C:\Program Files\VideoLAN =>.VideoLan Team
O43 - CFD: 05/06/2018 - [] RD -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files\windows nt =>.Microsoft Corporation
O43 - CFD: 12/06/2018 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files\Windows Security =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 13/06/2018 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 06/06/2018 - [] D -- C:\Program Files\WinRAR =>.win.rar GmbH®
O43 - CFD: 29/09/2017 - [] AD -- C:\Program Files (x86)\AmUStor =>.Alocr Micro
O43 - CFD: 12/06/2018 - [] D -- C:\Program Files (x86)\ASUS =>.ASUSTeK Computer Inc.®
O43 - CFD: 11/06/2018 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files (x86)\Cyberlink =>.CyberLink Corporation
O43 - CFD: 10/06/2018 - [] D -- C:\Program Files (x86)\fasst =>PUP.Optional.FAssistant
O43 - CFD: 02/06/2018 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files (x86)\ICEpower =>.ICEpower
O43 - CFD: 29/09/2017 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Internet Download Manager =>.Tonec Inc
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 11/06/2018 - [] D -- C:\Program Files (x86)\Kaspersky Lab =>.Kaspersky Lab
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 11/06/2018 - [0] D -- C:\Program Files (x86)\Multitimer
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 29/09/2017 - [] AD -- C:\Program Files (x86)\Qualcomm =>.Qualcomm Atheros
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [0] HD -- C:\Program Files (x86)\Temp =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [0] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 13/06/2018 - [] D -- C:\Program Files (x86)\USB Disk Security =>.FlashPeak Inc
O43 - CFD: 09/06/2018 - [0] D -- C:\Program Files (x86)\VideoLAN =>.VideoLan Team
O43 - CFD: 03/06/2018 - [] D -- C:\Program Files (x86)\VulkanRT =>.LunarG, Inc
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files (x86)\windows nt =>.Microsoft Corporation
O43 - CFD: 12/06/2018 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] SHD -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 10/06/2018 - [] D -- C:\Program Files (x86)\wwdmx
O43 - CFD: 12/04/2018 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 12/06/2018 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 05/06/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS =>.ASUS
O43 - CFD: 05/06/2018 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 5 =>.CyberLink Corporation
O43 - CFD: 05/06/2018 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12 =>.CyberLink Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower =>.ICEpower
O43 - CFD: 05/06/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager =>.Tonec Inc
O43 - CFD: 11/06/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security =>.Kaspersky Lab
O43 - CFD: 11/06/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection =>.Kaspersky Lab
O43 - CFD: 12/04/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek =>.Realtek
O43 - CFD: 11/06/2018 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 06/06/2018 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 29/09/2017 - [] D -- C:\ProgramData\AmUStor =>.Alocr Micro
O43 - CFD: 03/06/2018 - [] D -- C:\ProgramData\Caphyon =>.Caphyon
O43 - CFD: 29/09/2017 - [] D -- C:\ProgramData\CyberLink =>.CyberLink Corporation
O43 - CFD: 11/06/2018 - [0] D -- C:\ProgramData\dahkService
O43 - CFD: 05/06/2018 - [0] D -- C:\ProgramData\IDM =>.IDM
O43 - CFD: 29/09/2017 - [] D -- C:\ProgramData\install_clap =>.Microsoft Corporation
O43 - CFD: 10/06/2018 - [] D -- C:\ProgramData\Intel =>.Intel Corporation
O43 - CFD: 13/06/2018 - [] D -- C:\ProgramData\Kaspersky Lab =>.Kaspersky Lab
O43 - CFD: 11/06/2018 - [] D -- C:\ProgramData\Kaspersky Lab Setup Files =>.Kaspersky Lab
O43 - CFD: 06/06/2018 - [] D -- C:\ProgramData\Mail.Ru =>.Mail.Ru
O43 - CFD: 11/06/2018 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 13/06/2018 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 11/06/2018 - [] D -- C:\ProgramData\Norton =>.Symantec Corporation
O43 - CFD: 13/06/2018 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 03/06/2018 - [] D -- C:\ProgramData\Orbweb Inc
O43 - CFD: 07/06/2018 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 13/06/2018 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [0] D -- C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\ProgramData\Temp =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\ProgramData\UniqueId =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\ProgramData\USBChargerPlus =>.ASUSTeK
O43 - CFD: 05/06/2018 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] D -- C:\ProgramData\WindowsHolographicDevices =>.Microsoft Corporation
O43 - CFD: 06/06/2018 - [] AD -- C:\ProgramData\WinZip =>.WinZip
O43 - CFD: 29/09/2017 - [0] D -- C:\Program Files (x86)\Common Files\Atheros =>.Qualcomm Atheros
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files (x86)\Common Files\Nikon =>.Nikon
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files (x86)\Common Files\PostureAgent =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Program Files (x86)\Common Files\Qualcomm =>.Qualcomm Atheros
O43 - CFD: 12/04/2018 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Program Files (x86)\Common Files\system =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Users\شعس\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 13/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\DMCache =>.DMCache
O43 - CFD: 02/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Google =>.Google
O43 - CFD: 09/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\IDM =>.IDM
O43 - CFD: 02/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 10/06/2018 - [] SD -- C:\Users\شعس\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 03/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Soda PDF Desktop 10 =>.Lulu Software
O43 - CFD: 12/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Telegram Desktop =>.Telegram Messenger LLP
O43 - CFD: 12/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\uTorrent Web
O43 - CFD: 06/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 13/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Zbshareware Lab =>.Zbshareware Lab
O43 - CFD: 13/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 05/06/2018 - [] D -- C:\Users\شعس\AppData\Local\assembly =>.Assembly
O43 - CFD: 05/06/2018 - [] D -- C:\Users\شعس\AppData\Local\CEF =>.CEF
O43 - CFD: 02/06/2018 - [] D -- C:\Users\شعس\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Users\شعس\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 13/06/2018 - [] D -- C:\Users\شعس\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Users\شعس\AppData\Local\Crashpad =>.Unknown
O43 - CFD: 11/06/2018 - [] D -- C:\Users\شعس\AppData\Local\D3DSCache =>.Legitimate
O43 - CFD: 29/09/2017 - [0] D -- C:\Users\شعس\AppData\Local\DBG =>.DBG
O43 - CFD: 04/06/2018 - [] D -- C:\Users\شعس\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 11/06/2018 - [] D -- C:\Users\شعس\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 03/06/2018 - [] D -- C:\Users\شعس\AppData\Local\Google =>.Google
O43 - CFD: 06/06/2018 - [] D -- C:\Users\شعس\AppData\Local\Mail.Ru =>.Mail.Ru
O43 - CFD: 13/06/2018 - [] D -- C:\Users\شعس\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 03/06/2018 - [] D -- C:\Users\شعس\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 11/06/2018 - [] D -- C:\Users\شعس\AppData\Local\NPE =>.NPE
O43 - CFD: 29/09/2017 - [] D -- C:\Users\شعس\AppData\Local\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 09/06/2018 - [] D -- C:\Users\شعس\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Users\شعس\AppData\Local\PackageStaging =>.Apcera
O43 - CFD: 07/06/2018 - [0] D -- C:\Users\شعس\AppData\Local\PlaceholderTileLogoFolder =>.Microsoft Corporation
O43 - CFD: 06/06/2018 - [] D -- C:\Users\شعس\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Users\شعس\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 03/06/2018 - [0] D -- C:\Users\شعس\AppData\Local\Recovery =>.Recovery Labs
O43 - CFD: 13/06/2018 - [] D -- C:\Users\شعس\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [] D -- C:\Users\شعس\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 29/09/2017 - [0] D -- C:\Users\شعس\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 10/06/2018 - [] D -- C:\Users\شعس\AppData\Local\WhiteClick
O43 - CFD: 13/06/2018 - [] D -- C:\Users\شعس\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 06/06/2018 - [0] D -- C:\Users\شعس\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 10/06/2018 - [] D -- C:\Users\شعس\AppData\LocalLow\MAL
O43 - CFD: 02/06/2018 - [] D -- C:\Users\شعس\AppData\LocalLow\Microsoft =>.Microsoft Corporation
O43 - CFD: 09/06/2018 - [] D -- C:\Users\شعس\Desktop\Tricks2_www.samysoft.net_2
O43 - CFD: 09/06/2018 - [] D -- C:\Users\شعس\Desktop\u
O43 - CFD: 13/06/2018 - [] D -- C:\Users\شعس\Desktop\usbshow
O43 - CFD: 13/06/2018 - [] D -- C:\Users\شعس\Desktop\فلاشة الاء
O43 - CFD: 12/04/2018 - [] RD -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] RD -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] RD -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 05/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager =>.Tonec Inc
O43 - CFD: 12/04/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 10/06/2018 - [] RD -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [] RD -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 10/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop =>.Telegram Messenger LLP
O43 - CFD: 12/04/2018 - [] RD -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 06/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 08/06/2018 - [] D -- C:\Users\شعس\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\‏تطبيقات Chrome
O43 - CFD: 05/06/2018 - [] D -- C:\Users\Default\AppData\Local\D3DSCache =>.Legitimate
O43 - CFD: 12/04/2018 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 05/06/2018 - [] D -- C:\Users\Default User\AppData\Local\D3DSCache =>.Legitimate
O43 - CFD: 12/04/2018 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 12/04/2018 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 06/06/2018 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Mail.Ru =>.Mail.Ru
O43 - CFD: 06/06/2018 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 11/06/2018 - [0] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Temp =>.Microsoft Corporation

---\\ ShellIconOverlayIdentifiers (SIOI) (2) - 0s
O106 - SIOI: [ IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D}. (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll =>.Tonec Inc.®
O106 - SIOI: [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - مكتبة DLL الخاصة بملحق Shell للتخزين المحسّ.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation

---\\ Search Context Menu Handlers (SCMH) (33) - 3s
O108 - CMH1: EPP [64Bits] - {09A47860-11B0-4DA5-AFA5-26D86198A780} . (.Microsoft Corporation - ملحق Shell لنظام Microsoft Security Client.) -- C:\Program Files\Windows Defender\shellext.dll =>.Microsoft Windows®
O108 - CMH1: Kaspersky Anti-Virus 18.0.0 [64Bits] - {FF48AD48-74C7-4260-B385-FAEB80947450} . (.AO Kaspersky Lab - Shell Extension.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\shellex.dll =>.Kaspersky Lab®
O108 - CMH1: ModernSharing [64Bits] - {e2bf9676-5f8f-435c-97eb-11607a5bedf7} . (.Microsoft Corporation - امتداد Shell الخاص بالمشاركة.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation
O108 - CMH1: Open With [64Bits] - {09799AFB-AD67-11d1-ABCD-00C04FC30936} . (.Microsoft Corporation - ‎‎مكتبة DLL المشتركة لـ Windows Shell.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O108 - CMH1: Open With EncryptionMenu [64Bits] - {A470F8CF-A1E8-4f65-8335-227475AA5C46} . (.Microsoft Corporation - ‎‎مكتبة DLL المشتركة لـ Windows Shell.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O108 - CMH1: Sharing [64Bits] - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} . (.Microsoft Corporation - امتداد Shell الخاص بالمشاركة.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation
O108 - CMH1: WinRAR [64Bits] - {B41DB860-64E4-11D2-9906-E49FADC173CA} . (.Alexander Roshal - WinRAR shell extension.) -- C:\Program Files\WinRAR\RarExt.dll =>.win.rar GmbH®
O108 - CMH1: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH1: WorkFolders [64Bits] - {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} . (.Microsoft Corporation - ملحق Shell "لمجلدات العمل" من Microsoft (C).) -- C:\Windows\System32\WorkfoldersShell.dll =>.Microsoft Corporation
O108 - CMH2: NvAppShExt [64Bits] - {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} . (.NVIDIA Corporation - NVIDIA Shell Extensions.) -- C:\WINDOWS\system32\nv3dappshext.dll =>.NVIDIA Corporation
O108 - CMH2: OpenContainingFolderMenu [64Bits] - {37ea3a21-7493-4208-a011-7f9ea79ce9f5} . (.Microsoft Corporation - ‎‎مكتبة DLL المشتركة لـ Windows Shell.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O108 - CMH2: OpenGLShExt [64Bits] - {E97DEC16-A50D-49bb-AE24-CF682282E08D} . (.NVIDIA Corporation - NVIDIA Shell Extensions.) -- C:\WINDOWS\system32\nv3dappshext.dll =>.NVIDIA Corporation
O108 - CMH3: CopyAsPathMenu [64Bits] - {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} . (.Microsoft Corporation - ‎‎مكتبة DLL المشتركة لـ Windows Shell.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O108 - CMH3: SendTo [64Bits] - {7BA4C740-9E81-11CF-99D3-00AA004AE837} . (.Microsoft Corporation - ‎‎مكتبة DLL المشتركة لـ Windows Shell.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O108 - CMH4: EncryptionMenu [64Bits] - {A470F8CF-A1E8-4f65-8335-227475AA5C46} . (.Microsoft Corporation - ‎‎مكتبة DLL المشتركة لـ Windows Shell.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O108 - CMH4: EPP [64Bits] - {09A47860-11B0-4DA5-AFA5-26D86198A780} . (.Microsoft Corporation - ملحق Shell لنظام Microsoft Security Client.) -- C:\Program Files\Windows Defender\shellext.dll =>.Microsoft Windows®
O108 - CMH4: Kaspersky Anti-Virus 18.0.0 [64Bits] - {FF48AD48-74C7-4260-B385-FAEB80947450} . (.AO Kaspersky Lab - Shell Extension.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\shellex.dll =>.Kaspersky Lab®
O108 - CMH4: Sharing [64Bits] - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} . (.Microsoft Corporation - امتداد Shell الخاص بالمشاركة.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation
O108 - CMH4: WorkFolders [64Bits] - {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} . (.Microsoft Corporation - ملحق Shell "لمجلدات العمل" من Microsoft (C).) -- C:\Windows\System32\WorkfoldersShell.dll =>.Microsoft Corporation
O108 - CMH5: igfxDTCM [64Bits] - {9B5F5829-A529-4B12-814A-E81BCB8D93FC} . (.Intel Corporation - igfxDTCM Module.) -- C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0d8b06fa651db23a\igfxDTCM.dll =>.Microsoft Windows Hardware Compatibility Publisher®
O108 - CMH5: New [64Bits] - {D969A300-E7FF-11d0-A93B-00A0C90F2719} . (.Microsoft Corporation - ‎‎مكتبة DLL المشتركة لـ Windows Shell.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O108 - CMH5: NvCplDesktopContext [64Bits] - {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} . (.NVIDIA Corporation - NVIDIA Display Shell Extension.) -- C:\WINDOWS\System32\nvshext.dll =>.NVIDIA Corporation
O108 - CMH5: Sharing [64Bits] - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} . (.Microsoft Corporation - امتداد Shell الخاص بالمشاركة.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation
O108 - CMH5: WorkFolders [64Bits] - {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} . (.Microsoft Corporation - ملحق Shell "لمجلدات العمل" من Microsoft (C).) -- C:\Windows\System32\WorkfoldersShell.dll =>.Microsoft Corporation
O108 - CMH6: Kaspersky Anti-Virus 18.0.0 [64Bits] - {FF48AD48-74C7-4260-B385-FAEB80947450} . (.AO Kaspersky Lab - Shell Extension.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\shellex.dll =>.Kaspersky Lab®
O108 - CMH6: Library Location [64Bits] - {3dad6c5d-2167-4cae-9914-f99e41c12cfa} . (.Microsoft Corporation - ‎‎مكتبة DLL المشتركة لـ Windows Shell.) -- C:\Windows\System32\shell32.dll =>.Microsoft Windows®
O108 - CMH6: PintoStartScreen [64Bits] - {470C0EBD-5D73-4d58-9CED-E91E22E23282} . (.Microsoft Corporation - محلل التطبيق.) -- C:\Windows\System32\appresolver.dll =>.Microsoft Windows®
O108 - CMH6: WinRAR [64Bits] - {B41DB860-64E4-11D2-9906-E49FADC173CA} . (.Alexander Roshal - WinRAR shell extension.) -- C:\Program Files\WinRAR\RarExt.dll =>.win.rar GmbH®
O108 - CMH6: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH7: EnhancedStorageShell [64Bits] - {2854F705-3548-414C-A113-93E27C808C85} . (.Microsoft Corporation - مكتبة DLL الخاصة بملحق Shell للتخزين المحسّ.) -- C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O108 - CMH7: EPP [64Bits] - {09A47860-11B0-4DA5-AFA5-26D86198A780} . (.Microsoft Corporation - ملحق Shell لنظام Microsoft Security Client.) -- C:\Program Files\Windows Defender\shellext.dll =>.Microsoft Windows®
O108 - CMH7: Kaspersky Anti-Virus 18.0.0 [64Bits] - {FF48AD48-74C7-4260-B385-FAEB80947450} . (.AO Kaspersky Lab - Shell Extension.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\shellex.dll =>.Kaspersky Lab®
O108 - CMH7: Sharing [64Bits] - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} . (.Microsoft Corporation - امتداد Shell الخاص بالمشاركة.) -- C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

---\\ Image File Execution Options (18) - 1s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - ‎‎أداة التثبيت المساعدة غير المراقبة لـ IE.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - ‎‎Microsoft Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - أداة إزالة البرامج الضارة لـ Microsoft Wind.) [CFGOptions\\1] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - ‎‎مضيف تطبيق Microsoft (R) HTML.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - مضيف Windows Presentation Foundation.) [MitigationOptions\\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - ‎‎عملية مضيفة لخدمات Windows.) [MinimumStackCommitInBytes\\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - ‎‎عملية مضيفة لخدمات Windows.) [MitigationAuditOptions\\17660905521152] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation

---\\ System Drivers List (90) - 21s
O58 - SDL:2018/04/12 02:33:48 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [107416] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1135520] =>.Microsoft Windows®
O58 - SDL:2016/11/15 01:46:38 A . (.ASUSTek Computer Inc. - ASUS Charger driver.) -- C:\WINDOWS\System32\drivers\AiCharger.sys [29312] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2018/04/12 02:33:48 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [83360] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [259480] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [27032] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
O58 - SDL:2016/12/19 17:52:28 A . (.ASUS - HID minidriver for ASUS Wireless Radio Cont.) -- C:\WINDOWS\System32\drivers\AsRadioControl.sys [31120] =>.ASUSTeK Computer Inc.®
O58 - SDL:2016/12/20 21:02:14 A . (.ASUS Corporation - Asus PTP Filter Driver (x64).) -- C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [99320] =>.ASUSTeK Computer Inc.®
O58 - SDL:2018/04/12 02:33:48 A . (. - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Broadcom Corporation
O58 - SDL:2017/04/16 12:28:00 A . (.Qualcomm - Qualcomm BtFilter Driver.) -- C:\WINDOWS\System32\drivers\btfilter.sys [605616] =>.Qualcomm Atheros®
O58 - SDL:2018/04/12 02:33:48 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [533912] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys [143768] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys [321432] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Chelsio Communications - VF library for Chelsio ® T5/T6 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vfx.sys [29184] =>.Chelsio Communications
O58 - SDL:2018/04/12 02:33:49 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T5/T6 Chip.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys [1836952] =>.Microsoft Windows®
O58 - SDL:2016/12/26 20:27:10 A . (.AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit).) -- C:\WINDOWS\System32\drivers\cm_km.sys [247008] =>.Kaspersky Lab®
O58 - SDL:2017/02/06 04:57:18 A . (.Intel Corporation - DPTF CPU Device (64-Bit).) -- C:\WINDOWS\System32\drivers\dptf_cpu.sys [67976] =>.Intel Corporation®
O58 - SDL:2017/02/06 04:57:18 A . (.Intel Corporation - DPTF Zone (64-Bit).) -- C:\WINDOWS\System32\drivers\esif_lf.sys [355208] =>.Intel Corporation®
O58 - SDL:2018/04/12 02:33:48 A . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys [3419032] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [64408] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:45 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys [36864] =>.Intel(R) Corporation
O58 - SDL:2018/04/12 02:33:45 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [91648] =>.Intel(R) Corporation
O58 - SDL:2018/04/12 02:33:45 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [79360] =>.Intel Corporation
O58 - SDL:2018/04/12 02:33:45 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [88576] =>.Intel Corporation
O58 - SDL:2018/04/12 02:33:45 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [171520] =>.Intel Corporation
O58 - SDL:2018/04/12 02:33:45 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [174592] =>.Intel Corporation
O58 - SDL:2016/10/27 01:26:28 A . (.Intel Corporation - Intel(R) Serial IO SPI Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [151352] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2016/10/27 01:26:32 A . (.Intel Corporation - Intel(R) Serial IO UART Driver.) -- C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [287032] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2018/04/12 02:33:48 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2018/04/12 02:33:45 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2017/01/06 04:01:50 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver -.) -- C:\WINDOWS\System32\drivers\iaStorA.sys [798728] =>.Intel(R) Rapid Storage Technology®
O58 - SDL:2018/04/12 02:33:49 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAVC.sys [885144] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys [526232] =>.Microsoft Windows®
O58 - SDL:2018/03/01 17:36:14 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\WINDOWS\System32\drivers\idmwfp.sys [226032] =>.Tonec Inc.®
O58 - SDL:2017/06/23 12:50:02 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\WINDOWS\System32\drivers\IntcDAud.sys [825344] =>.Intel(R) OWR®
O58 - SDL:2018/04/12 02:33:48 A . (.Avago Technologies - Avago SAS Gen3.5 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\ItSas35i.sys [145816] =>.Microsoft Windows®
O58 - SDL:2016/10/01 02:26:00 A . (.AO Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\System32\drivers\kl1.sys [554408] =>.Kaspersky Lab®
O58 - SDL:2018/01/09 15:55:40 A . (.AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64].) -- C:\WINDOWS\System32\drivers\klbackupdisk.sys [70880] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:32:38 A . (.AO Kaspersky Lab - Backup File Filter [fre_win8_x64].) -- C:\WINDOWS\System32\drivers\klbackupflt.sys [120008] =>.Kaspersky Lab®
O58 - SDL:2016/05/31 23:24:06 A . (.AO Kaspersky Lab - Virtual Disk [fre_wnet_x64].) -- C:\WINDOWS\System32\drivers\kldisk.sys [78216] =>.Kaspersky Lab®
O58 - SDL:2016/10/14 02:44:02 A . (.AO Kaspersky Lab - Early Launch Anti-Malware Filter [fre_win8_.) -- C:\WINDOWS\System32\drivers\klelam.sys [29816] =>.Microsoft Windows Early Launch Anti-malware Publisher®
O58 - SDL:2018/06/11 18:32:47 A . (.AO Kaspersky Lab - Filter Core [fre_win8_x64].) -- C:\WINDOWS\System32\drivers\klflt.sys [207560] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:32:49 A . (.AO Kaspersky Lab - klhk [fre_win8_x64].) -- C:\WINDOWS\System32\drivers\klhk.sys [1191616] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:32:48 A . (.AO Kaspersky Lab - Core System Interceptors [fre_win8_x64].) -- C:\WINDOWS\System32\drivers\klif.sys [1057992] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:32:49 A . (.AO Kaspersky Lab - Packet Network Filter [fre_win8_x64].) -- C:\WINDOWS\System32\drivers\klim6.sys [57032] =>.Kaspersky Lab®
O58 - SDL:2016/12/23 09:20:56 A . (.AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64].) -- C:\WINDOWS\System32\drivers\klkbdflt.sys [57056] =>.Kaspersky Lab®
O58 - SDL:2016/12/07 09:30:58 A . (.AO Kaspersky Lab - Mouse Device Filter [fre_win8_x64].) -- C:\WINDOWS\System32\drivers\klmouflt.sys [58592] =>.Kaspersky Lab®
O58 - SDL:2018/01/09 15:55:40 A . (.AO Kaspersky Lab - Format Recognizer [fre_wnet_x64].) -- C:\WINDOWS\System32\drivers\klpd.sys [50672] =>.Kaspersky Lab®
O58 - SDL:2017/01/20 13:22:24 A . (.AO Kaspersky Lab - Generic PnP filter [fre_win8_x64].) -- C:\WINDOWS\System32\drivers\klpnpflt.sys [44768] =>.Kaspersky Lab®
O58 - SDL:2016/06/07 01:31:06 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) -- C:\WINDOWS\System32\drivers\kltap.sys [52152] =>.AnchorFree Inc®
O58 - SDL:2018/06/11 18:29:57 A . (.AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Monitor.) -- C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys [236488] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:33:52 A . (.AO Kaspersky Lab - Kernel heuristics engine.) -- C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys [87584] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:34:54 A . (.AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit.) -- C:\WINDOWS\System32\drivers\klupd_klif_klark.sys [258864] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:29:57 A . (.AO Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\System32\drivers\klupd_klif_klbg.sys [109248] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:29:56 A . (.AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Engine.) -- C:\WINDOWS\System32\drivers\klupd_klif_mark.sys [177848] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:32:54 A . (.AO Kaspersky Lab - WFP Network Filter [fre_win8_x64].) -- C:\WINDOWS\System32\drivers\klwfp.sys [93888] =>.Kaspersky Lab®
O58 - SDL:2018/06/11 18:32:38 A . (.AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_w.) -- C:\WINDOWS\System32\drivers\klwtp.sys [141000] =>.Kaspersky Lab®
O58 - SDL:2018/01/09 15:55:40 A . (.AO Kaspersky Lab - Network Processor [fre_wnet_x64].) -- C:\WINDOWS\System32\drivers\kneps.sys [199392] =>.Kaspersky Lab®
O58 - SDL:2018/04/12 02:33:48 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [108952] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [124312] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [128408] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [59800] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys [75160] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas35i.sys [82328] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [575896] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys [842648] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [108952] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150424] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:48 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
O58 - SDL:2017/02/23 21:34:04 A . (.NVIDIA Corporation - NVIDIA Virtual Audio Driver.) -- C:\WINDOWS\System32\drivers\nvvad64v.sys [47672] =>.NVIDIA Corporation®
O58 - SDL:2017/02/23 21:34:06 A . (.NVIDIA Corporation - Virtual USB Host Controller driver.) -- C:\WINDOWS\System32\drivers\nvvhci.sys [59448] =>.NVIDIA Corporation®
O58 - SDL:2018/04/12 02:33:49 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [58776] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
O58 - SDL:2017/04/16 12:28:20 A . (.Qualcomm Atheros, Inc. - Qualcomm Atheros Extensible Wireless LAN de.) -- C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2412976] =>.Qualcomm Atheros®
O58 - SDL:2016/08/01 04:42:39 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.40 64-bit Dr.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [943112] =>.Realtek Semiconductor Corp.®
O58 - SDL:2018/04/12 02:33:53 RA . (.Realtek - Realtek PCIe GBE Family Controller Flight.) -- C:\WINDOWS\System32\drivers\rteth.sys [65536] =>.Realtek
O58 - SDL:2017/05/04 00:52:46 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys [5753856] =>.Realtek Semiconductor Corp.®
O58 - SDL:2018/04/12 02:33:49 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [44952] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [81816] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [31128] =>.Microsoft Windows®
O58 - SDL:2016/12/02 15:09:42 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [204920] =>.Intel(R) Embedded Subsystems and IP Blocks Group®
O58 - SDL:2018/04/12 02:34:14 A . (...) -- C:\WINDOWS\System32\drivers\UsbPmApi.sys [39936]
O58 - SDL:2018/04/12 02:33:49 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [166808] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305560] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys [32152] =>.Microsoft Windows®
O58 - SDL:2018/04/12 02:33:49 A . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®

---\\ Last modified or created user files (10) - 61s
O61 - LFC: 2018/06/05 08:09:56 A . (..) -- C:\Users\شعس\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe [0]
O61 - LFC: 2018/06/05 08:09:56 A . (..) -- C:\Users\شعس\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe [0]
O61 - LFC: 2018/06/05 13:33:28 AO . (..) -- C:\Users\شعس\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\Local\Microsoft\OneDrive\OneDrive.exe [1628840]
O61 - LFC: 2018/06/02 23:36:51 AO . (..) -- C:\Users\شعس\AppData\Local\Packages\ZhuhaiKingsoftOfficeSoftw.WPSOffice_924xes6e8q1tw\LocalCache\Local\assembly\dl3\A2EK0632.QGT\HRDTVVPK.QEB\03386fcc\0048ee99_6054d301\AddinExpress.MSO.2005.DLL [4082408]
O61 - LFC: 2018/06/02 23:36:50 AO . (..) -- C:\Users\شعس\AppData\Local\Packages\ZhuhaiKingsoftOfficeSoftw.WPSOffice_924xes6e8q1tw\LocalCache\Local\assembly\dl3\A2EK0632.QGT\HRDTVVPK.QEB\a9053aa2\0048ee99_6054d301\WinZipExpressForOffice.DLL [39936]
O61 - LFC: 2018/06/13 18:14:30 A . (..) -- C:\Users\شعس\AppData\Roaming\sp_data.sys [200]
O61 - LFC: 2018/06/10 18:31:36 A . (..) -- C:\Users\شعس\AppData\Roaming\Telegram Desktop\unins000.exe [1567953]
O61 - LFC: 2018/06/09 05:01:53 A . (..) -- C:\Users\شعس\Desktop\u\utmp\u.exe [2400392] {05ABAC07F8D0CE567F7D75EE047EFEE2}
O61 - LFC: 2018/05/20 20:50:36 A . (..) -- C:\Users\شعس\Documents\Patch.exe [1800121]
O61 - LFC: 2018/06/08 01:39:37 A . (.com0do99+.) -- C:\Users\شعس\Downloads\Programs\jsoftj.com_IDM Optimizer - Stable_jsoftj.com.exe [671232]

---\\ File Associations Shell Spawning (10) - 2s
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* =>.Default.Value
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* =>.Default.Value
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* =>.Default.Value
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* =>.Default.Value
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (...) -- C:\Windows\System32\WScript.exe "%1" %* =>.Default.Value
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S =>.Default.Value

---\\ Start Menu Internet (8) - 0s
O68 - StartMenuInternet: [64Bits][HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: [64Bits][HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: [64Bits][HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

---\\ Search Browser Infection (2) - 0s
O69 - SBI: SearchScopes [HKCU] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] [64Bits]{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com

---\\ Search Svchost Services (49) - 2s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\WINDOWS\System32\certprop.dll [188928] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [188928] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [271360] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - عميل نهج المجموعة.) -- C:\Windows\System32\gpsvc.dll [1267712] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [990208] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [786432] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي الخاصة بخدمة تسجي.) -- C:\Windows\System32\seclogon.dll [30720] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [150528] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [109568] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - خدمة جدولة المهام.) -- C:\Windows\System32\schedsvc.dll [889344] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [224256] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [394240] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [397312] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - تقارير المشاكل وحلولها.) -- C:\Windows\System32\wercplsupport.dll [119808] =>.Microsoft Corporation
O83 - Search Svchost Services: InstallService (InstallService) . (.Microsoft Corporation - InstallService.) -- C:\Windows\System32\InstallService.dll [1485312] =>.Microsoft Corporation
O83 - Search Svchost Services: LxpSvc (LxpSvc) . (.Microsoft Corporation - Provides infrastructure support for deployi.) -- C:\Windows\System32\LanguageOverlayServer.dll [199680] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\Windows\System32\Windows.SharedPC.AccountManager.dll [195584] =>.Microsoft Corporation
O83 - Search Svchost Services: PushToInstall (PushToInstall) . (.Microsoft Corporation - PushToInstall.) -- C:\Windows\System32\PushToInstall.dll [262144] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\Windows\System32\XblGameSave.dll [1308672] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\Windows\System32\NcaSvc.dll [167936] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\Windows\System32\Windows.Internal.Management.dll [824320] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\Windows\System32\XblAuthManager.dll [1115648] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [402944] =>.Microsoft Corporation
O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) -- C:\Windows\System32\NaturalAuth.dll [824832] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - خدمة إعداد الشبكة.) -- C:\Windows\System32\NetSetupSvc.dll [335360] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\Windows\System32\wlidsvc.dll [2248192] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\Windows\System32\DeviceSetupManager.dll [235008] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\Windows\System32\usermgr.dll [1027584] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) -- C:\Windows\System32\XboxGipSvc.dll [58880] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [166912] =>.Microsoft Corporation
O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) -- C:\Windows\System32\TokenBroker.dll [1395200] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\Windows\System32\lfsvc.dll [44544] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\Windows\System32\irmon.dll [24576] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [104960] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [932352] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [497664] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [73216] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [604672] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [308224] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - عامل Windows Update.) -- C:\Windows\System32\wuaueng.dll [2902016] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [1374208] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمات Windows Sh.) -- C:\Windows\System32\shsvcs.dll [613376] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\Windows\System32\dmwappushsvc.dll [57856] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - إعدادات الطيران.) -- C:\Windows\System32\flightsettings.dll [858112] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\Windows\System32\WpnService.dll [280576] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\Windows\System32\XboxNetApiSvc.dll [1148928] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\Windows\System32\usocore.dll [1371648] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [133632] =>.Microsoft Corporation

---\\ Firewall Active Exception List (7) - 3s
O87 - FAEL: "{E6ED3839-5B56-4EF0-A1B6-B3273120B16B}" [In-None-P6-TRUE] .(...) -- C:\Program Files\WindowsApps\B9ECED6F.ZenSync_1.0.2.0_x86__qmba6cd70vzyy\AppService\AppService_NotificationHost.exe =>.ASUSTeK Computer Inc.®
O87 - FAEL: "{126C7A25-C77C-4A22-BB0B-6D9F54DEA967}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (.not file.) =>.SUP.Orphan
O87 - FAEL: "{DB20557E-1F5F-4462-84A1-5E40D858AF2A}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (.not file.) =>.SUP.Orphan
O87 - FAEL: "{3AE6EB2E-CF72-477E-A358-4471463A47B0}" [In-None-P17-TRUE] .(...) -- C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE (.not file.) =>.SUP.Orphan
O87 - FAEL: "{2466702F-EE0D-4D11-9ED1-E3DFE0A8A3CD}" [In-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent Web.) -- C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O87 - FAEL: "{EC6C69FE-8439-4006-9044-8D417B439A6E}" [In-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent Web.) -- C:\Users\شعس\AppData\Roaming\uTorrent Web\utweb.exe =>.BitTorrent Inc®
O87 - FAEL: "{11DC8521-7314-408A-B918-74488F2E5493}" [In-None-P6-TRUE] .(...) -- C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe (.not file.) =>.SUP.Orphan

---\\ Product Upgrade Codes (44) - 1s
O90 - PUC: "00006109C80000000100000000F01FEC" [HKLM] . (.Office 16 Click-to-Run Extensibility Component.) =>.Microsoft Corporation
O90 - PUC: "00006109C80010400100000000F01FEC" [HKLM] . (.Office 16 Click-to-Run Localization Component.) =>.Microsoft Corporation
O90 - PUC: "00006109E70000000100000000F01FEC" [HKLM] . (.Office 16 Click-to-Run Licensing Component.) =>.Microsoft Corporation
O90 - PUC: "0E50B6D8754FC804D9314539438DAF1E" [HKLM] . (.Device Setup.) -- C:\Windows\Installer\{8D6B05E0-F457-408C-9D13-549334D8FAE1}\_6FEFF9B68218417F98F549.exe =>.Epson/Seico
O90 - PUC: "155E116B4F4009F45A39BAEC9FC6C5EC" [HKLM] . (.Microsoft VC++ redistributables repacked..) =>.Microsoft Corporation
O90 - PUC: "1926E8D15D0BCE53481466615F760A7F" [HKLM] . (.Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219.) =>.Microsoft Corporation
O90 - PUC: "1D5E3C0FEDA1E123187686FED06E995A" [HKLM] . (.Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219.) =>.Microsoft Corporation
O90 - PUC: "21EE4A31AE32173319EEFE3BD6FDFFE3" [HKLM] . (.Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005.) =>.Microsoft Corporation
O90 - PUC: "22BEFC8F7E2A1793E9ADB411DEFE1C58" [HKLM] . (.Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005.) =>.Microsoft Corporation
O90 - PUC: "2A077E75FAB2AAC4AB3ADB98E622453D" [HKLM] . (.AudioWizard.) -- C:\Windows\Installer\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}\ARPPRODUCTICON.exe =>.Microsoft Corporation
O90 - PUC: "44D916E8D4849154095C0CC5381708CE" [HKLM] . (.Intel(R) Management Engine Components.) =>.Intel Corporation
O90 - PUC: "46E4E4BA2AD634E469E938CA1B5FB76B" [HKLM] . (.Alcor Micro USB Card Reader Driver.) -- C:\Windows\Installer\{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6}\ARPPRODUCTICON.exe =>.Alcor Micro Corporation
O90 - PUC: "47CA2FBBC0273BC32819E543302923AF" [HKLM] . (.Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215.) =>.Microsoft Corporation
O90 - PUC: "50FA96906FF400C4496034952983EDD0" [HKLM] . (.ASUS Splendid Video Enhancement Technology.) -- C:\Windows\Installer\{0969AF05-4FF6-4C00-9406-43599238DE0D}\_853F67D554F05449430E7E.exe =>.ASUSTeK
O90 - PUC: "5286461E193D0A2439AA72AF18D00A39" [HKLM] . (.PowerDirector.) -- C:\Windows\Installer\{E1646825-D391-42A0-93AA-27FA810DA093}\ARPPRODUCTICON.exe =>.CyberLink Corporation
O90 - PUC: "5CE454A5A7125a24C81ED2ED4C7EE010" [HKLM] . (.PhotoDirector.) -- C:\Windows\Installer\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}\ARPPRODUCTICON.exe =>.CyberLink Corporation
O90 - PUC: "5CF0251881539E04893007ECA808D170" [HKLM] . (.Intel(R) Chipset Device Software.) =>.Intel Corporation
O90 - PUC: "5E3E958AF26CAFB4FAD1B2590E1366FA" [HKLM] . (.ASUS USB Charger Plus.) -- C:\Windows\Installer\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}\_853F67D554F05449430E7E.exe =>.ASUSTeK
O90 - PUC: "6070B4C9A9F9FB744B71A011F15CB240" [HKLM] . (.ASUS Device Activation.) -- C:\WINDOWS\Installer\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}\MyIcon =>.ASUSTeK
O90 - PUC: "62DBF9290209B993A9A757D1160F9B24" [HKLM] . (.Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005.) =>.Microsoft Corporation
O90 - PUC: "67215F7AF1EEF10468E984D89B207C7E" [HKLM] . (.Intel(R) Rapid Storage Technology.) =>.Intel Corporation
O90 - PUC: "67D6ECF5CD5FBA732B8B22BAC8DE1B4D" [HKLM] . (.Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161.) =>.Microsoft Corporation
O90 - PUC: "6B37E7A340A3DE9418E1CC937FAEE243" [HKLM] . (.ASUS Battery Health Charging.) -- C:\Windows\Installer\{3A7E73B6-3A04-49ED-811E-CC39F7EA2E34}\_853F67D554F05449430E7E.exe =>.ASUSTeK
O90 - PUC: "6B3C552F350F295439524398B85FBE64" [HKLM] . (.Intel® Trusted Connect Service Client.) =>.Intel Corporation
O90 - PUC: "6E815EB96CCE9A53884E7857C57002F0" [HKLM] . (.Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161.) =>.Microsoft Corporation
O90 - PUC: "6E8D947A316B3EB3F8F540C548BE2AB9" [HKLM] . (.Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005.) =>.Microsoft Corporation
O90 - PUC: "7170C33F40E85BE4098C74222178BDF4" [HKLM] . (.Kaspersky Secure Connection.) -- C:\WINDOWS\Installer\{F33C0717-8E04-4EB5-90C8-47221287DB4F}\arp.ico =>.Kaspersky Labs
O90 - PUC: "75B373813CF4A1B4593B7A5ECD5A777F" [HKLM] . (.Qualcomm Atheros Setup.) -- C:\Windows\Installer\{18373B57-4FC3-4B1A-95B3-A7E5DCA577F7}\ARPPRODUCTICON.exe =>.Atheros
O90 - PUC: "76E045AFC590B1A479ABD445D7CEA94F" [HKLM] . (.ASUS Live Update.) -- C:\Windows\Installer\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}\MyIcon2 =>.ASUSTeK
O90 - PUC: "8C79BDEA1E8135047BDD6BE659132B70" [HKLM] . (.Intel(R) Serial IO.) =>.Intel Corporation
O90 - PUC: "914E81674219C6E4A94F84A7D6ED1C5C" [HKLM] . (.ASUS PTP Driver.) -- C:\Windows\Installer\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}\_853F67D554F05449430E7E.exe =>.ASUSTeK
O90 - PUC: "A089CE062ADB6BC44A720BA745894BAC" [HKLM] . (.Google Update Helper.) =>.Google Inc.
O90 - PUC: "B3311AB1A7C10A14C8FBB999E3362D69" [HKLM] . (.osrss.) =>.Microsoft Corporation
O90 - PUC: "c1c4f01781cc94c4c8fb1542c0981a2a" [HKLM] . (.Microsoft Visual C++ 2005 Redistributable.) =>.Microsoft Corporation
O90 - PUC: "CA4ECB96275917232ABF4932DB3AA634" [HKLM] . (.Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215.) =>.Microsoft Corporation
O90 - PUC: "CFD2C1F142D260E3CB8B271543DA9F98" [HKLM] . (.Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.) =>.Microsoft Corporation
O90 - PUC: "D0546450B6D6D77418EF9434E67BE62D" [HKLM] . (.Intel(R) Management Engine Components.) =>.Intel Corporation
O90 - PUC: "E19212F84440D1B49B9F34077AE343D6" [HKLM] . (.WinFlash.) -- C:\Windows\Installer\{8F21291E-0444-4B1D-B9F9-4370A73E346D}\MyIcon =>.ASUSTeK
O90 - PUC: "E339C5BAD7C503D43B41C9384AB949EB" [HKLM] . (.ATK Package.) -- C:\Windows\Installer\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}\_6FEFF9B68218417F98F549.exe =>.ASUSTeK
O90 - PUC: "E3A06536924A91841AF56E835FA2EA2B" [HKLM] . (.Microsoft VC++ redistributables repacked..) =>.Microsoft Corporation
O90 - PUC: "EE7B900551A832A44B40513ED120AD76" [HKLM] . (.Update for Windows 10 for x64-based Systems (KB4023057).) =>.Microsoft Corporation
O90 - PUC: "EFEE0228DC83E77358593193D847A0EC" [HKLM] . (.Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17.) =>.Microsoft Corporation
O90 - PUC: "F25269583ACF33345847FBC0A6F8A2B7" [HKLM] . (.ASUS ZenAnywhere.) -- C:\Windows\Installer\{8596252F-FCA3-4333-8574-BF0C6A8F2A7B}\ZenAnywhere.exe =>.ASUSTeK
O90 - PUC: "FF16EAA5E858E3548B3F496481419957" [HKLM] . (.Kaspersky Internet Security.) -- C:\WINDOWS\Installer\{5AAE61FF-858E-453E-B8F3-944618149975}\arp.ico =>.Kaspersky Labs

---\\ Windows Installer Scan (29) - 6s
[MD5.D6A720E94843DC29FB00C566BC9DA481] [WIS][2016/12/05 22:07:46] (.Intel Corporation - Intel(R) Management Engine Components.) -- C:\WINDOWS\Installer\10722.msi [2867200] =>.Intel Corporation
[MD5.CEBD63488D2D88D5B7C2441DB57CC264] [WIS][2016/12/05 22:07:08] (.Intel Corporation - Microsoft VC++ redistributables repacked..) -- C:\WINDOWS\Installer\10726.msi [12795904] =>.Intel Corporation
[MD5.298DF1D8CF9FFE47E3E5F976DD49D6EA] [WIS][2016/12/05 22:07:16] (.Intel Corporation - Microsoft VC++ redistributables repacked..) -- C:\WINDOWS\Installer\1072a.msi [14249984] =>.Intel Corporation
[MD5.7A377A39368537929981078D67E670AE] [WIS][2016/12/05 22:07:38] (.Intel Corporation - Intel(R) Management Engine Components.) -- C:\WINDOWS\Installer\1072e.msi [5058431] =>.Intel Corporation
[MD5.9DD194E77197A5F3BF54FB4C2B4D74A5] [WIS][2016/11/08 12:22:14] (.Intel Corporation - Intel(R) Trusted Connect Service Client.) -- C:\WINDOWS\Installer\10732.msi [11124736] =>.Intel Corporation
[MD5.893A8E496E7B77BA43AEF906FA28C546] [WIS][2016/08/18 05:25:16] (.Alcor Micro Corp..) -- C:\WINDOWS\Installer\10736.msi [1403392] =>.Alcor Micro Corp.
[MD5.A53D0B5B6D06C7D52F63A3BF2D36F17A] [WIS][2016/12/20 06:02:36] (.ASUS.) -- C:\WINDOWS\Installer\1073c.msi [336384] =>.ASUS
[MD5.BE121BA690705FD3027A5BBDB1CE2F1E] [WIS][2017/09/29 17:03:36] (.InstallShield.) -- C:\WINDOWS\Installer\10740.msi [13464064] =>.InstallShield
[MD5.A1CF71EF171E7052073AC2C05C16EB18] [WIS][2017/09/29 17:04:08] (.InstallShield.) -- C:\WINDOWS\Installer\10752.msi [33552384] =>.InstallShield
[MD5.18672F2C13DCC306815D36D1C8FA2249] [WIS][2016/10/05 09:44:34] (.ASUS.) -- C:\WINDOWS\Installer\10756.msi [12066816] =>.ASUS
[MD5.873FEA83879C166227FA4D2C2BCAE681] [WIS][2017/01/06 04:02:12] (.Intel Corporation - Intel(R) Rapid Storage Technology.) -- C:\WINDOWS\Installer\10b97.msi [3035136] =>.Intel Corporation
[MD5.50EA7A4D9481B12A97070942F474D918] [WIS][2018/06/02 23:21:27] (.Google Inc. - Google Update Helper.) -- C:\WINDOWS\Installer\119b07.msi [40960] =>.Google Inc.
[MD5.ABBF1987391F56BAD77284EA0763E8CF] [WIS][2016/10/04 05:16:02] (.Intel Corporation - Intel(R) Chipset Device Software.) -- C:\WINDOWS\Installer\11ee0.msi [737280] =>.Intel Corporation
[MD5.B075A4795181868EE6580E013CB67B91] [WIS][2017/04/26 11:16:38] (.ASUS.) -- C:\WINDOWS\Installer\122bc.msi [6455296] =>.ASUS
[MD5.5B30FEE72BCDCDEB25354952CDDDB9AB] [WIS][2018/05/17 09:14:14] (.Orbweb Inc. - ASUS ZenAnywhere.) -- C:\WINDOWS\Installer\1ada8f.msi [3090432] =>.Orbweb Inc.
[MD5.8128CD9DBF237B3CF3FAC714BB976F84] [WIS][2016/10/12 17:23:46] (.ASUS.) -- C:\WINDOWS\Installer\1c774.msi [10849280] =>.ASUS
[MD5.A5C50145FE76EEB10FD371549BFC8DB6] [WIS][2018/06/05 17:31:30] (.ASUSTeK COMPUTER INC..) -- C:\WINDOWS\Installer\3d0701b.msi [1292800] =>.ASUSTeK COMPUTER INC.
[MD5.93E6437395784E31464DAFDB84D3058E] [WIS][2016/11/09 07:04:32] (.ASUSTek COMPUTER INC. - Device Setup.) -- C:\WINDOWS\Installer\558fa.msi [3300864] =>.ASUSTek COMPUTER INC.
[MD5.4D04BD6863F82CE0365280E8C50AE178] [WIS][2015/06/03 09:33:56] (.Macrovision Corporation.) -- C:\WINDOWS\Installer\5ea85.msi [459776] =>.Macrovision Corporation
[MD5.D01A3FA5BC3A0D9798A042E4EB5ECFEA] [WIS][2015/06/09 06:04:14] (.Macrovision Corporation.) -- C:\WINDOWS\Installer\5ea89.msi [504832] =>.Macrovision Corporation
[MD5.7979E244D4FF17FC25A87841DFC46CEC] [WIS][2018/06/11 18:17:25] (.Kaspersky Lab - Kaspersky Internet Security.) -- C:\WINDOWS\Installer\6c7ca.msi [11100160] =>.Kaspersky Lab
[MD5.F8DD7FFFF89C1864C0906DDBCEF5AAAE] [WIS][2018/06/11 18:23:20] (.Kaspersky Lab - Kaspersky Secure Connection.) -- C:\WINDOWS\Installer\6c7cf.msi [9453568] =>.Kaspersky Lab
[MD5.D22BB4DC490DACC6BFAE2581B7AB19A9] [WIS][2016/08/01 09:31:14] (.ASUSTeK COMPUTER INC..) -- C:\WINDOWS\Installer\cae4.msi [1644544] =>.ASUSTeK COMPUTER INC.
[MD5.EE1600A724750DFAF667199DE143C2C2] [WIS][2017/09/29 17:11:26] (.ICEpower a/s - AudioWizard.) -- C:\WINDOWS\Installer\d40c.msi [6595584] =>.ICEpower a/s
[MD5.D39DA56AEBEF60D0C283A834E0F7FCE1] [WIS][2016/11/14 10:52:02] (.ASUS.) -- C:\WINDOWS\Installer\d410.msi [10000896] =>.ASUS
[MD5.3BA31C1CB4372CF068D8E18210DC8A7E] [WIS][2016/08/01 05:39:54] (.ASUS.) -- C:\WINDOWS\Installer\ed70.msi [4300800] =>.ASUS
[MD5.7BC3EB21050A6A19465F55D674A402E1] [WIS][2016/10/31 12:31:46] (.Intel Corporation - Intel(R) Serial IO.) -- C:\WINDOWS\Installer\fe48.msi [2576384] =>.Intel Corporation
[MD5.BDD814128A73CC48D0F7386E1536D1D3] [WIS][2018/06/11 18:32:38] (.Kaspersky Lab.) -- C:\WINDOWS\Installer\6c7d4.msp [53248] =>.Kaspersky Lab
[MD5.62FCFD32A396FE4FA327499AFA790DCE] [WIS][2018/06/11 18:33:09] (.Kaspersky Lab.) -- C:\WINDOWS\Installer\6c7d9.msp [17260544] =>.Kaspersky Lab

---\\ FEATURE CONTROLE. (195) - 0s
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]:infopath.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]:UNPUXHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]:PDR12.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]:msoasb.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]:SAPfewgsrv.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]:SAPGUI.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]:SAPGuiIT.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]:SAPLgPad.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]:SAPLOGON.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]:Scale_for_R3.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]:ieuser.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]:YahooMusicEngine.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]:devenv.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]:dexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]:helppane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]:msfeedssync.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]:msiexec.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]:cs.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]:waol.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]:wm.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]:helppane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]:wlmail.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]:mshta.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]:outlook.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]:sidebar.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]:communicator.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]:msimn.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]:winmail.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]:msimn.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]:outlook.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]:winmail.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]:infopath.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]:excel.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]:powerpnt.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]:winword.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]:HelpPane.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_ENABLE_HTTP2]:msoasb.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]:msn.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]:VSTOInstaller.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]:explorer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]:iexplore.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]:PresentationHost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]:prevhost.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]:wmplayer.exe =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]:OSPPREARM.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]:LICLUA.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]:OSE.EXE =>.Legitimate
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]:VSTOInstaller.exe =>.Legitimate

---\\ Additional Scan (O88) (27) - 2s
HKLM\SYSTEM\CurrentControlSet\Services\KMS-R@1n =>HackTool.WinActivator
C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64CoreSingleLanguage =>HackTool.WinActivator
C:\Program Files (x86)\fasst =>PUP.Optional.FAssistant
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 =>.SUP.Orphan
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>.SUP.Orphan
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 =>.SUP.Orphan
[HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:{DB9B47C8-5890-4844-97E8-E452EB86AA86} =>HackTool.WinActivator
[HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:{D1F1D298-E0FD-4007-BDBE-16BD3E2C2F78} =>HackTool.WinActivator
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\003 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\004 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\005 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\006 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\007 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\009 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\010 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\011 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\012 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\013 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\014 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\015 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\016 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\017 =>.SUP.Temporary.Chrome
C:\Users\شعس\AppData\Local\Google\Chrome\User Data\Default\File System\018 =>.SUP.Temporary.Chrome

---\\ Summary of the elements found (6) - 0s
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.ICLoader
https://nicolascoolman.eu/2018/06/11/pup-optional-fassistant/ =>PUP.Optional.FAssistant
https://nicolascoolman.eu/2017/09/12/origine-lignes-orphelines/ =>.SUP.Orphan
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome

~ Unselected Options: O82,
~ End of the scan, 7645 items in 02mn42s (1464)(0)