~ Report of ZHPDiag v2015.6.16.57 - Nicolas Coolman (6/16/2015) ~ Launched by Rovasoa Niriniaina (6/17/2015 6:22:14 ROVASOA) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Web forum address : http://www.forum.nicolascoolman.fr ~ Translated by ~ Version State : Updated version. ~ White List : Deactivate by user ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\\ Internet browsers MSIE: Internet Explorer v11.0.9600.17801 MFIE: Mozilla Firefox 38.0.5 (Defaut) ---\\ Windows product information ~ Langage: Anglais Windows Server License Manager Script : OK ---\\ System protection software Avast Internet Security v10.2.2218 Ad-Aware Web Companion v1.1.980.2014 Windows Defender W8 (Deactivate) ---\\ System optimization software ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Flash Player 11 ActiveX & Plugin 64-bit Adobe Flash Player 9 ActiveX Adobe Reader 9.3 - Français ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3991.4 MB (37% free) System Restore: Activé (Enable) System drive C: has 81 GB (40%) free of 201 GB ---\\ Connection to the system mode ~ Computer Name: ROVASOA ~ User Name: Rovasoa Niriniaina ~ All Users Names: Rovasoa Niriniaina, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Rovasoa Niriniaina\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Rovasoa Niriniaina\AppData\Roaming\ ~ %Desktop% : C:\Users\Rovasoa Niriniaina\Desktop\ ~ %Favorites% : C:\Users\Rovasoa Niriniaina\Favorites\ ~ %LocalAppData% : C:\Users\Rovasoa Niriniaina\AppData\Local\ ~ %StartMenu% : C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 81 Go of 201 Go) D: Hard drive, Flash drive, Thumb drive (Free 28 Go of 265 Go) E: CD-ROM drive (Not Inserted) F: CD-ROM drive (Not Inserted) G: CD-ROM drive (Not Inserted) H: Floppy drive, Flash card reader, USB Key (Free 4 Go of 7 Go) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: 46 Scanned in VAmn OAs ---\\ Search Generic System Files [MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.1/28/2015 - 12:47:12 ROVASOA.) -- C:\Windows\Explorer.exe [2501368] [MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.10/29/2014 - 2:25:54 ROVASOA.) -- C:\Windows\System32\Wininit.exe [145920] [MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.4/21/2015 - 4:27:25 ROVASOA.) -- C:\Windows\System32\wininet.dll [2352128] [MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.10/29/2014 - 2:22:52 ROVASOA.) -- C:\Windows\System32\Winlogon.exe [572416] [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.12/21/2013 - 9:54:07 ROVASOA.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.5/30/2014 - 4:03:03 ROVASOA.) -- C:\Windows\system32\Drivers\AFD.sys [563200] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.8/22/2013 - 1:43:41 ROVASOA.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.8/22/2013 - 12:40:15 ROVASOA.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.8/22/2013 - 9:46:35 ROVASOA.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.3/6/2014 - 10:22:50 ROVASOA.) -- C:\Windows\system32\Drivers\DfsC.sys [134144] [MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.7/24/2014 - 12:45:39 ROVASOA.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800] [MD5.D887446F3F6051C60C26F4FD1FC8D43F] - (.Microsoft Corporation - Pilote de port i8042.) (.10/7/2014 - 4:29:50 ROVASOA.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.11/27/2013 - 1:02:29 ROVASOA.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.10/8/2014 - 8:32:10 ROVASOA.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.8/22/2013 - 12:37:02 ROVASOA.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/15/2014 - 9:32:37 ROVASOA.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.8/22/2013 - 12:40:02 ROVASOA.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.8/22/2013 - 12:35:51 ROVASOA.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.8/22/2013 - 11:26:13 ROVASOA.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.8/22/2013 - 2:25:35 ROVASOA.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.6/19/2014 - 3:13:36 ROVASOA.) -- C:\Windows\system32\Drivers\volsnap.sys [310080] ~ Generic Processes: Scanned in VAmn OAs ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes musiques (My Musics) : 1/119 ~ Mes Videos (My Videos) : 1/86 ~ Mes Favoris (My Favorites) : 1/3 ~ Mes Documents (My Documents) : 1/3263 ~ Mon Bureau (My Desktop) : 1/703 ~ Menu demarrer (Programs) : 1/49 ~ Hidden Files: Scanned in VAmn OAs ---\\ Process running [MD5.6536D8570B2CDEF6BE313CF1CE3C613F] - (.No owner - ASP.) -- C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [8465704] [PID.3288] =>PUP.AdvancedSystemProtector [MD5.C8A0145CA371A09BB46136FD722C8549] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [238160] [PID.3388] [MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.5756] [MD5.3F63F9C37038D314356F0CBD59415A11] - (.No owner - Application MFC hyperappel.) -- C:\Program Files (x86)\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [237568] [PID.6512] [MD5.E2310ECEAA1E0DE0EE8FE32C7BAB3422] - (.L'Aventure Multimedia - Dictionnaire MediaDICO pour Windows.) -- C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\MediaDico38.exe [281088] [PID.6616] [MD5.7EE59B279195A49F17D0CEC42AA28CFD] - (.ISSENDIS - No Comment.) -- C:\Program Files (x86)\OFFICE ONE6.0\OFFICE One Clock\ooneclockv65.exe [257536] [PID.6624] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.6688] [MD5.FB3784D0A806A85952199E0FFCBEE06B] - (.L'Aventure Multimedia - Reconnaissance Automatique de Caractères.) -- C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\RAC38.exe [200792] [PID.6784] [MD5.65C6AA484AD2287D20541C7735989437] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496] [PID.6792] [MD5.F0EA603E7B91046CA48EA4B3593A007D] - (.Micro Application - No Comment.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe [485376] [PID.6800] [MD5.3DDE61DF866B70543A953C77765D8EDC] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [337432] [PID.6812] [MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.6976] [MD5.923FE895B22B22A9CA03C72F3D15CE20] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.2276] [MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8218112] [PID.7352] ~ Processes Running: Scanned in VAmn OAs ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Rovasoa Niriniaina\AppData\Roaming\Mozilla\Firefox\Profiles\6nrlpipk.default\prefs.js C:\Users\Rovasoa Niriniaina\AppData\Roaming\Mozilla\Firefox\Profiles\mteietq8.default\prefs.js M3 - MFPP: Plugins - [Rovasoa Niriniaina] -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\Mozilla\Firefox\Profiles\6nrlpipk.default\searchplugins\WebSearch.xml M0 - MFSP: prefs.js [Rovasoa Niriniaina - mteietq8.default] http://www.google.fr M2 - MFEP: prefs.js [Rovasoa Niriniaina - 6nrlpipk.default\{b9615918-d3de-44a4-ab65-76df7ea1f1c1}] [] ProfilePassword-Firefox v0.3.19 (..) M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] {b9615918-d3de-44a4-ab65-76df7ea1f1c1} M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] filtersetg@updater M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] foxmarks@kei.com M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] snaplinks@snaplinks.net M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] {77b819fa-95ad-4f2c-ac7c-486b356188a9} M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] {b9615918-d3de-44a4-ab65-76df7ea1f1c1}.xpi M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] {b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi =>.Adblock Plus Extension Mozilla Firefox M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] {DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi M2 - MFEP: Extension [Rovasoa Niriniaina - 6nrlpipk.default] {e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi M2 - MFEP: prefs.js [Rovasoa Niriniaina - mteietq8.default\snaplinks@snaplinks.net] [] Snap Links (EladKarako Mod) v0.0.7.1 (..) M2 - MFEP: prefs.js [Rovasoa Niriniaina - mteietq8.default\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}] [] Gmail Notifier v0.6.3.8 (..) M2 - MFEP: prefs.js [Rovasoa Niriniaina - mteietq8.default\{77b819fa-95ad-4f2c-ac7c-486b356188a9}] [] IE Tab v4.0.20130422.1-signed (..) M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] {b9615918-d3de-44a4-ab65-76df7ea1f1c1} M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] filtersetg@updater M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] foxmarks@kei.com M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] snaplinks@snaplinks.net M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] {77b819fa-95ad-4f2c-ac7c-486b356188a9} M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] {b9615918-d3de-44a4-ab65-76df7ea1f1c1}.xpi M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] {b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi =>.Adblock Plus Extension Mozilla Firefox M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] {DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi M2 - MFEP: Extension [Rovasoa Niriniaina - mteietq8.default] {e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\amazon-france.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\bing.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\cnrtl-tlfi-fr.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\eBay-france.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wikipedia-fr.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo-france.xml P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll ~ Firefox Browser: 47 Scanned in VAmn OAs ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (11.00.9600.17728 (winblue_r9.150312-1720)) -- C:\Windows\SysWOW64\ieframe.dll R3 - URLSearchHook: (no name) [64Bits] - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) ~ IE Browser: 17 Scanned in VAmn OAs ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in VAmn OAs ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in VAmn OAs ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in VAmn OAs ---\\ Browser Helper Objects (O2) O2 - BHO: ContributeBHO Class [64Bits] - {074C1DC5-9320-4A9A-947D-C042949C6216} . (.Adobe Systems Incorporated. - Contribute IE Plugin.) -- C:\Program Files (x86)\Adobe\\Adobe Contribute CS3\contributeieplugin.dll O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) [64Bits] - {30F9B915-B755-4826-820B-08FBA6BD249D} Orphan key O2 - BHO: (no name) [64Bits] - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} Orphan key O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.dll O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.Avast Software s.r.o. - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper [64Bits] - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: DVDVideoSoft.WebPageAdjuster [64Bits] - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Orphan key O2 - BHO: (no name) [64Bits] - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Orphan key ~ BHO: 16 Scanned in VAmn OAs ---\\ Other User Links (O4) O4 - GS\Desktop [Public]: Advanced System~Protector.lnk . (...) -- C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector O4 - GS\Desktop [Public]: RegClean Pro.lnk . (...) -- C:\Program Files (x86)\RCP\RegCleanPro.exe =>Rogue.RegistryPowerCleaner O4 - GS\Desktop [Rovasoa Niriniaina]: FLV-Media-Player.lnk . (.HYBRIDWEB.de - FLV-Media-Player.) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Installer\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}\DesktopIcon.exe =>Adware.ADON ~ Global Startup: 3 Scanned in VAmn OAs ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [RtsCM] . (.Realtek Semiconductor Corp. - Realtek Camera Man.) -- C:\Windows\RTSCM64.exe O4 - HKLM\..\Run: [KeyLemon LemonScreen] . (.KeyLemon - Locks the session with face recognition.) -- C:\Program Files\KeyLemon\KLLockEngine.exe O4 - HKLM\..\Run: [KeyLemon Updater] . (.KeyLemon - KeyLemon Updater.) -- C:\Program Files\KeyLemon\KLUpdater.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Software Informer] . (.Informer Technologies, Inc. - Software Informer.) -- C:\Program Files\Software Informer\softinfo.exe O4 - HKCU\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - No Comment.) -- C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe O4 - HKLM\..\Wow6432Node\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe =>.Elaborate Bytes AG O4 - HKLM\..\Wow6432Node\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe_ID0EYTHM] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe =>.Adobe Systems Incorporated O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm®Atheros® - Extension Core.) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKUS\S-1-5-21-844386363-1422757463-2713201600-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-844386363-1422757463-2713201600-1001\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKUS\S-1-5-21-844386363-1422757463-2713201600-1001\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-21-844386363-1422757463-2713201600-1001\..\Run: [Software Informer] . (.Informer Technologies, Inc. - Software Informer.) -- C:\Program Files\Software Informer\softinfo.exe O4 - HKUS\S-1-5-21-844386363-1422757463-2713201600-1001\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - No Comment.) -- C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe ~ Application: Scanned in VAmn OAs ---\\ IE Options icon not visible in Control Panel (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ IE Control Panel: 1 Scanned in VAmn OAs ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation ~ IE Extra Buttons: Scanned in VAmn OAs ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\WINDOWS\system32\napinsp.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\WINDOWS\system32\pnrpnsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\WINDOWS\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\WINDOWS\system32\NLAapi.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll =>.Microsoft Corporation O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Computer, Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll ~ Winsock: 7 Scanned in VAmn OAs ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{16E56881-D2DA-4C81-A313-5BB42C3A05F9}: NameServer = 209.244.0.3 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{377FBF71-2E49-4F71-BDA4-14F78BD5C443}: NameServer = 209.244.0.3 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{436BE313-E79B-452E-A8D9-92646D18E3E7}: NameServer = 192.168.2.17,8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{D85C517C-A48B-4079-BC17-C5B78EA48B62}: NameServer = 209.244.0.3 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{16E56881-D2DA-4C81-A313-5BB42C3A05F9}: DhcpNameServer = 209.244.0.3 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{C197FBE7-BF5B-496D-9CB6-80D57077777C}: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CS1\Services\Tcpip\..\{16E56881-D2DA-4C81-A313-5BB42C3A05F9}: NameServer = 209.244.0.3 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{377FBF71-2E49-4F71-BDA4-14F78BD5C443}: NameServer = 209.244.0.3 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{436BE313-E79B-452E-A8D9-92646D18E3E7}: NameServer = 192.168.2.17,8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{D85C517C-A48B-4079-BC17-C5B78EA48B62}: NameServer = 209.244.0.3 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{16E56881-D2DA-4C81-A313-5BB42C3A05F9}: DhcpNameServer = 209.244.0.3 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{C197FBE7-BF5B-496D-9CB6-80D57077777C}: DhcpNameServer = 192.168.1.1 0.0.0.0 ~ Domain: Scanned in VAmn OAs ---\\ Extra protocols (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in VAmn OAs ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ SSODL: 1 Scanned in VAmn OAs ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: Autodesk Content Service (Autodesk Content Service) . (.Autodesk, Inc. - Content Service.) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Avast Antivirus (avast! Antivirus) . (.Avast Software s.r.o. - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall (avast! Firewall) . (.Avast Software s.r.o. - avast! firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) . (.Apple Computer, Inc. - Bonjour Service.) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\Windows\System32\igfxCUIService.exe O23 - Service: Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: LavasoftTcpService (LavasoftTcpService) . (.Lavasoft Limited - No Comment.) - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe =>Adware.Graftor O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Intel(R) Local Management Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MobiConnect. OUC (MobiConnect. RunOuc) . (...) - C:\Program Files (x86)\MobiConnect\UpdateDog\ouc.exe O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor - Realtek Audio Service.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: SynTPEnh Caller Service (SynTPEnhService) . (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: VNC Server Version 4 (WinVNC4) . (.RealVNC Ltd. - VNC Server Enterprise Edition for Win32.) - C:\Program Files\RealVNC\VNC4\WinVNC4.exe ~ Services: 20 Scanned in VAmn OAs ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Desktop Component: 4 Scanned in VAmn OAs ---\\ BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ BEX: 1 Scanned in VAmn OAs ---\\ Task Planned Automatically (039) [MD5.2B2B817A248F7D795891AF55FB0BA31B] [APT] [Advanced System~Protector] (...) -- C:\Program Files (x86)\ASP\AspManager.exe [477480] =>PUP.AdvancedSystemProtector [MD5.6536D8570B2CDEF6BE313CF1CE3C613F] [APT] [Advanced System~Protector_startup] (...) -- C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe [8465704] =>PUP.AdvancedSystemProtector [MD5.0ED398A4D031B9CFB10E3FEDF97AD836] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS.exe [614400] =>Hacktool.AutoKMS [MD5.10B201CC8EBFC96C0F20BC2BF3BF2144] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe [977600] =>PUA.KMSpico [MD5.C50B830CA9BCD63754928CD6C0E2B114] [APT] [avast! Emergency Update] (.Avast Software s.r.o..) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [1298688] [MD5.923FE895B22B22A9CA03C72F3D15CE20] [APT] [avastBCLRestart_firefox.exe] (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [MD5.00000000000000000000000000000000] [APT] [MirageAgent] (...) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (.not file.) [0] [MD5.E547B124E91CFB267603B16804C6932F] [APT] [RegClean Pro] (...) -- C:\Program Files (x86)\RCP\RegCleanPro.exe [8732952] =>Rogue.RegistryPowerCleaner [MD5.E547B124E91CFB267603B16804C6932F] [APT] [RegClean Pro_DEFAULT] (...) -- C:\Program Files (x86)\RCP\RegCleanPro.exe [8732952] =>Rogue.RegistryPowerCleaner [MD5.E547B124E91CFB267603B16804C6932F] [APT] [RegClean Pro_UPDATES] (...) -- C:\Program Files (x86)\RCP\RegCleanPro.exe [8732952] =>Rogue.RegistryPowerCleaner [MD5.FB992EA627DCBD0D3972E7BC7D4EC388] [APT] [RtHDVBg] (.Realtek Semiconductor.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472] [MD5.A2E02F2AB6E59932165EA0EB217C6E6F] [APT] [RTKCPL] (.Realtek Semiconductor.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7659736] [MD5.BE5F9C72E9994D403FE5BFA9BC39AE14] [APT] [SoftwareInformerService] (.Informer Technologies, Inc..) -- C:\Program Files\Software Informer\softinfo.exe [1536000] [MD5.92A80F5EB8FB3B821175A031B3D0B976] [APT] [{3B719921-3486-4A8A-A21C-529392A71260}] (.Power Software Ltd.) -- C:\Program Files (x86)\PowerISO\PowerISO.exe [2782744] [MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984] O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [242] =>Hacktool.AutoKMS O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [242] =>Hacktool.AutoKMS O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1088] O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1088] O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1092] O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1092] O39 - APT: RegClean Pro_DEFAULT - (...) -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job [300] =>Rogue.RegistryPowerCleaner O39 - APT: RegClean Pro_DEFAULT - (...) -- C:\Windows\System32\Tasks\RegClean Pro_DEFAULT [300] =>Rogue.RegistryPowerCleaner O39 - APT: RegClean Pro_UPDATES - (...) -- C:\Windows\Tasks\RegClean Pro_UPDATES.job [308] =>Rogue.RegistryPowerCleaner O39 - APT: RegClean Pro_UPDATES - (...) -- C:\Windows\System32\Tasks\RegClean Pro_UPDATES [308] =>Rogue.RegistryPowerCleaner ~ Scheduled Task: 24 Scanned in VAmn OAs ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Disable SSL3 [64Bits] - {7D715857-A67C-4C2F-A929-038448584D63} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\WINDOWS\System32\ie4uinit.exe O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll ~ Active Setup: 10 Scanned in VAmn OAs ---\\ Drivers launched at startup (O41) O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: C:\Windows\System32\drivers\ahcache.sys (ahcache) . (.Microsoft Corporation - Application Compatibility Cache.) - C:\Windows\System32\DRIVERS\ahcache.sys O41 - Driver: (aswKbd) . (.Avast Software s.r.o. - avast! Keyboard Filter Driver.) - C:\Windows\system32\drivers\aswKbd.sys O41 - Driver: (aswRdr) . (.Avast Software s.r.o. - avast! WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys O41 - Driver: (aswSnx) . (.Avast Software s.r.o. - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys O41 - Driver: (aswSP) . (.Avast Software s.r.o. - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows x64 I/O driver.) - C:\Windows\System32\Drivers\ElbyCDIO.sys O41 - Driver: (ISODrive) . (.EZB Systems, Inc. - ISO CD-ROM Device Driver.) - C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: (vncmirror) . (.RealVNC Ltd. - VNC Mirror Miniport.) - C:\Windows\system32\DRIVERS\vncmirror.sys O41 - Driver: C:\Windows\System32\drivers\vwififlt.sys (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys O41 - Driver: Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (ws2ifsl) . (.Microsoft Corporation - Couche IFS Winsock2.) - C:\Windows\system32\drivers\ws2ifsl.sys ~ Drivers: 52 Scanned in VAmn OAs ---\\ Software installed (O42) O42 - Logiciel: 7-Zip 9.20 (x64 edition) - (.Igor Pavlov.) [HKLM][64Bits] -- {23170F69-40C1-2702-0920-000001000000} O42 - Logiciel: AHV content for Acrobat and Flash - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} O42 - Logiciel: Ad-Aware Web Companion - (.Lavasoft.) [HKLM][64Bits] -- {65972064-0C2B-4710-A3F8-825F26636993} O42 - Logiciel: Adobe After Effects CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {EB0202F7-016A-410C-ADE4-40F848CCC661} O42 - Logiciel: Adobe After Effects CS3 Presets - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285} O42 - Logiciel: Adobe After Effects CS3 Third Party Content - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe_3675c95c239b992d5d0ee8fce969b9e O42 - Logiciel: Adobe After Effects CS3 Third Party Content - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {7ECEF10B-F1C2-4FD5-861F-A3FCB4653304} O42 - Logiciel: Adobe Anchor Service CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {90176341-0A8B-4CCC-A78D-F862228A6B95} O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} O42 - Logiciel: Adobe Bridge CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {9C9824D9-9000-4373-A6A5-D0E5D4831394} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {08B32819-6EEF-4057-AEDA-5AB681A36A23} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe BridgeTalk Plugin CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe CMaps - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {A2B242BD-FF8D-4840-9DAA-9170EABEC59C} O42 - Logiciel: Adobe Camera Raw 4.0 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} O42 - Logiciel: Adobe Color - Photoshop Specific - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {A2D81E70-2A98-4A08-A628-94388B063C5E} O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} O42 - Logiciel: Adobe Color EU Recommended Settings - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {73B5D990-04EA-4751-B10F-5534770B91F2} O42 - Logiciel: Adobe Color JA Extra Settings - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} O42 - Logiciel: Adobe Color NA Extra Settings - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} O42 - Logiciel: Adobe Contribute CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {F84ADE4E-9220-4324-994D-801EDD9DD251} O42 - Logiciel: Adobe Creative Suite 3 Master Collection - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {5D2398DF-3022-4820-93BA-F1175FBEA9CA} O42 - Logiciel: Adobe Default Language CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {B9B35331-B7E4-4E5C-BF4C-7BC87856124D} O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {8D2BA474-F406-4710-9AE4-D4F22D21F0DD} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Dreamweaver CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {4BDB76C6-902E-41D5-9064-68768E02886B} O42 - Logiciel: Adobe Encore CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {54B2EAD9-A110-43F7-B010-2859A1BD2AFE} O42 - Logiciel: Adobe Encore CS3 Codecs - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931} O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {C2D69781-F392-4118-A5A7-C7E9C38DBFC2} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Extension Manager CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {BE5F3842-8309-4754-92D5-83E02E6077A3} O42 - Logiciel: Adobe Fireworks CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {21C4D775-368A-46C4-8DC3-4207165B7115} O42 - Logiciel: Adobe Flash CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {80FD3971-8482-49C8-BA8C-B6464A15882F} O42 - Logiciel: Adobe Flash Player 11 ActiveX & Plugin 64-bit - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 9 ActiveX - (.Adobe Systems, Inc..) [HKLM][64Bits] -- {BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} O42 - Logiciel: Adobe Flash Player 9 Plugin - (.Adobe Systems, Inc..) [HKLM][64Bits] -- {88D422DB-E9C7-4E16-9D80-2999F4FD6AD9} O42 - Logiciel: Adobe Flash Video Encoder - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E} O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {6ABE0BEE-D572-4FE8-B434-9E72A289431B} O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {7ACFB90E-8FD0-4397-AD3A-5195412623A3} O42 - Logiciel: Adobe Illustrator CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {6E08CE13-C2AB-4749-9335-5900B958929E} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe InDesign CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {FE8327F9-3AC1-4586-8C7E-3DEE2BC92441} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe InDesign CS3 Icon Handler - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {EA7B3CC4-366D-4CF6-8350-FD7A7034116E} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {54793AA1-5001-42F4-ABB6-C364617C6078} O42 - Logiciel: Adobe MotionPicture Color Files - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {6B708481-748A-4EB4-97C1-CD386244FF77} O42 - Logiciel: Adobe PDF Library Files - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {D2559B88-CC9D-4B48-81BB-F492BAA9C48C} O42 - Logiciel: Adobe Photoshop CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {C1FA4B3B-1625-4922-9C9D-780E8FCE161A} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Premiere Pro CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA} O42 - Logiciel: Adobe Premiere Pro CS3 Functional Content - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {50F102CA-4BE2-41A9-9810-5BB05EB91B9A} O42 - Logiciel: Adobe Premiere Pro CS3 Third Party Content - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {485ACF57-F364-440A-8496-E1E81C8FA1AA} O42 - Logiciel: Adobe Reader 9.3 - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A93000000001} O42 - Logiciel: Adobe SING CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {B671CBFD-4109-4D35-9252-3062D3CCB7B2} O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {004685F7-9FB6-4789-812F-59ABB34A55AF} O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0} O42 - Logiciel: Adobe Shockwave Player 11.6 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player O42 - Logiciel: Adobe Soundbooth CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {A6B23EFA-6590-482C-A11F-5ACE1B91F5B9} O42 - Logiciel: Adobe Soundbooth CS3 Codecs - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {0327FA9D-975C-448C-A086-577D57BB25B8} O42 - Logiciel: Adobe Stock Photos CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {29E5EA97-5F74-4A57-B8B2-D4F169117183} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Type Support - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {8E6808E2-613D-4FCD-81A2-6C8FA8E03312} O42 - Logiciel: Adobe Update Manager CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {E69AE897-9E0B-485C-8552-7841F48D42D8} O42 - Logiciel: Adobe Version Cue CS3 Client - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {D0DFF92A-492E-4C40-B862-A74A173C25C5} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Version Cue CS3 Server - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {1D58229F-C505-45CA-8223-F35F3A34B963} =>.Adobe Systems Incorporated O42 - Logiciel: Adobe Video Profiles - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {845A8DB9-8802-4FD3-9FE3-938A6C46A2EC} O42 - Logiciel: Adobe WAS CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {C5BD220A-EFE8-48A5-B70E-9503D535FACE} O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {184CE391-7E0E-4C63-9935-D7A10EDFD3C6} O42 - Logiciel: Adobe XMP DVA Panels CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {0224CACC-994D-45F8-B973-D65056EA9C2F} O42 - Logiciel: Adobe XMP Panels CS3 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {D5A31AB1-345D-47C7-A87B-036A669F6DF1} O42 - Logiciel: Advanced-System Protector - (.systweak.com.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1 =>PUP.AdvancedSystemProtector O42 - Logiciel: AirDroid Notifier - (...) [HKLM][64Bits] -- {AD11DADE-C597-45D9-D8C5-1D2EB0B89613} O42 - Logiciel: Ajouter ou supprimer Adobe Creative Suite 3 Master Collection - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe_b5d5789539ea1f004a4defceea74312 O42 - Logiciel: Analyseur et SDK MSXML 4.0 SP2 - (.Microsoft Corporation.) [HKLM][64Bits] -- {716E0306-8318-4364-8B8F-0CC4E9376BAC} O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM][64Bits] -- {F5266D28-E0B2-4130-BFC5-EE155AD514DC} O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc O42 - Logiciel: ArchiCAD 17 INT - (.GRAPHISOFT.) [HKLM][64Bits] -- 001FFF2FFF17FF00FF0701F01F02F000-R1 O42 - Logiciel: Audacity 1.3.14 (Unicode) - (.Audacity Team.) [HKLM][64Bits] -- Audacity 1.3 Beta (Unicode)_is1 O42 - Logiciel: AutoCAD 2007 - English - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-5001-0409-0002-0060B0CE6BBA} O42 - Logiciel: AutoCAD Architecture 2014 - Français (French) - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-D004-0000-0102-0060B0CE6BBA} O42 - Logiciel: Autodesk 360 - (.Autodesk.) [HKLM][64Bits] -- {52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B} O42 - Logiciel: Autodesk App Manager - (.Autodesk.) [HKLM][64Bits] -- {C070121A-C8C5-4D52-9A7D-D240631BD433} O42 - Logiciel: Autodesk AutoCAD Architecture 2014 - Français (French) - (.Autodesk.) [HKLM][64Bits] -- AutoCAD Architecture 2014 - Français (French) O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] -- Autodesk Content Service O42 - Logiciel: Autodesk Content Service Language Pack - (.Autodesk.) [HKLM][64Bits] -- {62F029AB-85F2-0001-866A-9FC0DD99DDBC} O42 - Logiciel: Autodesk DWF Viewer - (.Autodesk, Inc..) [HKLM][64Bits] -- Autodesk DWF Viewer O42 - Logiciel: Autodesk Featured Apps - (.Autodesk.) [HKLM][64Bits] -- {F732FEDA-7713-4428-934B-EF83B8DD65D0} O42 - Logiciel: Autodesk Material Library 2014 - (.Autodesk.) [HKLM][64Bits] -- {644F9B19-A462-499C-BF4D-300ABC2A28B1} O42 - Logiciel: Autodesk Material Library Base Resolution Image Library 2014 - (.Autodesk.) [HKLM][64Bits] -- {51BF3210-B825-4092-8E0D-66D689916E02} O42 - Logiciel: Autodesk ReCap - (.Autodesk.) [HKLM][64Bits] -- Autodesk ReCap O42 - Logiciel: Autodesk Robot Structural Analysis Professional 2014 - (.Autodesk, Inc..) [HKLM][64Bits] -- Autodesk Robot Structural Analysis Professional 2014 O42 - Logiciel: Avast Internet Security - (.AVAST Software.) [HKLM][64Bits] -- Avast O42 - Logiciel: BibleWorks 6 - (...) [HKLM][64Bits] -- {F5CD130F-5789-4D38-8762-FFBEBA896805} O42 - Logiciel: Cain & Abel 4.9.56 - (...) [HKLM][64Bits] -- Cain & Abel 4.9.56 O42 - Logiciel: CamStudio version 2.7 - (.CamStudio Open Source.) [HKLM][64Bits] -- {04B83666-3A62-452B-85D3-70F8117F2329}_is1 O42 - Logiciel: Capturino version 2.5 - (.Capturino Software - Jean-Paul Bellenger.) [HKLM][64Bits] -- {0B8D7877-0178-4782-818A-0498F2E33BCC}_is1 O42 - Logiciel: CodeBlocks - (.The Code::Blocks Team.) [HKCU][64Bits] -- CodeBlocks O42 - Logiciel: CodeMeter Runtime Kit v5.00a - (.WIBU-SYSTEMS AG.) [HKLM][64Bits] -- {44DDBAF6-3F9C-483D-97FA-303B2DE181E6} O42 - Logiciel: Conduit Engine - (.Conduit Ltd..) [HKLM][64Bits] -- conduitEngine =>Toolbar.Conduit O42 - Logiciel: Conjugaison - (.homework.) [HKLM][64Bits] -- {057AA4D8-559F-42B1-98A0-508303834B2E} O42 - Logiciel: ConvertHelper 3.1.1 - (.DownloadHelper.) [HKLM][64Bits] -- {27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1 O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D} O42 - Logiciel: Dev-C++ 5 beta 9 release (4.9.9.2) - (...) [HKLM][64Bits] -- Dev-C++ O42 - Logiciel: Dictionary version 2.1 - (.7tech Limited.) [HKLM][64Bits] -- Dic7tech_is1 O42 - Logiciel: ETABS 9 - (.Computers and Structures.) [HKLM][64Bits] -- {D47BD22B-769F-4CAB-B40E-D1F53B4020E6} O42 - Logiciel: EZDownloader - (.EZDownloader.) [HKLM][64Bits] -- {0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 O42 - Logiciel: Energy Star - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7} O42 - Logiciel: Etude de la Bible - (...) [HKLM][64Bits] -- Etude de la Bible O42 - Logiciel: EzerKb - (.Ezer IT Consulting.) [HKLM][64Bits] -- {5AB2D033-2CAF-42DA-9B2D-1AE26021A4EA} O42 - Logiciel: FARO LS 1.1.501.0 (64bit) - (.FARO Scanner Production.) [HKLM][64Bits] -- {8A470330-70B2-49AD-86AF-79885EF9898A} O42 - Logiciel: FLV-Media-Player - (.HYBRIDWEB.de.) [HKLM][64Bits] -- {AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA} O42 - Logiciel: FormatFactory 2.60 - (.Free Time.) [HKLM][64Bits] -- FormatFactory O42 - Logiciel: Fraps - (...) [HKLM][64Bits] -- Fraps O42 - Logiciel: Free YouTube Download version 3.2.14.1022 - (.DVDVideoSoft Ltd..) [HKLM][64Bits] -- Free YouTube Download_is1 O42 - Logiciel: GOM Audio - (.Gretech Corporation.) [HKLM][64Bits] -- GomAudio O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Guitar Pro 5.2 - (.Arobas Music.) [HKLM][64Bits] -- Guitar Pro 5_is1 O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM][64Bits] -- {8C1ADF61-4F87-44BC-804C-C20FC70D98BB} O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A} O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {B5E06417-A4AC-4225-B36E-7E34C91616E7} O42 - Logiciel: Java 7 Update 21 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217021FF} O42 - Logiciel: Java SE Development Kit 8 Update 25 (64-bit) - (.Oracle Corporation.) [HKLM][64Bits] -- {64A3A4F4-B792-11D6-A78A-00B0D0180250} O42 - Logiciel: Jeux du Dictionnaire - (.Micro Application.) [HKLM][64Bits] -- {AB254D00-D5D7-493B-922C-9E673848EFB5} O42 - Logiciel: KMSpico v9.2.3 - (...) [HKLM][64Bits] -- KMSpico_is1 =>PUA.KMSpico O42 - Logiciel: KeyLemon - (.KeyLemon Solutions S.A..) [HKLM][64Bits] -- KeyLemon O42 - Logiciel: LauncherMA - (.Micro Application.) [HKLM][64Bits] -- {C06EFB22-B5DB-46C5-9215-BCB5C19C0858} O42 - Logiciel: LavasoftTcpService - (.Lavasoft.) [HKLM][64Bits] -- {90CF05DE-735F-42AB-A52A-F447FDFBE207} =>Adware.Graftor O42 - Logiciel: Macromedia Flash Player 8 - (.Macromedia.) [HKLM][64Bits] -- ShockwaveFlash O42 - Logiciel: Micro Application - 38 Dictionnaires et Recueils de Correspondance - (...) [HKLM][64Bits] -- {B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0} O42 - Logiciel: MobiConnect - (.Huawei Technologies Co.,Ltd.) [HKLM][64Bits] -- MobiConnect O42 - Logiciel: Mozilla Firefox 38.0.5 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 38.0.5 (x86 fr) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService O42 - Logiciel: Nero 8 - (.Nero AG.) [HKLM][64Bits] -- {5E6EC4DD-7B1F-4E10-82B9-EA1B90791036} O42 - Logiciel: Notepad++ - (.Notepad++ Team.) [HKLM][64Bits] -- Notepad++ O42 - Logiciel: OFFICE One Clock 6.5 - (.ISSENDIS.) [HKLM][64Bits] -- OFFICE One Clock 6.5 O42 - Logiciel: OpenVPN 2.3.4-I605 - (...) [HKLM][64Bits] -- OpenVPN O42 - Logiciel: PDF Settings - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} O42 - Logiciel: Petit Larousse 2009 - (...) [HKLM][64Bits] -- {422FADA9-FED2-41D7-B5FA-472BB98B7784} O42 - Logiciel: PowerISO - (.Power Software Ltd.) [HKLM][64Bits] -- PowerISO O42 - Logiciel: PriceMinus - (...) [HKLM][64Bits] -- {06B99631-BFA2-3B7A-F58B-D067C2BA59B7} =>PUP.PriceMinus O42 - Logiciel: Qualcomm Atheros WLAN and Bluetooth Client Installation Program - (.Qualcomm Atheros.) [HKLM][64Bits] -- {28006915-2739-4EBE-B5E8-49B25D32EB33} O42 - Logiciel: QuickTime Alternative 3.2.2 - (...) [HKLM][64Bits] -- QuicktimeAlt_is1 O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: RegClean-Pro - (.systweak.com.) [HKLM][64Bits] -- RegClean-Pro_is1 =>Rogue.RegistryPowerCleaner O42 - Logiciel: Robot Expert v.17.0 - (...) [HKLM][64Bits] -- {06347192-28A4-4145-87A6-5A801233B98D} O42 - Logiciel: SWF & FLV Player 3.0 (build 3.0.33.5106) - (.Eltima Software.) [HKLM][64Bits] -- SWF & FLV Player_is1 O42 - Logiciel: SketchUp 2013 - (.Trimble Navigation Limited.) [HKLM][64Bits] -- {F277FA87-FCE4-49A3-B745-B82FB29ED8A4} O42 - Logiciel: SketchUp 2015 - (.Trimble Navigation Limited.) [HKLM][64Bits] -- {37B47810-E821-4B53-B3D2-3DB1F2084B7E} O42 - Logiciel: SketchUp Import for AutoCAD 2014 - (.Autodesk.) [HKLM][64Bits] -- {644E9589-F73A-49A4-AC61-A953B9DE5669} O42 - Logiciel: Skype™ 7.5 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7} O42 - Logiciel: Softonic France FF Toolbar - (.Softonic France FF.) [HKLM][64Bits] -- Softonic_France_FF Toolbar =>Adware.FFToolBar O42 - Logiciel: Software Informer 1.4.1273.0 - (.Informer Technologies, Inc..) [HKLM][64Bits] -- Software Informer_is1 O42 - Logiciel: Sony Media Manager 2.2 - (.Sony.) [HKLM][64Bits] -- {38E1CA6C-2121-4B5C-A3A5-0B0003794EFF} O42 - Logiciel: Sony Vegas 7.0 - (.Sony.) [HKLM][64Bits] -- {8411FA28-D32D-4518-92F0-3FBD80A702BC} O42 - Logiciel: SuperCopier2 - (...) [HKLM][64Bits] -- SuperCopier2 O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey O42 - Logiciel: TAP-Windows 9.21.0 - (...) [HKLM][64Bits] -- TAP-Windows O42 - Logiciel: Tests de QI et Mémoire - (...) [HKLM][64Bits] -- {A164036A-722E-41CB-A1C1-3C3825A575D6} O42 - Logiciel: Tipp Top 4.0 - (...) [HKLM][64Bits] -- {7087A5CE-60AB-4C14-A4D9-5F1AAA699E97} O42 - Logiciel: Total Video Converter 3.11 070908 - (.EffectMatrix Inc..) [HKLM][64Bits] -- Total Video Converter 3.11_is1 O42 - Logiciel: USB Video Device - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {E0A7ED39-8CD6-4351-93C3-69CCA00D12B4} O42 - Logiciel: UltraISO Premium V8.6 - (...) [HKLM][64Bits] -- UltraISO_is1 O42 - Logiciel: Update for Japanese Microsoft IME Postal Code Dictionary - (.Microsoft Corporation.) [HKLM][64Bits] -- {15015752-9990-4516-A2B1-93823281FB8E} O42 - Logiciel: Update for Japanese Microsoft IME Standard Extended Dictionary - (.Microsoft Corporation.) [HKLM][64Bits] -- {78CE66A9-85AF-4BD8-8FB7-35B5F3846C00} O42 - Logiciel: VCRedistSetup - (.Nero AG.) [HKLM][64Bits] -- {3921A67A-5AB1-4E48-9444-C71814CF3027} O42 - Logiciel: VLC media player 2.1.3 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN O42 - Logiciel: VNC Enterprise Edition E4.5.4 - (.RealVNC Ltd..) [HKLM][64Bits] -- RealVNC_is1 O42 - Logiciel: VNC Mirror Driver 1.8.0 - (.RealVNC Ltd..) [HKLM][64Bits] -- VNCMirror_is1 O42 - Logiciel: VNC Printer Driver 1.6.0 - (.RealVNC Ltd..) [HKLM][64Bits] -- VNCPrinter_is1 O42 - Logiciel: VirtualCloneDrive - (.Elaborate Bytes.) [HKLM][64Bits] -- VirtualCloneDrive O42 - Logiciel: WinPcap 4.1.3 - (.Riverbed Technology, Inc..) [HKLM][64Bits] -- WinPcapInst O42 - Logiciel: WinRAR 5.21 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver O42 - Logiciel: WinRAR archiver - (...) [HKLM][64Bits] -- WinRAR archiver O42 - Logiciel: bestadblocker - (...) [HKLM][64Bits] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507} =>PUP.Adblocker O42 - Logiciel: i686-4.9.2-posix-dwarf-rt_v4-rev2 - (.MinGW-W64.) [HKLM][64Bits] -- i686-4.9.2-posix-dwarf-rt_v4-rev2 O42 - Logiciel: neroxml - (.Nero AG.) [HKLM][64Bits] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726} ~ Logic: 95 Scanned in VAmn OAs ---\\ HKCU & HKLM Software Keys [HKCU\Software\7-Zip] [HKCU\Software\AVAST Software] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\JavaSoft] [HKCU\Software\AppDataLow\Software\Softonic_France_FF] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Software\conduitEngine] =>Toolbar.Conduit [HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit [HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Apple Inc.] [HKCU\Software\Atheros] [HKCU\Software\Audacity] [HKCU\Software\Autodesk] [HKCU\Software\BugSplat] [HKCU\Software\Cain] [HKCU\Software\CamStudioOpenSource for Nick] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\Clubic] [HKCU\Software\CyberLink] [HKCU\Software\DVDVideoSoft] [HKCU\Software\Dictionary] [HKCU\Software\DownloadManager] [HKCU\Software\EasyBoot Systems] [HKCU\Software\Elaborate Bytes] [HKCU\Software\Fraps3] [HKCU\Software\FreeTime] [HKCU\Software\GNU] [HKCU\Software\GRAPHISOFT] [HKCU\Software\GRETECH] [HKCU\Software\Gabest] [HKCU\Software\Geomedia SA] [HKCU\Software\Google] [HKCU\Software\HYBRIDWEB.de] [HKCU\Software\Haali] [HKCU\Software\IM Providers] [HKCU\Software\Informer Technologies, Inc.] [HKCU\Software\Intel] [HKCU\Software\JMJLogiciels] [HKCU\Software\JavaSoft] [HKCU\Software\KeyLemon] [HKCU\Software\LAventure] [HKCU\Software\Licenses] [HKCU\Software\Lockdir] [HKCU\Software\LogMeInRescueCallingCard] [HKCU\Software\MOVDLTool] [HKCU\Software\Macromedia] [HKCU\Software\MainConcept (Adobe2)] [HKCU\Software\MainConcept] [HKCU\Software\Mine] [HKCU\Software\Minnetonka Audio Software] [HKCU\Software\Mozilla] [HKCU\Software\Necrosoft] [HKCU\Software\Nero] [HKCU\Software\Netscape] [HKCU\Software\Nilings] [HKCU\Software\ODBC] [HKCU\Software\Policies] [HKCU\Software\PowerISO] [HKCU\Software\P®O Group] [HKCU\Software\RealVNC] [HKCU\Software\Realtek] [HKCU\Software\Reg] [HKCU\Software\RegisteredApplications] [HKCU\Software\RoboBAT] [HKCU\Software\SFX TEAM] [HKCU\Software\SMADΔV] [HKCU\Software\SWiSHzone.com] [HKCU\Software\SketchUp] [HKCU\Software\Skype] [HKCU\Software\Sony Media Software] [HKCU\Software\Spiral Monkey] [HKCU\Software\Synaptics] [HKCU\Software\TechSmith] [HKCU\Software\TeleCharger] [HKCU\Software\Trolltech] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\WIBU-SYSTEMS] [HKCU\Software\WebApp] [HKCU\Software\Webshots] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Wow6432Node] [HKCU\Software\ZebHelpProcess Helper] [HKCU\Software\homework] [HKCU\Software\systweak] [HKLM\Software\7-Zip] [HKLM\Software\Atheros] [HKLM\Software\Audible] [HKLM\Software\Autodesk] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\DVDVideoSoft] [HKLM\Software\Google] [HKLM\Software\Huawei technologies] [HKLM\Software\IM Providers] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\Khronos] [HKLM\Software\Macromedia] [HKLM\Software\Macrovision] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\Policies] [HKLM\Software\RealVNC] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SRS Labs] [HKLM\Software\SketchUp] [HKLM\Software\Synaptics] [HKLM\Software\WIBU-SYSTEMS] [HKLM\Software\WinRAR] [HKLM\Software\Wow6432Node\ATHEROS] [HKLM\Software\Wow6432Node\AVAST Software] [HKLM\Software\Wow6432Node\Adobe] [HKLM\Software\Wow6432Node\Ahead] [HKLM\Software\Wow6432Node\AppDataLow] [HKLM\Software\Wow6432Node\Apple Computer, Inc.] [HKLM\Software\Wow6432Node\Apple Inc.] [HKLM\Software\Wow6432Node\Arobas Music] [HKLM\Software\Wow6432Node\Audible] [HKLM\Software\Wow6432Node\Autodesk] [HKLM\Software\Wow6432Node\AviSynth] [HKLM\Software\Wow6432Node\BibleWorks] [HKLM\Software\Wow6432Node\Borland] [HKLM\Software\Wow6432Node\CDDB] [HKLM\Software\Wow6432Node\Classes] [HKLM\Software\Wow6432Node\Clients] [HKLM\Software\Wow6432Node\Computers and Structures, Inc.] [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Crystal Decisions] [HKLM\Software\Wow6432Node\CyberLink] [HKLM\Software\Wow6432Node\DATA BECKER] [HKLM\Software\Wow6432Node\DVDVideoSoft] [HKLM\Software\Wow6432Node\DownloadHelper] [HKLM\Software\Wow6432Node\EasyBoot Systems] [HKLM\Software\Wow6432Node\Eidos Interactive] [HKLM\Software\Wow6432Node\Elaborate Bytes] [HKLM\Software\Wow6432Node\FastStone Soft] [HKLM\Software\Wow6432Node\Freemake] [HKLM\Software\Wow6432Node\GNU] [HKLM\Software\Wow6432Node\GRETECH] [HKLM\Software\Wow6432Node\Geomedia SA] [HKLM\Software\Wow6432Node\Google] [HKLM\Software\Wow6432Node\HaaliMkx] [HKLM\Software\Wow6432Node\Havas Interactive] [HKLM\Software\Wow6432Node\Hewlett-Packard] [HKLM\Software\Wow6432Node\HighCriteria] [HKLM\Software\Wow6432Node\Huawei technologies] [HKLM\Software\Wow6432Node\IM Providers] [HKLM\Software\Wow6432Node\InstallShield] [HKLM\Software\Wow6432Node\Intel] [HKLM\Software\Wow6432Node\Internet Download Manager] [HKLM\Software\Wow6432Node\JavaSoft] [HKLM\Software\Wow6432Node\Khronos] [HKLM\Software\Wow6432Node\LAventure] [HKLM\Software\Wow6432Node\Larousse] [HKLM\Software\Wow6432Node\Lavasoft] [HKLM\Software\Wow6432Node\Licenses] [HKLM\Software\Wow6432Node\LogMeInRescueCallingCard] [HKLM\Software\Wow6432Node\MAXSOFT-OCRON] [HKLM\Software\Wow6432Node\Macromedia] [HKLM\Software\Wow6432Node\Macrovision] [HKLM\Software\Wow6432Node\Micro Application] [HKLM\Software\Wow6432Node\Minnetonka Audio Software] [HKLM\Software\Wow6432Node\MozillaPlugins] [HKLM\Software\Wow6432Node\Mozilla] [HKLM\Software\Wow6432Node\Nero] [HKLM\Software\Wow6432Node\Nuance] [HKLM\Software\Wow6432Node\ODBC] [HKLM\Software\Wow6432Node\OpenVPN-GUI] [HKLM\Software\Wow6432Node\Policies] [HKLM\Software\Wow6432Node\QTAlternative] [HKLM\Software\Wow6432Node\Qualcomm Atheros WLAN and Bluetooth Client Installation Program] [HKLM\Software\Wow6432Node\RealVNC] [HKLM\Software\Wow6432Node\Reg] [HKLM\Software\Wow6432Node\RegisteredApplications] [HKLM\Software\Wow6432Node\RoboBAT] [HKLM\Software\Wow6432Node\Seagate Software] [HKLM\Software\Wow6432Node\SketchUp] [HKLM\Software\Wow6432Node\Skype] [HKLM\Software\Wow6432Node\Softonic_France_FF] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Sony Media Software] [HKLM\Software\Wow6432Node\Spiral Monkey] [HKLM\Software\Wow6432Node\Synthetic Aperture] [HKLM\Software\Wow6432Node\Systweak] [HKLM\Software\Wow6432Node\TG Byte Software] [HKLM\Software\Wow6432Node\VST] [HKLM\Software\Wow6432Node\VideoLAN] [HKLM\Software\Wow6432Node\Volatile] [HKLM\Software\Wow6432Node\WIBU-SYSTEMS] [HKLM\Software\Wow6432Node\WexTech Systems] [HKLM\Software\Wow6432Node\WinPcap] [HKLM\Software\Wow6432Node\homework] [HKLM\Software\Wow6432Node\iTinySoft] [HKLM\Software\Wow6432Node\mozilla.org] [HKLM\Software\Wow6432Node] ~ Key Software: 483 Scanned in VAmn OAs ---\\ Contents of the Common Files folders (O43) O43 - CFD: 6/7/2015 - 2:26:30 ROVASOA - [] ----D C:\Program Files (x86)\Adobe O43 - CFD: 5/22/2015 - 10:54:52 ROVASOA - [] ----D C:\Program Files (x86)\AirDroid Notifier O43 - CFD: 5/9/2015 - 9:13:08 ROVASOA - [] ----D C:\Program Files (x86)\AnswerWorks 4.0 O43 - CFD: 4/19/2015 - 2:46:45 ROVASOA - [] ----D C:\Program Files (x86)\Apple Software Update =>.Apple Inc O43 - CFD: 6/11/2015 - 4:58:16 ROVASOA - [] ----D C:\Program Files (x86)\ASP O43 - CFD: 4/19/2015 - 9:58:44 ROVASOA - [] ----D C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) O43 - CFD: 5/9/2015 - 9:13:34 ROVASOA - [] ----D C:\Program Files (x86)\AutoCAD 2007 O43 - CFD: 5/9/2015 - 9:09:44 ROVASOA - [] ----D C:\Program Files (x86)\Autodesk O43 - CFD: 5/22/2015 - 10:54:50 ROVASOA - [] ----D C:\Program Files (x86)\bestadblocker =>PUP.Adblocker O43 - CFD: 5/4/2015 - 9:04:47 ROVASOA - [] ----D C:\Program Files (x86)\BibleWorks 6 O43 - CFD: 5/4/2015 - 8:55:17 ROVASOA - [] ----D C:\Program Files (x86)\Bibliquest O43 - CFD: 6/7/2015 - 2:03:12 ROVASOA - [] ----D C:\Program Files (x86)\Bonjour O43 - CFD: 6/7/2015 - 1:47:54 ROVASOA - [] ----D C:\Program Files (x86)\Cain O43 - CFD: 6/5/2015 - 6:47:41 ROVASOA - [] ----D C:\Program Files (x86)\CamStudio 2.7 O43 - CFD: 6/5/2015 - 5:43:55 ROVASOA - [] ----D C:\Program Files (x86)\CapturinoV25 O43 - CFD: 5/22/2015 - 1:59:33 ROVASOA - [] ----D C:\Program Files (x86)\CodeBlocks O43 - CFD: 4/19/2015 - 2:49:24 ROVASOA - [] ----D C:\Program Files (x86)\CodeMeter O43 - CFD: 6/12/2015 - 8:21:02 ROVASOA - [] ----D C:\Program Files (x86)\Common Files O43 - CFD: 5/15/2015 - 8:25:51 ROVASOA - [] ----D C:\Program Files (x86)\Computers and Structures O43 - CFD: 5/4/2015 - 1:07:41 ROVASOA - [] ----D C:\Program Files (x86)\Conduit O43 - CFD: 5/4/2015 - 1:07:40 ROVASOA - [] ----D C:\Program Files (x86)\ConduitEngine =>Toolbar.Conduit O43 - CFD: 5/17/2015 - 11:20:01 ROVASOA - [] ----D C:\Program Files (x86)\Conjugaison O43 - CFD: 5/4/2015 - 11:44:47 ROVASOA - [] ----D C:\Program Files (x86)\CyberLink O43 - CFD: 6/12/2015 - 8:21:00 ROVASOA - [] ----D C:\Program Files (x86)\DATA BECKER O43 - CFD: 5/4/2015 - 12:59:00 ROVASOA - [] ----D C:\Program Files (x86)\Dictionary O43 - CFD: 5/4/2015 - 11:12:41 ROVASOA - [] ----D C:\Program Files (x86)\directx O43 - CFD: 5/1/2015 - 12:54:07 ROVASOA - [] ----D C:\Program Files (x86)\DVDVideoSoft O43 - CFD: 5/4/2015 - 10:16:37 ROVASOA - [] ----D C:\Program Files (x86)\Elaborate Bytes O43 - CFD: 6/4/2015 - 5:34:21 ROVASOA - [] ----D C:\Program Files (x86)\Eltima Software O43 - CFD: 5/22/2015 - 11:08:14 ROVASOA - [] ----D C:\Program Files (x86)\EZDownloader O43 - CFD: 5/4/2015 - 1:02:10 ROVASOA - [] ----D C:\Program Files (x86)\Ezer IT Consulting O43 - CFD: 6/4/2015 - 5:38:28 ROVASOA - [] ----D C:\Program Files (x86)\FLV-Media-Player O43 - CFD: 5/14/2015 - 3:21:45 ROVASOA - [0] ----D C:\Program Files (x86)\Freemake O43 - CFD: 5/4/2015 - 1:03:38 ROVASOA - [] ----D C:\Program Files (x86)\FreeTime O43 - CFD: 5/2/2015 - 8:47:52 ROVASOA - [] ----D C:\Program Files (x86)\Geomedia SA O43 - CFD: 5/4/2015 - 1:10:32 ROVASOA - [] ----D C:\Program Files (x86)\Google O43 - CFD: 4/20/2015 - 10:47:56 ROVASOA - [] ----D C:\Program Files (x86)\Grand Theft Auto III O43 - CFD: 4/20/2015 - 10:50:31 ROVASOA - [] ----D C:\Program Files (x86)\Grand Theft Auto San Andreas O43 - CFD: 4/20/2015 - 5:38:39 ROVASOA - [] ----D C:\Program Files (x86)\Grand Theft Auto Vice City O43 - CFD: 5/4/2015 - 1:10:11 ROVASOA - [] ----D C:\Program Files (x86)\GRETECH O43 - CFD: 5/4/2015 - 10:09:01 ROVASOA - [] ----D C:\Program Files (x86)\Guitar Pro 5 O43 - CFD: 5/4/2015 - 12:15:58 ROVASOA - [] ----D C:\Program Files (x86)\Hewlett-Packard O43 - CFD: 6/12/2015 - 8:21:00 ROVASOA - [] --H-D C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 4/19/2015 - 9:33:40 ROVASOA - [] ----D C:\Program Files (x86)\Intel O43 - CFD: 5/30/2015 - 12:54:11 ROVASOA - [] ----D C:\Program Files (x86)\Internet Download Manager O43 - CFD: 5/29/2015 - 3:58:51 ROVASOA - [] ----D C:\Program Files (x86)\Internet Explorer O43 - CFD: 4/19/2015 - 2:27:19 ROVASOA - [] ----D C:\Program Files (x86)\Java O43 - CFD: 5/4/2015 - 11:12:42 ROVASOA - [] ----D C:\Program Files (x86)\Larousse O43 - CFD: 5/1/2015 - 1:27:29 ROVASOA - [] ----D C:\Program Files (x86)\Lavasoft O43 - CFD: 6/12/2015 - 8:18:15 ROVASOA - [] ----D C:\Program Files (x86)\Micro Application O43 - CFD: 4/26/2015 - 10:03:57 ROVASOA - [] ----D C:\Program Files (x86)\Microsoft Analysis Services O43 - CFD: 5/9/2015 - 9:13:09 ROVASOA - [] ----D C:\Program Files (x86)\Microsoft Office O43 - CFD: 6/7/2015 - 12:46:32 ROVASOA - [] ----D C:\Program Files (x86)\Microsoft SQL Server O43 - CFD: 5/9/2015 - 8:34:59 ROVASOA - [] ----D C:\Program Files (x86)\Microsoft Visual Studio .NET 2003 O43 - CFD: 4/26/2015 - 10:04:54 ROVASOA - [] ----D C:\Program Files (x86)\Microsoft Visual Studio 8 O43 - CFD: 4/26/2015 - 10:06:06 ROVASOA - [] ----D C:\Program Files (x86)\Microsoft.NET O43 - CFD: 5/22/2015 - 12:18:35 ROVASOA - [] ----D C:\Program Files (x86)\mingw-w64 O43 - CFD: 5/15/2015 - 1:17:25 ROVASOA - [] ----D C:\Program Files (x86)\MobiConnect O43 - CFD: 6/5/2015 - 3:46:50 ROVASOA - [] ----D C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 6/5/2015 - 3:46:51 ROVASOA - [] ----D C:\Program Files (x86)\Mozilla Maintenance Service O43 - CFD: 5/1/2015 - 4:59:40 ROVASOA - [] ----D C:\Program Files (x86)\MSBuild O43 - CFD: 5/4/2015 - 11:12:23 ROVASOA - [0] ----D C:\Program Files (x86)\MSXML 4.0 O43 - CFD: 6/1/2015 - 6:18:08 ROVASOA - [] ----D C:\Program Files (x86)\Nero O43 - CFD: 5/14/2015 - 3:38:00 ROVASOA - [] ----D C:\Program Files (x86)\Notepad++ O43 - CFD: 5/4/2015 - 10:18:13 ROVASOA - [] ----D C:\Program Files (x86)\OFFICE ONE6.0 O43 - CFD: 5/4/2015 - 11:10:53 ROVASOA - [] ----D C:\Program Files (x86)\OpenVPN O43 - CFD: 4/20/2015 - 5:22:16 ROVASOA - [] ----D C:\Program Files (x86)\PowerISO O43 - CFD: 5/22/2015 - 10:42:11 ROVASOA - [] ----D C:\Program Files (x86)\PriceMiinus =>PUP.PriceMinus O43 - CFD: 5/22/2015 - 10:49:19 ROVASOA - [] ----D C:\Program Files (x86)\PriceMinus =>PUP.PriceMinus O43 - CFD: 4/19/2015 - 8:11:09 ROVASOA - [] ----D C:\Program Files (x86)\Qualcomm Atheros O43 - CFD: 6/7/2015 - 2:15:19 ROVASOA - [] ----D C:\Program Files (x86)\QuickTime O43 - CFD: 5/15/2015 - 8:08:32 ROVASOA - [] ----D C:\Program Files (x86)\QuickTime Alternative O43 - CFD: 6/5/2015 - 5:43:37 ROVASOA - [] ----D C:\Program Files (x86)\RCP O43 - CFD: 5/1/2015 - 4:59:40 ROVASOA - [] ----D C:\Program Files (x86)\Reference Assemblies O43 - CFD: 5/15/2015 - 8:37:06 ROVASOA - [] ----D C:\Program Files (x86)\Robot Office O43 - CFD: 5/3/2015 - 12:26:59 ROVASOA - [] ----D C:\Program Files (x86)\SketchUp O43 - CFD: 5/29/2015 - 5:39:37 ROVASOA - [] R---D C:\Program Files (x86)\Skype O43 - CFD: 5/20/2015 - 2:16:57 ROVASOA - [] ----D C:\Program Files (x86)\Smadav O43 - CFD: 5/4/2015 - 1:07:41 ROVASOA - [] ----D C:\Program Files (x86)\Softonic_France_FF =>Toolbar.Conduit O43 - CFD: 6/7/2015 - 12:45:02 ROVASOA - [] ----D C:\Program Files (x86)\Sony O43 - CFD: 6/7/2015 - 12:43:58 ROVASOA - [] ----D C:\Program Files (x86)\Sony Setup O43 - CFD: 5/4/2015 - 10:16:03 ROVASOA - [] ----D C:\Program Files (x86)\SuperCopier2 O43 - CFD: 5/4/2015 - 12:34:27 ROVASOA - [] ----D C:\Program Files (x86)\Total Video Converter O43 - CFD: 4/20/2015 - 4:30:48 ROVASOA - [] ----D C:\Program Files (x86)\UltraISO O43 - CFD: 6/7/2015 - 12:46:46 ROVASOA - [] --H-D C:\Program Files (x86)\Uninstall Information O43 - CFD: 4/20/2015 - 8:03:35 ROVASOA - [] ----D C:\Program Files (x86)\VideoLAN O43 - CFD: 6/7/2015 - 12:45:16 ROVASOA - [] ----D C:\Program Files (x86)\Vstplugins O43 - CFD: 5/6/2015 - 11:15:36 ROVASOA - [] ----D C:\Program Files (x86)\Webshots O43 - CFD: 5/29/2015 - 3:58:56 ROVASOA - [] ----D C:\Program Files (x86)\Windows Defender O43 - CFD: 5/29/2015 - 3:56:53 ROVASOA - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation O43 - CFD: 5/29/2015 - 3:56:53 ROVASOA - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation O43 - CFD: 5/29/2015 - 3:56:53 ROVASOA - [] ----D C:\Program Files (x86)\Windows Multimedia Platform O43 - CFD: 8/22/2013 - 5:36:30 ROVASOA - [] ----D C:\Program Files (x86)\Windows NT O43 - CFD: 5/29/2015 - 3:56:53 ROVASOA - [] ----D C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 5/29/2015 - 3:56:53 ROVASOA - [] ----D C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 8/22/2013 - 5:36:30 ROVASOA - [] -SH-D C:\Program Files (x86)\Windows Sidebar O43 - CFD: 8/22/2013 - 5:36:30 ROVASOA - [] ----D C:\Program Files (x86)\WindowsPowerShell O43 - CFD: 6/5/2015 - 6:17:42 ROVASOA - [] ----D C:\Program Files (x86)\WinPcap O43 - CFD: 5/4/2015 - 12:50:30 ROVASOA - [] ----D C:\Program Files (x86)\WinRAR O43 - CFD: 6/17/2015 - 6:21:16 ROVASOA - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman O43 - CFD: 6/7/2015 - 2:27:04 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 4/19/2015 - 2:46:53 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Apple O43 - CFD: 4/19/2015 - 8:10:30 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Atheros O43 - CFD: 5/15/2015 - 8:55:30 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Autodesk Shared O43 - CFD: 6/12/2015 - 8:21:02 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Borland Shared O43 - CFD: 6/7/2015 - 2:25:53 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Control Panels O43 - CFD: 5/9/2015 - 8:34:51 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Crystal Decisions O43 - CFD: 5/9/2015 - 9:13:02 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Designer O43 - CFD: 5/1/2015 - 12:54:03 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\DVDVideoSoft O43 - CFD: 4/20/2015 - 4:30:48 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\EZB Systems O43 - CFD: 5/4/2015 - 1:10:13 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Gretech Corporation O43 - CFD: 5/4/2015 - 11:32:14 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 4/19/2015 - 9:32:29 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Intel O43 - CFD: 4/19/2015 - 2:27:35 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Java O43 - CFD: 6/7/2015 - 1:59:56 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Macrovision Shared O43 - CFD: 5/22/2015 - 10:54:07 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Microsoft Shared O43 - CFD: 6/1/2015 - 6:18:40 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Nero O43 - CFD: 4/19/2015 - 8:20:24 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\postureAgent O43 - CFD: 5/15/2015 - 8:37:04 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\RoboBAT O43 - CFD: 8/22/2013 - 5:36:33 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Services O43 - CFD: 5/27/2015 - 5:59:59 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Skype O43 - CFD: 5/29/2015 - 3:56:52 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\System O43 - CFD: 5/4/2015 - 12:39:14 ROVASOA - [] ----D C:\Program Files (x86)\Common Files\Ulead Systems O43 - CFD: 5/22/2015 - 10:54:52 ROVASOA - [] ----D C:\ProgramData\747021844698302485 O43 - CFD: 6/7/2015 - 2:31:01 ROVASOA - [] ----D C:\ProgramData\Adobe O43 - CFD: 6/7/2015 - 2:24:47 ROVASOA - [0] ----D C:\ProgramData\ALM O43 - CFD: 4/19/2015 - 2:46:44 ROVASOA - [] ----D C:\ProgramData\Apple O43 - CFD: 5/15/2015 - 8:07:56 ROVASOA - [] ----D C:\ProgramData\Apple Computer O43 - CFD: 8/22/2013 - 4:45:52 ROVASOA - [] -SH-D C:\ProgramData\Application Data O43 - CFD: 5/4/2015 - 2:33:14 ROVASOA - [] ----D C:\ProgramData\Atheros O43 - CFD: 5/15/2015 - 9:02:21 ROVASOA - [] ----D C:\ProgramData\Autodesk O43 - CFD: 4/19/2015 - 9:52:34 ROVASOA - [] ----D C:\ProgramData\AVAST Software O43 - CFD: 4/19/2015 - 7:51:42 ROVASOA - [] -SH-D C:\ProgramData\Bureau O43 - CFD: 4/19/2015 - 2:49:13 ROVASOA - [] ----D C:\ProgramData\CodeMeter O43 - CFD: 5/4/2015 - 5:29:30 ROVASOA - [] ----D C:\ProgramData\CyberLink O43 - CFD: 5/15/2015 - 1:17:59 ROVASOA - [] ----D C:\ProgramData\DatacardService O43 - CFD: 8/22/2013 - 4:45:52 ROVASOA - [] -SH-D C:\ProgramData\Desktop O43 - CFD: 8/22/2013 - 4:45:52 ROVASOA - [] -SH-D C:\ProgramData\Documents O43 - CFD: 5/2/2015 - 10:59:48 ROVASOA - [] ----D C:\ProgramData\FARO O43 - CFD: 6/7/2015 - 2:31:08 ROVASOA - [] ----D C:\ProgramData\FLEXnet O43 - CFD: 5/4/2015 - 1:10:12 ROVASOA - [] ----D C:\ProgramData\GRETECH O43 - CFD: 5/30/2015 - 10:43:14 ROVASOA - [0] ----D C:\ProgramData\IDM O43 - CFD: 6/7/2015 - 7:46:22 ROVASOA - [] ----D C:\ProgramData\Informer Technologies, Inc O43 - CFD: 4/19/2015 - 8:20:51 ROVASOA - [] ----D C:\ProgramData\Intel O43 - CFD: 5/23/2015 - 1:08:00 ROVASOA - [] ----D C:\ProgramData\KeyLemon O43 - CFD: 5/1/2015 - 1:09:57 ROVASOA - [] ----D C:\ProgramData\Lavasoft O43 - CFD: 4/19/2015 - 7:51:42 ROVASOA - [] -SH-D C:\ProgramData\Menu Démarrer O43 - CFD: 5/29/2015 - 3:56:38 ROVASOA - [] -S--D C:\ProgramData\Microsoft O43 - CFD: 6/12/2015 - 2:49:25 ROVASOA - [] ----D C:\ProgramData\Microsoft Help O43 - CFD: 5/15/2015 - 1:17:30 ROVASOA - [] ----D C:\ProgramData\MobiConnect O43 - CFD: 4/19/2015 - 7:51:42 ROVASOA - [] -SH-D C:\ProgramData\Modèles O43 - CFD: 4/19/2015 - 9:57:06 ROVASOA - [] ----D C:\ProgramData\Mozilla O43 - CFD: 6/1/2015 - 6:18:09 ROVASOA - [] ----D C:\ProgramData\Nero O43 - CFD: 5/23/2015 - 1:04:36 ROVASOA - [] ----D C:\ProgramData\Package Cache O43 - CFD: 4/19/2015 - 8:09:01 ROVASOA - [] ----D C:\ProgramData\Qualcomm Atheros O43 - CFD: 5/29/2015 - 3:56:52 ROVASOA - [] ----D C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 5/3/2015 - 1:57:01 ROVASOA - [] ---AD C:\ProgramData\Reprise O43 - CFD: 5/4/2015 - 11:42:32 ROVASOA - [] ----D C:\ProgramData\Sage O43 - CFD: 5/3/2015 - 1:56:04 ROVASOA - [] ----D C:\ProgramData\SketchUp O43 - CFD: 5/29/2015 - 5:39:30 ROVASOA - [] ----D C:\ProgramData\Skype O43 - CFD: 6/7/2015 - 12:46:12 ROVASOA - [] ----D C:\ProgramData\Sony O43 - CFD: 8/22/2013 - 4:45:52 ROVASOA - [] -SH-D C:\ProgramData\Start Menu O43 - CFD: 4/19/2015 - 2:27:35 ROVASOA - [] ----D C:\ProgramData\Sun O43 - CFD: 4/19/2015 - 1:48:16 ROVASOA - [] ----D C:\ProgramData\Synaptics O43 - CFD: 6/11/2015 - 4:58:13 ROVASOA - [] ----D C:\ProgramData\Systweak O43 - CFD: 5/4/2015 - 12:13:08 ROVASOA - [] ----D C:\ProgramData\Temp O43 - CFD: 8/22/2013 - 4:45:52 ROVASOA - [] -SH-D C:\ProgramData\Templates O43 - CFD: 5/23/2015 - 10:40:23 ROVASOA - [] ----D C:\ProgramData\{33332bbf-4e55-43af-3333-32bbf4e5aefd} O43 - CFD: 5/18/2015 - 9:41:50 ROVASOA - [] ----D C:\ProgramData\{8a70c610-3289-06d1-8a70-0c6103281840} O43 - CFD: 4/21/2015 - 11:30:29 ROVASOA - [0] ----D C:\ProgramData\{e5855398-3f77-d732-e585-553983f74e60} O43 - CFD: 4/19/2015 - 8:09:50 ROVASOA - [] ----D C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701} O43 - CFD: 5/4/2015 - 11:56:55 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip O43 - CFD: 5/29/2015 - 3:58:51 ROVASOA - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 5/29/2015 - 3:58:57 ROVASOA - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 5/29/2015 - 3:58:52 ROVASOA - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 6/7/2015 - 2:26:54 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS3 O43 - CFD: 6/11/2015 - 4:58:16 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector =>PUP.AdvancedSystemProtector O43 - CFD: 5/3/2015 - 12:11:59 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD Architecture 2014 - Français (French) O43 - CFD: 5/15/2015 - 9:01:23 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk O43 - CFD: 5/2/2015 - 10:59:45 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap O43 - CFD: 5/15/2015 - 9:02:16 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Robot Structural Analysis Professional 2014 O43 - CFD: 5/30/2015 - 10:31:59 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software O43 - CFD: 5/4/2015 - 8:59:12 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BibleWorks 6 O43 - CFD: 5/4/2015 - 8:55:18 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bibliquest O43 - CFD: 5/14/2015 - 3:39:30 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++ O43 - CFD: 6/5/2015 - 6:17:27 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain O43 - CFD: 6/5/2015 - 6:47:41 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 O43 - CFD: 6/5/2015 - 5:43:58 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capturino 2.5 O43 - CFD: 5/22/2015 - 1:58:58 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks O43 - CFD: 4/19/2015 - 2:49:24 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter O43 - CFD: 5/4/2015 - 11:44:56 ROVASOA - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat O43 - CFD: 5/15/2015 - 8:26:01 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computers and Structures O43 - CFD: 6/12/2015 - 8:21:37 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER O43 - CFD: 5/4/2015 - 12:59:05 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictionary O43 - CFD: 5/4/2015 - 1:00:31 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Aquarium O43 - CFD: 5/1/2015 - 12:54:05 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft O43 - CFD: 5/4/2015 - 10:16:38 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes O43 - CFD: 6/4/2015 - 5:34:21 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eltima Software O43 - CFD: 5/3/2015 - 1:21:51 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Etude de la Bible O43 - CFD: 5/22/2015 - 11:08:14 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader O43 - CFD: 5/4/2015 - 1:02:11 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EzerKb O43 - CFD: 6/7/2015 - 10:50:31 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps O43 - CFD: 5/4/2015 - 1:10:15 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM O43 - CFD: 4/19/2015 - 2:29:11 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRAPHISOFT O43 - CFD: 5/4/2015 - 10:09:16 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5 O43 - CFD: 5/4/2015 - 12:14:51 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support O43 - CFD: 5/4/2015 - 1:15:55 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java O43 - CFD: 5/4/2015 - 1:15:55 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit O43 - CFD: 5/23/2015 - 1:05:49 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyLemon O43 - CFD: 4/19/2015 - 8:00:56 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUA.KMSpico O43 - CFD: 5/4/2015 - 11:12:41 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Larousse O43 - CFD: 5/1/2015 - 1:27:30 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft O43 - CFD: 8/22/2013 - 5:36:33 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 6/12/2015 - 8:18:17 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Micro Application O43 - CFD: 4/26/2015 - 10:07:38 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O43 - CFD: 5/15/2015 - 1:17:24 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MobiConnect O43 - CFD: 5/29/2015 - 3:42:51 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox O43 - CFD: 6/1/2015 - 6:19:52 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8 O43 - CFD: 5/14/2015 - 3:37:59 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ O43 - CFD: 5/4/2015 - 10:18:13 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OFFICE One 6.0 O43 - CFD: 5/4/2015 - 11:10:52 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN O43 - CFD: 4/20/2015 - 5:22:17 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO O43 - CFD: 5/15/2015 - 8:07:57 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime Alternative O43 - CFD: 6/7/2015 - 10:28:26 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC O43 - CFD: 6/5/2015 - 6:07:27 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner O43 - CFD: 5/15/2015 - 8:37:42 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Robot Office O43 - CFD: 4/26/2015 - 10:07:38 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint O43 - CFD: 5/3/2015 - 12:27:27 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2013 O43 - CFD: 5/3/2015 - 1:56:55 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015 O43 - CFD: 5/27/2015 - 6:00:02 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 6/7/2015 - 7:46:01 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer O43 - CFD: 6/7/2015 - 12:45:20 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony O43 - CFD: 6/7/2015 - 2:14:32 ROVASOA - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp O43 - CFD: 5/29/2015 - 3:58:51 ROVASOA - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 8/23/2013 - 12:26:22 ROVASOA - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 5/4/2015 - 11:04:41 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows O43 - CFD: 5/4/2015 - 12:34:20 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter O43 - CFD: 4/20/2015 - 4:30:49 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO O43 - CFD: 4/20/2015 - 8:03:57 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN O43 - CFD: 6/5/2015 - 6:17:42 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap O43 - CFD: 5/2/2015 - 11:17:20 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 6/17/2015 - 6:21:17 ROVASOA - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman O43 - CFD: 6/8/2015 - 12:27:49 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Adobe O43 - CFD: 4/19/2015 - 2:50:56 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Apple Computer O43 - CFD: 4/19/2015 - 8:14:21 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Atheros O43 - CFD: 6/13/2015 - 4:08:36 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Audacity O43 - CFD: 5/15/2015 - 9:41:54 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Autodesk O43 - CFD: 4/19/2015 - 9:55:02 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\AVAST Software O43 - CFD: 6/7/2015 - 12:43:14 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Capturino O43 - CFD: 6/10/2015 - 6:17:28 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\codeblocks O43 - CFD: 5/4/2015 - 5:28:03 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\CyberLink O43 - CFD: 5/14/2015 - 6:37:46 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Dev-Cpp O43 - CFD: 5/30/2015 - 10:42:56 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\DMCache O43 - CFD: 5/1/2015 - 5:02:40 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\DVDVideoSoft O43 - CFD: 6/4/2015 - 5:57:25 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Eltima Software O43 - CFD: 4/19/2015 - 3:09:27 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Graphisoft O43 - CFD: 5/4/2015 - 1:10:18 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\GRETECH O43 - CFD: 5/29/2015 - 8:29:23 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Identities O43 - CFD: 5/30/2015 - 10:42:41 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\IDM O43 - CFD: 4/19/2015 - 2:27:44 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Install.GS O43 - CFD: 5/1/2015 - 1:09:57 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Lavasoft O43 - CFD: 4/30/2015 - 9:29:06 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Macromedia O43 - CFD: 6/11/2015 - 4:58:33 ROVASOA - [] -S--D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft O43 - CFD: 5/10/2015 - 7:01:31 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Mozilla O43 - CFD: 5/14/2015 - 6:17:56 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Notepad++ O43 - CFD: 5/1/2015 - 12:53:46 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 4/19/2015 - 8:58:53 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\PowerISO O43 - CFD: 5/3/2015 - 3:48:43 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\SketchUp O43 - CFD: 6/10/2015 - 1:02:41 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Skype O43 - CFD: 5/20/2015 - 12:53:54 ROVASOA - [0] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Smadav O43 - CFD: 6/17/2015 - 6:22:54 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Software Informer O43 - CFD: 6/7/2015 - 12:46:16 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Sony O43 - CFD: 4/19/2015 - 1:48:16 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Synaptics O43 - CFD: 6/11/2015 - 4:58:19 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\systweak O43 - CFD: 6/17/2015 - 12:27:15 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\vlc O43 - CFD: 4/19/2015 - 8:27:33 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\WinRAR O43 - CFD: 6/17/2015 - 6:23:27 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\ZHP =>.Nicolas Coolman O43 - CFD: 6/7/2015 - 2:38:30 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Adobe O43 - CFD: 4/19/2015 - 2:46:47 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Apple O43 - CFD: 4/19/2015 - 7:58:03 ROVASOA - [] -SH-D C:\Users\Rovasoa Niriniaina\AppData\Local\Application Data O43 - CFD: 5/2/2015 - 8:44:52 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\ApplicationHistory O43 - CFD: 5/9/2015 - 9:12:15 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Autodesk O43 - CFD: 5/4/2015 - 2:35:14 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\BMExplorer O43 - CFD: 6/1/2015 - 11:06:51 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\cache O43 - CFD: 6/12/2015 - 6:13:47 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\CrashDumps O43 - CFD: 5/4/2015 - 5:28:02 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\CyberLink O43 - CFD: 6/8/2015 - 10:31:44 ROVASOA - [0] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Diagnostics O43 - CFD: 5/5/2015 - 11:58:28 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Dictionnaire Freelang O43 - CFD: 6/9/2015 - 8:38:28 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\ElevatedDiagnostics O43 - CFD: 6/16/2015 - 6:08:57 ROVASOA - [] -SH-D C:\Users\Rovasoa Niriniaina\AppData\Local\EmieBrowserModeList O43 - CFD: 6/16/2015 - 6:08:57 ROVASOA - [] -SH-D C:\Users\Rovasoa Niriniaina\AppData\Local\EmieSiteList O43 - CFD: 6/16/2015 - 6:08:57 ROVASOA - [] -SH-D C:\Users\Rovasoa Niriniaina\AppData\Local\EmieUserList O43 - CFD: 4/19/2015 - 9:53:22 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Google O43 - CFD: 4/19/2015 - 3:09:31 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Graphisoft O43 - CFD: 5/4/2015 - 12:14:01 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Hewlett-Packard O43 - CFD: 4/19/2015 - 7:58:04 ROVASOA - [] -SH-D C:\Users\Rovasoa Niriniaina\AppData\Local\Historique O43 - CFD: 6/17/2015 - 5:36:32 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\KeyLemon O43 - CFD: 5/1/2015 - 6:19:40 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Lavasoft O43 - CFD: 6/3/2015 - 11:48:42 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Microsoft O43 - CFD: 6/2/2015 - 1:26:59 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Microsoft Help O43 - CFD: 4/30/2015 - 11:31:38 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Mozilla O43 - CFD: 6/17/2015 - 3:32:54 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Packages O43 - CFD: 4/19/2015 - 8:00:41 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Programs O43 - CFD: 4/19/2015 - 10:01:47 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Skype O43 - CFD: 6/17/2015 - 6:21:19 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\Temp O43 - CFD: 4/19/2015 - 7:58:04 ROVASOA - [] -SH-D C:\Users\Rovasoa Niriniaina\AppData\Local\Temporary Internet Files O43 - CFD: 5/15/2015 - 1:18:15 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Local\VirtualStore O43 - CFD: 8/22/2013 - 5:36:32 ROVASOA - [] R---D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 8/22/2013 - 5:36:32 ROVASOA - [] R---D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 5/29/2015 - 8:29:26 ROVASOA - [] R---D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 5/4/2015 - 8:55:18 ROVASOA - [0] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bibliquest O43 - CFD: 6/5/2015 - 6:17:27 ROVASOA - [0] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain O43 - CFD: 5/22/2015 - 1:59:33 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks O43 - CFD: 6/4/2015 - 5:38:29 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV-Media-Player O43 - CFD: 5/4/2015 - 1:03:52 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory O43 - CFD: 5/9/2015 - 8:36:21 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Géomédia SA O43 - CFD: 5/30/2015 - 11:04:49 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 8/22/2013 - 5:36:32 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 5/22/2015 - 12:20:14 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinGW-W64 project O43 - CFD: 5/14/2015 - 3:37:58 ROVASOA - [0] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ O43 - CFD: 5/29/2015 - 8:29:26 ROVASOA - [] R---D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 5/4/2015 - 10:16:04 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperCopier2 O43 - CFD: 8/22/2013 - 5:36:32 ROVASOA - [] R---D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 5/2/2015 - 11:17:20 ROVASOA - [] ----D C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ~ Program Folder: 324 Scanned in VAmn OAs ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.B0D20C02416CE3A801DBAB972EBE7262] - 6/11/2015 - 3:58:07 ROVASOA ---A- . (...) -- C:\Windows\System32\sasnative64.exe [23336] O44 - LFC:[MD5.6CCC851608DD076C13E37737BB75A9DC] - 6/12/2015 - 1:27:30 ROVASOA ---A- . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\System32\win32k.sys [4177920] O44 - LFC:[MD5.5AFA18049BFA8D18EF3F26C0D3F4B446] - 6/12/2015 - 6:58:20 ROVASOA ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [2521016] O44 - LFC:[MD5.CBC5CAE774672F2C649D9429B46439CF] - 6/12/2015 - 7:10:48 ROVASOA ---A- . (.L'Aventure MultiMedia - Dll de Reconnaissance Automatique de Caract.) -- C:\Windows\RACHook38.dll [208992] O44 - LFC:[MD5.A673792D3A5EBC194D888638FD5B0E78] - 6/12/2015 - 7:10:48 ROVASOA ---A- . (.L'Aventure Multimedia - Dictionnaires MediaDICO.) -- C:\Windows\MediaDico38Dll.dll [2507776] O44 - LFC:[MD5.2FE13D6F0FCB01F3FC35A467A5C9FD3A] - 6/12/2015 - 7:10:48 ROVASOA ---A- . (.Structu Rise - Textract.) -- C:\Windows\MediaR38.dll [199680] O44 - LFC:[MD5.959A8293A06A680489CF1CE595D15E5A] - 6/12/2015 - 7:15:53 ROVASOA ---A- . (...) -- C:\Windows\MediaR38.ini [1982] O44 - LFC:[MD5.E4DF1016021719D26BCB0E2D45D03770] - 6/12/2015 - 7:21:37 ROVASOA ---A- . (...) -- C:\Windows\ASYM.ini [167] O44 - LFC:[MD5.BB4FEE31C8D03423E0D01C84BE3DB61C] - 6/17/2015 - 11:37:27 ROVASOA ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1909582] O44 - LFC:[MD5.04F1ADAEFC65085A7581CC28319F18E4] - 6/17/2015 - 11:37:27 ROVASOA ---A- . (...) -- C:\Windows\System32\perfc009.dat [147500] O44 - LFC:[MD5.608FD35474DBA1C6C9343641B8CDB983] - 6/17/2015 - 11:37:27 ROVASOA ---A- . (...) -- C:\Windows\System32\perfc00C.dat [174542] O44 - LFC:[MD5.C8B045ABE6669E3706ACC08AB10BB57E] - 6/17/2015 - 11:37:27 ROVASOA ---A- . (...) -- C:\Windows\System32\perfh009.dat [759520] O44 - LFC:[MD5.9C7B3DDC192BF5D180EB71A606926133] - 6/17/2015 - 11:37:27 ROVASOA ---A- . (...) -- C:\Windows\System32\perfh00C.dat [842972] O44 - LFC:[MD5.26CA47EFA7F705E79F0A78C621A14FBB] - 6/17/2015 - 4:35:50 ROVASOA ---A- . (...) -- C:\Windows\setupact.log [52861] O44 - LFC:[MD5.0E60DAD200CBE12BE4D1C5E330575050] - 6/17/2015 - 4:37:13 ROVASOA ---A- . (...) -- C:\Windows\AutoKMS.log [34619] =>Hacktool.AutoKMS O44 - LFC:[MD5.2479D4090184CA39E7CF1160FBCFA17B] - 6/17/2015 - 4:37:45 ROVASOA -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.3A7D03E53A682D328F946489F3A4610B] - 6/17/2015 - 5:19:59 ROVASOA ---A- . (...) -- C:\Windows\WindowsUpdate.log [1409389] O44 - LFC:[MD5.D1CEC2E76611EE3DED4F875AD379FA02] - 6/5/2015 - 4:43:38 ROVASOA ---A- . (.No owner - Registry Optimizer.) -- C:\Windows\System32\roboot64.exe [20248] O44 - LFC:[MD5.515E4684008E955DE0C81E6A7AEA1C2A] - 6/7/2015 - 11:46:43 ROVASOA ---A- . (.InstallShield Software Corporation - InstallShield® unInstaller.) -- C:\Windows\IsUninst.exe [306688] O44 - LFC:[MD5.AEC0828B9A0772831523809BD2EC8FCA] - 6/7/2015 - 11:46:46 ROVASOA ---A- . (...) -- C:\Windows\dasetup.log [19626] O44 - LFC:[MD5.974636BF28DDA64D787D3F2FAB4853F7] - 6/7/2015 - 11:46:48 ROVASOA ---A- . (...) -- C:\Windows\dahotfix.log [917] O44 - LFC:[MD5.3292291CF418979F8B731205EFD15F48] - 6/7/2015 - 1:28:37 ROVASOA ---A- . (...) -- C:\Windows\PFRO.log [25850] O44 - LFC:[MD5.54936A3C9CE94696CF70729B0781FF6A] - 6/7/2015 - 9:27:50 ROVASOA ---A- . (.RealVNC Ltd. - VNC Mirror Driver.) -- C:\Windows\System32\vncmirror.dll [26112] O44 - LFC:[MD5.93F279A2C172562050700A18FA84BE2E] - 6/7/2015 - 9:27:50 ROVASOA ---A- . (.RealVNC Ltd. - VNC Mirror Miniport.) -- C:\Windows\System32\Drivers\vncmirror.sys [4608] O44 - LFC:[MD5.6218B6D086B487E30A0374479E03A2FB] - 6/7/2015 - 9:28:23 ROVASOA ---A- . (.No owner - Port Monitor DLL.) -- C:\Windows\System32\VNCpm.dll [31232] ~ Files: 25 Scanned in VAmn OAs ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in VAmn OAs ---\\ Export authorized application key (O47) O47 - AAKE:Key Export SP - "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [Enabled] .(.WIBU-SYSTEMS AG.) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O47 - AAKE:Key Export DP - "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" [Enabled] .(.WIBU-SYSTEMS AG.) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe ~ Keys Export: 2 Scanned in VAmn OAs ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll ~ LSA: 3 Scanned in VAmn OAs ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys ~ CSB: 17 Scanned in VAmn OAs ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{6ac8ec0f-fe54-11e4-82a7-a01d48bd0024}\AutoRun\command. (...) -- H:\INSTALL_ADB_RNDIS.exe (.not file.) O51 - MPSK:{f51adc9f-fa39-11e4-829f-a01d48bd0024}\AutoRun\command. (...) -- J:\AutoRun.exe (.not file.) O51 - MPSK:{f51adcf4-fa39-11e4-829f-a01d48bd0024}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.) ~ Keys: Scanned in VAmn OAs ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"VIDC.FPS1"="frapsv64.dll" . (.Beepa P/L - Fraps.) -- C:\Windows\System32\frapsv64.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"frapsv64.dll"="Fraps Video Decompressor" . (.Beepa P/L - Fraps.) -- C:\Windows\System32\frapsv64.dll ~ TDSD: 4 Scanned in VAmn OAs ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll ~ MSCP: 2 Scanned in VAmn OAs ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableCursorSuppression"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "SoftwareSASGeneration"=1 ~ MWPS: 18 Scanned in VAmn OAs ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 ~ MWPE Keys: 4 Scanned in VAmn OAs ---\\ System Drivers List (SDL) (O58) O58 - SDL:8/22/2013 - 1:43:41 ROVASOA ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [108896] O58 - SDL:8/22/2013 - 1:43:41 ROVASOA ---A- . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) -- C:\Windows\System32\Drivers\adp80xx.sys [782176] O58 - SDL:8/22/2013 - 1:43:41 ROVASOA ---A- . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [79200] O58 - SDL:8/22/2013 - 1:43:41 ROVASOA ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\System32\Drivers\amdsbs.sys [259424] O58 - SDL:8/22/2013 - 1:43:40 ROVASOA ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [25952] O58 - SDL:8/22/2013 - 1:43:41 ROVASOA ---A- . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [114016] O58 - SDL:5/30/2015 - 9:30:54 ROVASOA ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29168] =>.ALWIL Software O58 - SDL:5/30/2015 - 9:30:41 ROVASOA ---A- . (.Avast Software s.r.o. - avast! Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\aswKbd.sys [28144] O58 - SDL:5/30/2015 - 9:30:54 ROVASOA ---A- . (.Avast Software s.r.o. - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [89944] O58 - SDL:5/30/2015 - 9:30:38 ROVASOA ---A- . (.Avast Software s.r.o. - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdisFlt.sys [449896] O58 - SDL:5/30/2015 - 9:30:54 ROVASOA ---A- . (.Avast Software s.r.o. - avast! WFP Redirect Driver.) -- C:\Windows\System32\Drivers\aswRdr2.sys [93528] O58 - SDL:5/30/2015 - 9:30:54 ROVASOA ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65736] =>.ALWIL Software O58 - SDL:5/30/2015 - 9:30:41 ROVASOA ---A- . (.Avast Software s.r.o. - avast! Virtualization Driver.) -- C:\Windows\System32\Drivers\aswSnx.sys [1047320] O58 - SDL:5/30/2015 - 9:30:54 ROVASOA ---A- . (.Avast Software s.r.o. - avast! self protection module.) -- C:\Windows\System32\Drivers\aswSP.sys [442264] O58 - SDL:5/30/2015 - 9:30:55 ROVASOA ---A- . (.Avast Software s.r.o. - Stream Filter.) -- C:\Windows\System32\Drivers\aswStm.sys [137288] O58 - SDL:5/30/2015 - 9:30:54 ROVASOA ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [272248] =>.ALWIL Software O58 - SDL:6/18/2013 - 3:45:02 ROVASOA ---A- . (.Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athw8x.sys [3680256] O58 - SDL:10/17/2014 - 6:03:00 ROVASOA ---A- . (.Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athwbx.sys [4226560] O58 - SDL:8/13/2013 - 12:25:46 ROVASOA ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:2/25/2014 - 8:53:02 ROVASOA ---A- . (.Qualcomm Atheros - Qualcomm Atheros BUS driver.) -- C:\Windows\System32\Drivers\btath_bus.sys [35016] O58 - SDL:8/22/2013 - 1:43:41 ROVASOA ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbda.sys [531296] O58 - SDL:12/17/2009 - 11:25:17 ROVASOA ---A- . (.Elaborate Bytes AG - ElbyCD Windows x64 I/O driver.) -- C:\Windows\System32\Drivers\ElbyCDIO.sys [34472] O58 - SDL:8/22/2013 - 1:43:45 ROVASOA ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbda.sys [3357024] O58 - SDL:11/14/2013 - 10:39:05 ROVASOA ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768] O58 - SDL:11/14/2013 - 10:39:03 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ewusbmdm.sys [226048] O58 - SDL:11/14/2013 - 10:39:05 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\ewusbwwan.sys [455680] O58 - SDL:11/14/2013 - 10:39:05 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - ew_cdcacm Driver.) -- C:\Windows\System32\Drivers\ew_cdcacm.sys [121728] O58 - SDL:11/14/2013 - 10:39:05 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - ew_hwupgrade Driver.) -- C:\Windows\System32\Drivers\ew_hwupgrade.sys [22016] O58 - SDL:11/14/2013 - 10:39:05 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568] O58 - SDL:11/14/2013 - 10:39:04 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - ew_jubusenum Driver.) -- C:\Windows\System32\Drivers\ew_jubusenum.sys [91648] O58 - SDL:11/14/2013 - 10:39:04 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - ew_jucdcacm Driver.) -- C:\Windows\System32\Drivers\ew_jucdcacm.sys [110592] O58 - SDL:11/14/2013 - 10:39:05 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - ew_jucdcndis Driver.) -- C:\Windows\System32\Drivers\ew_jucdcecm.sys [77312] O58 - SDL:11/14/2013 - 10:39:04 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - ew_juextctrl Driver.) -- C:\Windows\System32\Drivers\ew_juextctrl.sys [30720] O58 - SDL:11/14/2013 - 10:39:04 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - ew_jucdcndis Driver.) -- C:\Windows\System32\Drivers\ew_juwwanecm.sys [246272] O58 - SDL:11/14/2013 - 10:39:05 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - Filter Driver.) -- C:\Windows\System32\Drivers\ew_usbenumfilter.sys [14976] O58 - SDL:11/14/2013 - 10:39:04 ROVASOA ---A- . (.Huawei Technologies Co., Ltd. - ew_cdcndis Driver.) -- C:\Windows\System32\Drivers\ew_wwanecm.sys [375040] O58 - SDL:5/15/2014 - 2:18:36 ROVASOA ---A- . (.Hewlett-Packard Company - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\HpqKbFiltr64.sys [28376] O58 - SDL:8/22/2013 - 1:43:45 ROVASOA ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [64352] O58 - SDL:7/30/2013 - 7:47:35 ROVASOA ---A- . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\Windows\System32\Drivers\iaLPSSi_GPIO.sys [24568] O58 - SDL:7/25/2013 - 8:05:39 ROVASOA ---A- . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\Windows\System32\Drivers\iaLPSSi_I2C.sys [99320] O58 - SDL:4/24/2014 - 3:34:12 ROVASOA ---A- . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\Windows\System32\Drivers\iaStorA.sys [633704] O58 - SDL:8/10/2013 - 1:39:30 ROVASOA ---A- . (.Intel Corporation - Intel Rapid Storage Technology driver (inbox) - x64.) -- C:\Windows\System32\Drivers\iaStorAV.sys [651248] O58 - SDL:8/22/2013 - 1:43:45 ROVASOA ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\Drivers\iaStorV.sys [412000] O58 - SDL:10/30/2014 - 1:23:36 ROVASOA ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd64.sys [3775416] O58 - SDL:9/26/2014 - 3:26:12 ROVASOA ---A- . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\Drivers\IntcDAud.sys [454416] O58 - SDL:8/1/2014 - 9:18:33 ROVASOA ---A- . (.Intel Corporation - Intel® WiDi Solution.) -- C:\Windows\System32\Drivers\intelaud.sys [38296] O58 - SDL:11/4/2014 - 9:47:38 ROVASOA ---A- . (.Intel Corporation - Intel® WiDi Solution.) -- C:\Windows\System32\Drivers\iwdbus.sys [27000] O58 - SDL:8/22/2013 - 1:43:44 ROVASOA ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [109408] O58 - SDL:8/22/2013 - 1:43:45 ROVASOA ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [93536] O58 - SDL:8/22/2013 - 1:43:44 ROVASOA ---A- . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas3.sys [81760] O58 - SDL:8/22/2013 - 1:43:45 ROVASOA ---A- . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sss.sys [82784] O58 - SDL:8/22/2013 - 1:43:45 ROVASOA ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\megasas.sys [56672] O58 - SDL:8/22/2013 - 1:43:45 ROVASOA ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\megasr.sys [575840] O58 - SDL:11/14/2013 - 10:39:04 ROVASOA ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472] O58 - SDL:8/22/2013 - 1:43:49 ROVASOA ---A- . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\Drivers\mvumis.sys [63840] O58 - SDL:3/1/2013 - 2:49:12 ROVASOA ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600] O58 - SDL:8/22/2013 - 1:43:31 ROVASOA ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [150368] O58 - SDL:8/22/2013 - 1:43:32 ROVASOA ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [168288] O58 - SDL:8/26/2014 - 12:31:52 ROVASOA ---A- . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver.) -- C:\Windows\System32\Drivers\Rt630x64.sys [874712] O58 - SDL:12/3/2014 - 11:41:54 ROVASOA ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHD64.sys [4290520] O58 - SDL:8/19/2014 - 12:33:40 ROVASOA ---A- . (.Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8.) -- C:\Windows\System32\Drivers\RtsP2Stor.sys [294104] O58 - SDL:5/28/2014 - 5:02:30 ROVASOA ---A- . (.Realtek Semiconductor Corp. - Realtek UVC Driver for XP/Vista/Win7/Win8.) -- C:\Windows\System32\Drivers\rtsuvc.sys [9112792] O58 - SDL:2/3/2014 - 7:45:22 ROVASOA ---A- . (.Power Software Ltd - PowerISO Virtual Drive.) -- C:\Windows\System32\Drivers\scdemu.sys [129944] O58 - SDL:8/22/2013 - 4:35:09 ROVASOA ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [23040] O58 - SDL:8/22/2013 - 1:43:31 ROVASOA ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [44896] O58 - SDL:8/22/2013 - 1:43:32 ROVASOA ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [81760] O58 - SDL:10/30/2014 - 2:19:58 ROVASOA ---A- . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\Drivers\Smb_driver_Intel.sys [33008] O58 - SDL:8/22/2013 - 1:43:32 ROVASOA ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:9/5/2014 - 1:39:38 ROVASOA ---A- . (.Synaptics Incorporated - Synaptics Touchpad Win64 Driver.) -- C:\Windows\System32\Drivers\SynTP.sys [576752] O58 - SDL:4/8/2014 - 2:33:44 ROVASOA ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0).) -- C:\Windows\System32\Drivers\tap0901.sys [27136] O58 - SDL:3/26/2012 - 10:45:14 ROVASOA ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\taphss.sys [37888] O58 - SDL:10/10/2014 - 9:37:16 ROVASOA ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\Drivers\TeeDriverx64.sys [129312] O58 - SDL:8/9/2009 - 10:25:45 ROVASOA ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\Windows\System32\Drivers\VClone.sys [36352] O58 - SDL:8/22/2013 - 1:43:34 ROVASOA ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [19808] O58 - SDL:6/14/2010 - 10:17:04 ROVASOA ---A- . (.RealVNC Ltd. - VNC Mirror Miniport.) -- C:\Windows\System32\Drivers\vncmirror.sys [4608] O58 - SDL:8/22/2013 - 1:43:34 ROVASOA ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [168800] O58 - SDL:8/22/2013 - 1:43:34 ROVASOA ---A- . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\Drivers\VSTXRAID.SYS [305504] O58 - SDL:8/6/2013 - 1:33:28 ROVASOA ---A- . (.Hewlett-Packard Development Company, L.P. - HP Wireless Button Driver.) -- C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [20800] ~ Drivers: 78 Scanned in VAmn OAs ---\\ Last modified or created user files (O61) O61 - LFC: 6/10/2015 - 6:27:34 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\10ead687afca927bd7b22ad8d20e1de3\Microsoft.PerfTrack.ni.dll [28160] =>.Microsoft Corporation O61 - LFC: 6/10/2015 - 6:27:34 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\SqliteWrapper\99fa190c50aa9d06da5fb90ed0d8b8f7\SqliteWrapper.ni.dll [117248] =>.Microsoft Corporation O61 - LFC: 6/10/2015 - 6:27:34 ROVASOA ---A- . (.Microsoft.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\Microsoft.BingNews_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Platform\b2ac7be6485b0e6e8c3e905a399a6a55\Platform.ni.dll [6372864] =>.Microsoft Corporation O61 - LFC: 6/11/2015 - 6:28:23 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\Microsoft\UProof\CMAdj.12.bin [80] O61 - LFC: 6/11/2015 - 6:28:26 ROVASOA ---A- . (.DownloadHelper.) -- C:\Users\Rovasoa Niriniaina\Downloads\ConvertHelper3Setup.exe [19189487] O61 - LFC: 6/12/2015 - 6:27:24 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\12726CosmosChong.AdvancedEnglishDictionary_amge560j0aq9g\LocalState\recent.bin [125] O61 - LFC: 6/12/2015 - 6:27:24 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\12726CosmosChong.AdvancedEnglishDictionary_amge560j0aq9g\LocalState\recentDB.bin [756] O61 - LFC: 6/12/2015 - 6:28:04 ROVASOA ---A- . (.InstallShield Corp..) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Temp\_ISTMP3.DIR\ZDataI50.dll [45056] O61 - LFC: 6/12/2015 - 6:28:24 ROVASOA ---A- . (.Adobe Systems Inc.) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\Mozilla\Firefox\Profiles\mteietq8.default\gmp-eme-adobe\11\eme-adobe.dll [5916912] O61 - LFC: 6/14/2015 - 6:28:25 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\systweak\regclean pro\Version 6.1\backup0.bin [761] =>Rogue.RegistryPowerCleaner O61 - LFC: 6/16/2015 - 6:26:00 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Microsoft\Windows\INetCache\IE\9ATFE9H1\urlblockindex[1].bin [16] O61 - LFC: 6/16/2015 - 6:27:25 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\23500ANUSUMALIKAAKEPOGU.LIVINGWORD_heaf1c2gb9pg6\AC\Microsoft\CLR_v4.0_32\NativeImages\App58\876ac62101ff20777da5a44360f5fbc1\App58.ni.exe [198144] O61 - LFC: 6/16/2015 - 6:27:27 ROVASOA ---A- . (.MarkedUp Inc.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\58358KittenInteractive.47391C753B11E_c1e5xmghw0yqc\AC\Microsoft\CLR_v4.0\NativeImages\MarkedUp\a4ba1f8be6f6e874474b86d418643a65\MarkedUp.ni.dll [1715200] O61 - LFC: 6/16/2015 - 6:27:27 ROVASOA ---A- . (.Microsoft.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\58358KittenInteractive.47391C753B11E_c1e5xmghw0yqc\AC\Microsoft\CLR_v4.0\NativeImages\MicrosoftAdvertising\3054dc56d444c6c0819580d49c5f4417\MicrosoftAdvertising.ni.dll [825344] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\CloudTTS\bf487a385b7289635e4f7e838c4d8700\CloudTTS.ni.dll [87040] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\FCPCommon\66407039b1c33a29514c1512c11521cd\FCPCommon.ni.dll [1814016] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\FlashcardsPro\963c2fbbb9a5a11127dee3aca6c4c81c\FlashcardsPro.ni.exe [1397760] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.24e0b7c1#\36486eeb7bad3aea88472908f6a601f4\Syncfusion.SfColorPickers.WinRT.ni.dll [319488] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (.AdDuplex.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\AdDuplex.Controls\4174803412489daaffaf80744e02ebf4\AdDuplex.Controls.ni.dll [284160] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (.AdDuplex.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\AdDuplex.WinRT\e27aa368f964520f429c1911d25052a2\AdDuplex.WinRT.ni.dll [513024] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (.Microsoft.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.Aa7f4f37f#\ab0cbe0620a47fa745bd7b44d85f4494\Microsoft.Advertising.WinRT.UI.ni.dll [700928] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (.Microsoft.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\MicrosoftAdvertising\3054dc56d444c6c0819580d49c5f4417\MicrosoftAdvertising.ni.dll [825344] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (.Syncfusion, Inc..) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.022a76c6#\b1087c55d74880429d4faa3afa0f6bd4\Syncfusion.SfMaps.WinRT.ni.dll [1482752] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (.Syncfusion.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.08f550cc#\af5fc79428f4c36bf648750f20d9476d\Syncfusion.Data.WinRT.ni.dll [1293824] O61 - LFC: 6/16/2015 - 6:27:28 ROVASOA ---A- . (.Tim Heuer.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Callisto\3bb0991ed1c24380b8f1240f5a0e8e6f\Callisto.ni.dll [732672] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.2896fa44#\b35e85398b5f2d82a7c728667bc76080\Syncfusion.SfGridBase.WinRT.ni.dll [2320384] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.3154d2bd#\12dd2604e68bb056ea6c5b91e5b25cfb\Syncfusion.SfReportViewer.WinRT.ni.dll [6444544] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.3a0c20d0#\e3ea776389843ca1196fdc708d2bbdcb\Syncfusion.SfTileView.WinRT.ni.dll [217600] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.433e62d8#\46fdd3b84684015f920f41b1b7244d23\Syncfusion.SfGauge.WinRT.ni.dll [1295360] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.484bc9b9#\35dd9be233ab152a75d21a7ccb651c7c\Syncfusion.SfAccordion.WinRT.ni.dll [326144] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.6be7ec69#\21dd647b4b63f69b7e57b82ea11e53f6\Syncfusion.SfRadialMenu.WinRT.ni.dll [491520] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.713138e2#\d164da0855dd3d7b6a08e0a28d99cb6e\Syncfusion.SfHubTile.WinRT.ni.dll [400384] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.79af754c#\5181b78a5a9990a127ccc60487954df7\Syncfusion.SfSchedule.WinRT.ni.dll [3888640] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (.Syncfusion Inc..) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.3af09c52#\97a64e54ffaf6330d95d7702e168bcb8\Syncfusion.DocIO.WinRT.ni.dll [11083264] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (.Syncfusion, Inc..) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.684726a3#\58fd957c9c7d305dabd6204b0291f7b9\Syncfusion.SfBulletGraph.WinRT.ni.dll [299520] O61 - LFC: 6/16/2015 - 6:27:29 ROVASOA ---A- . (.Syncfusion.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.412a82f1#\48a5ca55d1161be6963bfbfcea45e8d8\Syncfusion.SfGrid.WinRT.ni.dll [5453312] O61 - LFC: 6/16/2015 - 6:27:30 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.7f925700#\a203d32b0d292886854758e361e8bae5\Syncfusion.SfShared.WinRT.ni.dll [426496] O61 - LFC: 6/16/2015 - 6:27:30 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.866da959#\1a5773cc269340c179920f2e3d1be1cd\Syncfusion.SfCarousel.WinRT.ni.dll [141824] O61 - LFC: 6/16/2015 - 6:27:30 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.8cabb3f0#\afabee77d05eb3858ed659fc0e2f9dee\Syncfusion.SfTreeNavigator.WinRT.ni.dll [168960] O61 - LFC: 6/16/2015 - 6:27:30 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.9c7d43b5#\5decdfb3e572494ecf000343391ab1c6\Syncfusion.SfBusyIndicator.WinRT.ni.dll [92672] O61 - LFC: 6/16/2015 - 6:27:30 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.a0778b85#\69ce7ab95c206969bada6e426465488e\Syncfusion.SfChart.WinRT.ni.dll [6202368] O61 - LFC: 6/16/2015 - 6:27:30 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.a1dc96bf#\7b86eb82039a4ee26f5ef017c1981274\Syncfusion.SfInput.WinRT.ni.dll [2163200] O61 - LFC: 6/16/2015 - 6:27:30 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.a9526c39#\0edcc3dbd00d47c3af8c1a6b39b42dbd\Syncfusion.SfTabControl.WinRT.ni.dll [354816] O61 - LFC: 6/16/2015 - 6:27:30 ROVASOA ---A- . (.Syncfusion Inc..) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.a97a4f02#\79b1c4d3a833c8060a070b5b5e9a2902\Syncfusion.SfRichTextBoxAdv.WinRT.ni.dll [2443776] O61 - LFC: 6/16/2015 - 6:27:30 ROVASOA ---A- . (.Syncfusion, Inc..) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.a3bdf953#\9f7d4bbd5841ee880d2c96d9f19dbe9c\Syncfusion.SfTreeMap.WinRT.ni.dll [513536] O61 - LFC: 6/16/2015 - 6:27:31 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.b5a52b69#\62d824e95ee41b2504b426553806ddf7\Syncfusion.GridCommon.WinRT.ni.dll [1732608] O61 - LFC: 6/16/2015 - 6:27:31 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.c13daabc#\0fb042ff0d2b38d65255019fcf92348e\Syncfusion.SfDiagram.WinRT.ni.dll [3539456] O61 - LFC: 6/16/2015 - 6:27:31 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\WinRTFramework\8f3fa23516b00a492a7a5e2fdf21dbc3\WinRTFramework.ni.dll [691712] O61 - LFC: 6/16/2015 - 6:27:31 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\avonmobility.EnglishClub_fecrcyk3kabz6\AC\Microsoft\CLR_v4.0\NativeImages\AvonMobilitf0397a36#\653cdf0d555b34764ee8fe29cb1eba6d\AvonMobility.EnglishClub.ni.exe [3485696] O61 - LFC: 6/16/2015 - 6:27:31 ROVASOA ---A- . (.Filip Skakun.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\WinRTXamlToolkit\686af1f8e2bcc1c8324bb8072b884558\WinRTXamlToolkit.ni.dll [3298816] O61 - LFC: 6/16/2015 - 6:27:31 ROVASOA ---A- . (.Fortumo.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\avonmobility.EnglishClub_fecrcyk3kabz6\AC\Microsoft\CLR_v4.0\NativeImages\FortumoWindows\50161802c7097da008d8549b99da611f\FortumoWindows.ni.dll [823296] O61 - LFC: 6/16/2015 - 6:27:31 ROVASOA ---A- . (.Syncfuson Inc..) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Packages\AntaraSoftware.FlashcardsPro_7jhd16s0b93qm\AC\Microsoft\CLR_v4.0\NativeImages\Syncfusion.c9d69095#\23eb7e56fa93010a22e3d5bf56327809\Syncfusion.SfBarcode.WinRT.ni.dll [551424] O61 - LFC: 6/16/2015 - 6:28:12 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\Adobe\Acrobat\8.0\UserCache.bin [128220] O61 - LFC: 6/16/2015 - 6:28:21 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\Graphisoft\ArchiCAD-64 17.0.0 INT R1\IFC Preferences\IFC Options Data.bin [394] O61 - LFC: 6/16/2015 - 6:28:21 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\Graphisoft\ArchiCAD-64 17.0.0 INT R1\Latest WorkEnvironment\Palettes\Palette.bin [6458] O61 - LFC: 6/16/2015 - 6:28:21 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\Graphisoft\ArchiCAD-64 17.0.0 INT R1\Latest WorkEnvironment\Tools\Tools.bin [35864] O61 - LFC: 6/16/2015 - 6:28:21 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\Graphisoft\ArchiCAD-64 17.0.0 INT R1\Latest WorkEnvironment\User Preferences\User Preferences.bin [522] O61 - LFC: 6/17/2015 - 6:27:52 ROVASOA ---A- . (.Installer prog.) -- C:\Users\Rovasoa Niriniaina\AppData\Local\Temp\ICReinstall_sony-vegas-pro_13-build-290_fr_124204.exe [721056] O61 - LFC: 6/17/2015 - 6:28:25 ROVASOA ---A- . (...) -- C:\Users\Rovasoa Niriniaina\AppData\Roaming\systweak\regclean pro\Version 6.1\backup6.bin [750] =>Rogue.RegistryPowerCleaner O61 - LFC: 6/17/2015 - 6:28:26 ROVASOA ---A- . (.Installer prog.) -- C:\Users\Rovasoa Niriniaina\Downloads\sony-vegas-pro_13-build-290_fr_124204.exe [721056] O61 - LFC: 6/17/2015 - 6:28:26 ROVASOA ---A- . (.Nicolas Coolman.) -- C:\Users\Rovasoa Niriniaina\Downloads\ZHPDiag2-2015.6.16.57.exe [6883618] =>.Nicolas Coolman O61 - LFC: 6/17/2015 - 6:28:26 ROVASOA ---A- . (.Sony Creative Software Inc..) -- C:\Users\Rovasoa Niriniaina\Downloads\sony-vegas-pro_13-build-290_fr_124204 [1].exe [395026776] ~ 3330 Fichiers temporaires (Temporary files) ~ Files: 62 Scanned in VAmn OAs ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in VAmn OAs ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.scr> [HKCU\..\open\Command] (.Microsoft Corporation - Bloc-notes.) -- C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation ~ FASS Keys: 12 Scanned in VAmn OAs ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in VAmn OAs ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} [DefaultScope] - (Bing (by Mircosoft)) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://websearch.searchfix.info O69 - SBI: SearchScopes [HKCU] {C0C3A6C6-03BC-4195-8FCB-AEA091301353} - (Yahoo!) - http://search.yahoo.com ~ Keys: Scanned in VAmn OAs ---\\ Crack & Keygen Files (CKF) (O82) C:\Users\Rovasoa Niriniaina\Downloads\FRAPS 3.5.99 Cracked Version is Here !.exe =>.Crack,Keygen C:\Users\Rovasoa Niriniaina\Downloads\Fraps 3.5.99 Full Cracked 2013[A4] [www.OMGTORRENT.com].torrent =>.Crack,Keygen C:\Users\Rovasoa Niriniaina\Downloads\FRAPS 3.5.99 Cracked Version is Here !.exe =>.Crack,Keygen C:\Users\Rovasoa Niriniaina\Downloads\Fraps 3.5.99 Full Cracked 2013[A4] [www.OMGTORRENT.com].torrent =>.Crack,Keygen D:\lOGICIEL\ACROBAT\Adobe CS3\BS\keygen_master.exe =>.Crack,Keygen D:\lOGICIEL\Antivirus\Avast! Internet Security v8.0.1489.300 with licence keys valid till 2015 [TorDigger]\Avast5\Keygen free edition\Keygen.exe =>.Crack,Keygen D:\lOGICIEL\BTP\Robot Structural 2014\Autodesk 2014 KEYGEN\xf-adsk64\adesk_patcher64.exe =>.Crack,Keygen D:\lOGICIEL\BTP\Sketchup2013 64bits\Cracked Files\LayOut.exe =>.Crack,Keygen D:\lOGICIEL\BTP\Sketchup2013 64bits\Cracked Files\SketchUp.exe =>.Crack,Keygen D:\lOGICIEL\BTP\Sketchup2013 64bits\Cracked Files\Style Builder.exe =>.Crack,Keygen D:\lOGICIEL\crack_seven\Windows Loader.exe =>.Crack,Keygen D:\lOGICIEL\Keygen.exe =>.Crack,Keygen D:\lOGICIEL\Nero 8\Keygen\nero8x.exe =>.Crack,Keygen D:\lOGICIEL\PC FASTER\crack_seven\Windows Loader.exe =>.Crack,Keygen D:\lOGICIEL\RealVNC Enterprise v4.5.4\VNC Enterprise Edition 4.5.4\Keygen.exe =>.Crack,Keygen D:\lOGICIEL\UltraISO_Premium_Edition_v9.3.5.2716\Keygen\keygen.exe =>.Crack,Keygen D:\lOGICIEL\W7_crack\Windows Loader.exe =>.Crack,Keygen D:\lOGICIEL\Win 8 key\Windows Loader\Windows Loader.exe =>.Crack,Keygen D:\lOGICIEL\Win 8 key\Windows Loader\Windows Loader.rar =>.Crack,Keygen D:\PowerISO 5.5 (FULL + Keygen)\PowerISO 5.5 (FULL + Keygen).zip =>.Crack,Keygen D:\Rova\JOOV\GP\Guitar Pro 5.2! Newest version! Fully cracked!\new tabs\www-tablatures-tk @ Beatles (The) - Michelle (classic).zip =>.Crack,Keygen D:\Rova\JOOV\GP\Guitar Pro 5.2! Newest version! Fully cracked!\new tabs\www-tablatures-tk @ De Lucia, Paco - Rio Ancho (Rumba).zip =>.Crack,Keygen D:\Rova\JOOV\GP\Guitar Pro 5.2! Newest version! Fully cracked!\new tabs\www-tablatures-tk @ Howard, Bart - Fly Me To the Moon.zip =>.Crack,Keygen D:\Rova\JOOV\GP\Guitar Pro 5.2! Newest version! Fully cracked!\new tabs\www-tablatures-tk @ Jobim, Antonio Carlos - Desafinado.zip =>.Crack,Keygen D:\Rova\JOOV\GP\Guitar Pro 5.2! Newest version! Fully cracked!\new tabs\www-tablatures-tk @ Nirvana - About A Girl.zip =>.Crack,Keygen D:\Rova\JOOV\GP\Guitar Pro 5.2! Newest version! Fully cracked!\new tabs\www-tablatures-tk @ Rightmire, Richard - Tango Flamenco.zip =>.Crack,Keygen ~ Files: Scanned in VAmn OAs ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [214528] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [156160] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [156160] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [329216] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [1360896] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [1084416] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [926208] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [31744] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [110080] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [151040] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [110592] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [1265152] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [230400] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [71168] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [135168] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [225280] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [339968] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [84992] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [101376] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [348672] O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Service d’infrastructure de localisation Windows.) -- C:\Windows\System32\GeofenceMonitorService.dll [521728] O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Service de compte Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1639424] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [59392] O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gestionnaire d’installation de périphérique.) -- C:\Windows\System32\DeviceSetupManager.dll [206848] O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Service Assistant Connectivité réseau Microsoft.) -- C:\Windows\System32\ncasvc.dll [166400] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [102912] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire des connexions d’accès à distance.) -- C:\Windows\System32\rasmans.dll [542208] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [226816] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [73728] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [452608] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [313344] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [3678720] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [933376] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [640000] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\Windows\System32\appmgmts.dll [187904] O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filter.) -- C:\Windows\System32\KeyboardFilterSvc.dll [92992] ~ Services: 36 Scanned in VAmn OAs ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.1BD4F0C1CA041E0C31B6ACEF82B27EFD] [SPRF][5/4/2015] (...) -- C:\Users\Rovasoa Niriniaina\Desktop\ram.bat [20] [MD5.6AFBDA3B252F6EC1E90DAC1463B25459] [SPRF][2/8/2013] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [117064] [MD5.F96D6BB77C20C91B2203D6C9D5186045] [SPRF][2/21/2013] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropFRA.dll [109368] ~ Files: 3 Scanned in VAmn OAs ---\\ Product Upgrade Codes (PUC) (O90) O90 - PUC: "ED50FC09F537BA245AA24F74DFBF2E70" . (.LavasoftTcpService.) -- C:\WINDOWS\Installer\{90CF05DE-735F-42AB-A52A-F447FDFBE207}\ARPPRODUCTICON.exe =>Adware.Graftor ~ Update Products: 1 Scanned in VAmn OAs ---\\ MyComputer Name Space (MNS) (O92) O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE} O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B} O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C} O92 - MNS: Autodesk 360 - {A7B36FF9-3BB0-426B-A737-A997B80466D5} O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} ~ MNS: 7 Scanned in VAmn OAs ---\\ Search Tracing Registry Key (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector ~ BTK: 45 Scanned in VAmn OAs ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 3/20/2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe =>.Adobe Systems Incorporated SS - | Demand 5/9/2015 77944 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe SS - | Demand 10/30/2014 280680 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Demand 5/2/2015 1471352 | (FlexNet Licensing Service 64) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe SS - | Auto 5/4/2015 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 5/4/2015 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 8/27/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe SS - | Auto 11/14/2013 656976 | (MobiConnect. RunOuc) . (...) - C:\Program Files (x86)\MobiConnect\UpdateDog\ouc.exe SS - | Demand 6/4/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 9/20/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe SS - | Demand 10/21/2014 33080 | (OpenVPNService) . (.The OpenVPN Project.) - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe SS - | Demand 3/1/2013 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe SS - | Auto 2/18/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 7/22/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 11/17/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe SR - | Auto 2/25/2014 319104 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe SR - | Auto 12/13/2012 12288 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe SR - | Auto 5/30/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 5/30/2015 107448 | (avast! Firewall) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\afwServ.exe SR - | Auto 2/28/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe SR - | Auto 4/3/2013 2915704 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe SR - | Demand 6/7/2015 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SR - | Auto 4/10/2013 351824 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe SR - | Auto 10/30/2014 318568 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe SR - | Auto 8/27/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 12/10/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 4/27/2015 833888 | (LavasoftTcpService) . (.Lavasoft Limited.) - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe =>Adware.Graftor SR - | Auto 12/10/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 9/20/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe SR - | Auto 9/4/2014 292568 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe SR - | Auto 9/5/2014 220912 | (SynTPEnhService) . (.Synaptics Incorporated.) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe SR - | Demand 7/22/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 7/22/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 6/14/2010 2069880 | (WinVNC4) . (.RealVNC Ltd..) - C:\Program Files\RealVNC\VNC4\WinVNC4.exe SR - | Demand 10/29/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in VAmn OAs ---\\ Search Master Boot Record Infection (MBR)(O80) Run by Rovasoa Niriniaina at 6/17/2015 6:39:28 ROVASOA ~ OS 64 not supported by MBR tool ~ MBR: 0 Scanned in VAmn OAs ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Rovasoa Niriniaina at 6/17/2015 6:39:30 ROVASOA ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in VAmn OAs ---\\ Scan Additionnel (O88) Database Version : 13008 - (6/16/2015) Clés trouvées (Keys found) : 27 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 13 Fichiers trouvés (Files found) : 15 [HKLM\SYSTEM\CurrentControlSet\Services\LavasoftTcpService] =>Adware.Graftor^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1] =>PUP.AdvancedSystemProtector^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine] =>Toolbar.Conduit^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUA.KMSpico^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90CF05DE-735F-42AB-A52A-F447FDFBE207}] =>Adware.Graftor^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}] =>PUP.PriceMinus^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1] =>Rogue.RegistryPowerCleaner^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_France_FF Toolbar] =>Adware.FFToolBar^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}] =>PUP.Adblocker^ [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>PUP.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}] =>PUP.Conduit [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>PUP.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] =>Toolbar.Ask&Record [HKLM\Software\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] =>Toolbar.Ask&Record [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] =>Toolbar.Ask&Record [HKLM\Software\Classes\Conduit.Engine] =>PUP.Conduit [HKCU\Software\AppDataLow\Software\conduitEngine] =>PUP.Conduit [HKLM\Software\Wow6432Node\conduitEngine] =>PUP.Conduit [HKCU\Software\AppDataLow\Software\Softonic_France_FF] =>PUP.Conduit [HKLM\Software\Wow6432Node\Softonic_France_FF] =>PUP.Conduit [HKCU\Software\AppDataLow\Toolbar] =>PUP.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine] =>PUP.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_France_FF Toolbar] =>PUP.Conduit [HKLM\Software\Classes\Toolbar.CT2207610] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar.CT2207610] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^ C:\Program Files (x86)\bestadblocker =>PUP.Adblocker^ C:\Program Files (x86)\ConduitEngine =>Toolbar.Conduit^ C:\Program Files (x86)\PriceMiinus =>PUP.PriceMinus^ C:\Program Files (x86)\PriceMinus =>PUP.PriceMinus^ C:\Program Files (x86)\Softonic_France_FF =>Toolbar.Conduit^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector =>PUP.AdvancedSystemProtector^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUA.KMSpico^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner^ C:\Users\Rovasoa Niriniaina\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\Program Files (x86)\Conduit =>PUP.Conduit C:\Users\Rovasoa Niriniaina\AppData\LocalLow\Conduit =>PUP.Conduit C:\Users\Rovasoa Niriniaina\AppData\LocalLow\ConduitEngine =>PUP.Conduit C:\Users\Rovasoa Niriniaina\AppData\LocalLow\Softonic_France_FF =>PUP.Conduit C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe =>PUP.AdvancedSystemProtector^ C:\Program Files (x86)\ASP\AspManager.exe =>PUP.AdvancedSystemProtector^ C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico^ C:\Program Files (x86)\RCP\RegCleanPro.exe =>Rogue.RegistryPowerCleaner^ C:\Windows\Tasks\RegClean Pro_DEFAULT.job =>Rogue.RegistryPowerCleaner^ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT =>Rogue.RegistryPowerCleaner^ C:\Windows\Tasks\RegClean Pro_UPDATES.job =>Rogue.RegistryPowerCleaner^ C:\Windows\System32\Tasks\RegClean Pro_UPDATES =>Rogue.RegistryPowerCleaner^ [HKCU\Software\AppDataLow\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^ C:\Windows\AutoKMS.exe =>Trojan.Keygen C:\Users\Rovasoa Niriniaina\AppData\Local\Temp\sp-downloader.exe =>Toolbar.Conduit C:\Users\Rovasoa Niriniaina\AppData\Local\Temp\SPIdentifier.exe =>Toolbar.Conduit ~ Additionnel Scan: 778113 Items scanned in VAmn OAs ---\\ Additional information about modules ~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://www.nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2) ~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4) ~ http://www.nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51) ~ AMI: 4 Scanned in VAmn OAs ---\\ Summary of the detections found on your workstation http://www.nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector http://www.nicolascoolman.fr/rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner http://www.nicolascoolman.fr/adware-adon =>Adware.ADON http://www.nicolascoolman.fr/blog/ =>Adware.Graftor http://www.nicolascoolman.fr/blog/ =>Hacktool.AutoKMS http://www.nicolascoolman.fr/pup-kmspico =>PUA.KMSpico http://www.nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit http://www.nicolascoolman.fr/blog/ =>PUP.PriceMinus http://www.nicolascoolman.fr/blog/ =>Adware.FFToolBar http://www.nicolascoolman.fr/blog/ =>PUP.Adblocker http://www.nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy http://www.nicolascoolman.fr/blog/ =>PUP.Conduit http://www.nicolascoolman.fr/toolbar-ask =>Toolbar.Ask http://www.nicolascoolman.fr/blog/ =>Toolbar.Ask&Record http://www.nicolascoolman.fr/blog/ =>Trojan.Keygen ~ MSI: 15 link(s) detected in VAmn OAs End of the scan (1748 lines in VAmn OAs)(26.2)