~ ZHPDiag v2015.7.18.94 By Nicolas Coolman (2015/07/18)
~ Run by abo lith (Administrator)  (2015/07/18 22:05:14)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version:  Version OK
~ Mode: Scan
~ Report: C:\Users\abo lith\Desktop\ZHPDiag.txt
~ Report: C:\Users\abo lith\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
~ Windows 8.1, 32-bit  (Build 9600)

---\\ Internet Browsers (2) - 0s
MFIE: Mozilla Firefox 39.0 (x86 en-US) v39.0
MSIE: Internet Explorer v11.0.9600.17905

---\\ Windows Product Information (3) - 1s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Activation Technologies : OK

---\\ System protection software (1) - 3s
Avira Antivirus v15.0.11.579

---\\ System optimization software (1) - 3s
ccleaner version 1.5 v1.5

---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System:  32-bit 
~ Boot mode: Normal (Normal boot)
Total RAM: 3136.348 MB (50% free)
~ System Restore: Activé (Enable)
~ System drive C: has 31 GB free of 238 GB

---\\ Connection to the system mode (3) - 0s
~ Computer Name: ABOLITH
~ User Name: abo lith
~ Logged in as Administrator

---\\ Enumeration of the disk units (4) - 10s
~ Drive C: has 31 GB free of 238 GB  (System)
~ Drive D: has 18 GB free of 107 GB
~ Drive E: has 46 GB free of 131 GB
~ Drive F: has  GB free of 4 GB

---\\ Search Generic System Files (22) - 1s
[MD5.91E24273FCA076EA9E65DAFA98901225] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2207488]
[MD5.8BFE805555CDAF6387912A34D7978DAA] - (.Microsoft Corporation - Windows host process (Rundll32).) () -- C:\Windows\System32\rundll32.exe [51200]
[MD5.DC02677945BDABD6B0C6A29914AA21EF] - (.Microsoft Corporation - Windows Start-Up Application.) () -- C:\Windows\System32\Wininit.exe [115712]
[MD5.E2B8238F0A0D1ADBA3AE4A6D6F0EC756] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\Windows\System32\wininet.dll [1951232]
[MD5.E36FB29A2158B7D5DCA0F4E08DE75442] - (.Microsoft Corporation - Windows Logon Application.) () -- C:\Windows\System32\Winlogon.exe [465408]
[MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Software Licensing Library.) () -- C:\Windows\System32\sppcomapi.dll [438272]
[MD5.D75FB05E8DBF21FA0EF313C7503243F1] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [461312]
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [23392]
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [73728]
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [124928]
[MD5.55758EBBC45E1628161121D7CFEAD4A1] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [102400]
[MD5.7E0EDA9EE53E344D1604EB2A7E8DED47] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [69632]
[MD5.7A708934CC652100A94944EC808C3916] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\Windows\System32\drivers\i8042prt.sys [83456]
[MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [126976]
[MD5.49EDA7967848465645E2D809384D0EBA] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [328704]
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [218624]
[MD5.C52E578E3F8182C2EE6AAF0AC2B61C9B] - (.Microsoft Corporation - NT File System Driver.) () -- C:\Windows\System32\drivers\ntfs.sys [1689408]
[MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\Windows\System32\drivers\Parport.sys [81408]
[MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [81920]
[MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [143872]
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [87040]
[MD5.31A2AA48C1ECD390E2707E5C21B75DCE] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\Windows\System32\drivers\volsnap.sys [264512]

---\\ Process running (31) - 4s
[MD5.8F4A4E8069E6C1C0975509476F2E2DB9] - (.AMD - AMD External Events Service Module.) -- C:\Windows\System32\atiesrxx.exe [209408] [PID.968]
[MD5.2BB7E9A887F26CDB5C19C76636E85394] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568] [PID.1868]  =>Toolbar.Ask
[MD5.1DC18C9E1B4984389783E4F9DFC61AB1] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808] [PID.1900]
[MD5.6F586F9C9E365B28F1E1BE3B0E38403C] - (.Camshare Inc. - Camfrog Video Chat update service.) -- C:\Program Files\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1035768] [PID.1992]
[MD5.BDB1BBE933CA79C9688578B8AF336C13] - (.Dynamic DNS Services  http://www.dyndnsservices.com - DDNS Enterprise Windows Service..) -- C:\Program Files\Enterprise DDNS Client\ddnsclient.exe [53248] [PID.2016]
[MD5.670D6F56BA218AE78CD526AFCC530E2A] - (.Atheros Communications, Inc. - JumpStart PushButton Service.) -- C:\Program Files\Jumpstart\jswpbapi.exe [188416] [PID.468]
[MD5.E0EDF82FED4CF4DDF86FF63A5E086E48] - (.OpenVPN Technologies, Inc - PrivateTunnel Service.) -- C:\Program Files\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816] [PID.404]
[MD5.DB85CA81EA71ED177C6348280FBF1687] - (.OpenVPN Technologies, Inc - PrivateTunnel Core Daemon.) -- C:\Program Files\OpenVPN Technologies\PrivateTunnel\ptcore.exe [794008] [PID.764]
[MD5.BBFCAC1C23B867AE5D7EF96DF40680C5] - (.Realtek - RtlService MFC Application.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960] [PID.820]
[MD5.66F39EB030F69731FD2731D83D6A3DBD] - (.Realtek Semiconductor Corp. - RtWLan ( For Vista / Win7) Application(Exte.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [1118208] [PID.1788]
[MD5.6DE4544BAB3373D69F562E7894405A07] - (...) -- C:\Users\abo lith\AppData\Roaming\Resentful Compassion\Resentful Compassion.exe [66048] [PID.1972]
[MD5.9DA3B55B17B54789AFB8C657D4ACE4D7] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) -- C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688] [PID.2088]
[MD5.F1D29D9C5DB9C144769F5CD7212BE555] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\System32\vmnat.exe [435864] [PID.2196]
[MD5.360959BBD4F451E1AB811F4304232766] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120] [PID.2284]
[MD5.7171B884DA8BFB1CE5C8BAE46D993CB1] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [79872] [PID.2348]
[MD5.03A7980C30E9F00F1EAC752612DC80CE] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\System32\vmnetdhcp.exe [357016] [PID.2484]
[MD5.A77A76DD2773616651121B7EFA5948C1] - (.VMware, Inc. - VMware USB Arbitration Service.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [719512] [PID.2504]
[MD5.5C6121C09B35B01705EEF7B948B92338] - (...) -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [15680000] [PID.2916]
[MD5.8F0029989DC08F936A274F8E21340A12] - (.AMD - AMD External Events Client Module.) -- C:\Windows\System32\atieclxx.exe [480768] [PID.4388]
[MD5.1EE789CC95F9A9B9B13BC0EF95E8EDE3] - (.Synaptics Incorporated - Synaptics TouchPad 32-bit Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2422512] [PID.5648]
[MD5.11A63449C7523DEE7976339C5371BFFC] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SynTP\SYNTPHELPER.EXE [168688] [PID.4100]
[MD5.F6F03907366C9589756B1DB56E0F2B31] - (.Atheros Communications, Inc. - Tray Utility for JumpStart for Wireless.) -- C:\Program Files\Jumpstart\jswtrayutil.exe [528384] [PID.4600]
[MD5.2583F9A2B7309D586F8E8AD81C3F7C51] - (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [104088] [PID.4620]
[MD5.B1227EEFFA56DA6D374169FFFFD17228] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360] [PID.4340]  =>Toolbar.Ask
[MD5.432F4E8794A2EA8A64E4C75EA80B790E] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\abo lith\AppData\Roaming\uTorrent\uTorrent.exe [1694560] [PID.5016]
[MD5.B12E97C2BE89CBBC1718D59062D7E388] - (.Copyright ©  2012 - DUC40.) -- C:\Program Files\No-IP\DUC40.exe [346624] [PID.5736]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.3824]
[MD5.C3967EE40D7D552B871C097AF863D51F] - (.VideoLAN - VLC media player 2.1.0.) -- C:\Program Files\VideoLAN\VLC\vlc.exe [126464] [PID.3728]
[MD5.C787243BCE8BBC14EF418E40FA06E4D0] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3878480] [PID.204]
[MD5.02DED435FCAA1C02959051AF636E154A] - (.www.shadowexplorer.com - ShadowExplorer.) -- C:\Program Files\ShadowExplorer\sesvc.exe [9216] [PID.5984]
[MD5.9AEEE0905CDB94C5CFFDC25613783BEA] - (.Alexander Roshal - WinRAR archiver.) -- C:\Program Files\WinRAR\WinRAR.exe [1230336] [PID.7680]

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (16) - 1s
P2 - EXT FILE: (...) -- C:\Users\abo lith\AppData\Roaming\Mozilla\Firefox\Profiles\4qnshrvt.default\extensions\toolbar_AVIRA-SP@apn.ask.com.xpi  =>Toolbar.Ask
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\amazondotcom.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml  =>PUP.Optional.WebsSearches
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia.xml
P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
P2 - EXT: (.Avira - Segurança do navegador Avira.) -- C:\Users\abo lith\AppData\Roaming\Mozilla\Firefox\Profiles\4qnshrvt.default\extensions\abs@avira.com
P2 - EXT: (. - .) -- C:\Users\abo lith\AppData\Roaming\Mozilla\Firefox\Profiles\4qnshrvt.default\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com
P2 - EXT: (. - CouTThePrice.) -- C:\Users\abo lith\AppData\Roaming\Mozilla\Firefox\Profiles\4qnshrvt.default\extensions\sAWavA@xJrz.edu
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS.) -- C:\Users\abo lith\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.1.0] - (.VideoLAN.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (11) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/  =>PUP.Optional.IsStart
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/  =>PUP.Optional.IsStart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/  =>PUP.Optional.IsStart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/  =>PUP.Optional.IsStart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/  =>PUP.Optional.IsStart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/  =>PUP.Optional.IsStart
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean  =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0

---\\ Internet Explorer, Proxy Management (R5) (3) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 1s
F2 - REG:system.ini: UserInit=C:\Windows\System32\Userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.)

---\\ Hosts file redirection (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Browser Helper Object (BHO) (O2) (3) - 0s
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Search App by Ask BHO - {41564952-412D-5350-00A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll" (.not file.)  =>PUP.Optional.BrowserTabSearch
O2 - BHO: CutThePrice - {A41A61F7-0357-49A7-9EF2-BF17F1816968} . (...) -- C:\Program Files\CutThePrice\nnXAITJ03pLgoB.dll

---\\ Internet Explorer Toolbars (O3) (1) - 0s
O3 - Toolbar: (no name) - [HKLM]{41564952-412D-5350-00A7-7A786E7484D7}  (Orphean)  =>Toolbar.Ask

---\\ Auto loading programs from Registry and folders (O4) (27) - 1s
O4 - HKLM\..\Run: [jswtrayutil] . (.Atheros Communications, Inc. - Tray Utility for JumpStart for Wireless.) -- C:\Program Files\Jumpstart\jswtrayutil.exe
O4 - HKLM\..\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [Andy] . (...) -- C:\Program Files\Andy\HandyAndy.exe
O4 - HKLM\..\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [Dropbox] . (.Dropbox, Inc. - Dropbox.) -- C:\Program Files\Dropbox\Client\Dropbox.exe
O4 - HKLM\..\Run: [SUPPOR~1] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files\Avira\Launcher\Avira.Systray.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe  =>Toolbar.Ask
O4 - HKLM\..\Run: [WINDOW~1] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\abo lith\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\abo lith\AppData\Roaming\uTorrent\uTorrent.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKCU\..\Run: [Camfrog] . (.Camshare, Inc. - Camfrog Video Chat.) -- C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [SUPPOR~1] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [WINDOW~1] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-207331112-4217359802-1020704246-1001\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\abo lith\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-207331112-4217359802-1020704246-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-207331112-4217359802-1020704246-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\abo lith\AppData\Roaming\uTorrent\uTorrent.exe
O4 - HKUS\S-1-5-21-207331112-4217359802-1020704246-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe
O4 - HKUS\S-1-5-21-207331112-4217359802-1020704246-1001\..\Run: [Camfrog] . (.Camshare, Inc. - Camfrog Video Chat.) -- C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKUS\S-1-5-21-207331112-4217359802-1020704246-1001\..\Run: [SUPPOR~1] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-207331112-4217359802-1020704246-1001\..\Run: [WINDOW~1] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe

---\\ Lop.com/Domain Hijackers (O17) (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.1.1

---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (26) - 2s
O23 - Service:  (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) . (.Avira Operations GmbH & Co. KG - Antivirus MailScanner WFP Service.) - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) . (.Avira Operations GmbH & Co. KG - AntiVir WebGuard WFP Service.) - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Ask Update Service (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe  =>Toolbar.Ask
O23 - Service: Avira Service Host (Avira.ServiceHost) . (.Avira Operations GmbH & Co. KG - Avira.ServiceHost.) - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc. - BlueStacks Service.) - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Camfrog Update Service (camfrog_update_service) . (.Camshare Inc. - Camfrog Video Chat update service.) - C:\Program Files\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) . (.Dropbox, Inc. - Dropbox Update.) - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DDNS Enterprise Client (DDNS Enterprise Client) . (.Dynamic DNS Services  http://www.dyndnsservices.com - DDNS Enterprise Windows Service..) - C:\Program Files\Enterprise DDNS Client\ddnsclient.exe
O23 - Service: JumpStart Push-Button Service (jswpbapi) . (.Atheros Communications, Inc. - JumpStart PushButton Service.) - C:\Program Files\Jumpstart\jswpbapi.exe
O23 - Service: MonectServerService (MonectServerService) . (...) - C:\Users\abo lith\Desktop\New folder\MonectServerService.exe (.not file.)
O23 - Service: Private Tunnel Core Service (ptservice) . (.OpenVPN Technologies, Inc - PrivateTunnel Service.) - C:\Program Files\OpenVPN Technologies\PrivateTunnel\ptservice.exe
O23 - Service: Realtek87B (Realtek87B) . (.Realtek - RtlService MFC Application.) - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
O23 - Service: Resentful Compassion (Resentful Compassion) . (...) - C:\Users\abo lith\AppData\Roaming\Resentful Compassion\Resentful Compassion.exe
O23 - Service: Service KMSELDI (Service KMSELDI) . (. - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe  =>PUA.KMSpico
O23 - Service: ShadowExplorer Service (sesvc) . (.www.shadowexplorer.com - ShadowExplorer.) - C:\Program Files\ShadowExplorer\sesvc.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: VMware Authorization Service (VMAuthdService) . (.VMware, Inc. - VMware Authorization Service.) - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) . (.VMware, Inc. - VMware VMnet DHCP service.) - C:\Windows\System32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) . (.VMware, Inc. - VMware USB Arbitration Service.) - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service (VMware NAT Service) . (.VMware, Inc. - VMware NAT Service.) - C:\Windows\System32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) . (...) - C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe

---\\ Task Planned Automatically (O39) (33) - 4s
[MD5.5447AF432CDA61159ADDE218C468FFD9] [APT] [AdobeAAMUpdater-1.0-abolith-abo lith] (.Adobe Systems Incorporated.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe   [500208]
[MD5.0D39C3A3D0AFCF87D9B64B977206C2EB] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe   [687104]  =>PUA.KMSpico
[MD5.6313BA5D7F348576758CE789AF7E548A] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe   [6405912]
[MD5.7C6D524C78A1722AD987B9E47AC1FEE2] [APT] [DropboxUpdateTaskMachineCore] (.Dropbox, Inc..) -- C:\Program Files\Dropbox\Update\DropboxUpdate.exe   [134512]
[MD5.7C6D524C78A1722AD987B9E47AC1FEE2] [APT] [DropboxUpdateTaskMachineUA] (.Dropbox, Inc..) -- C:\Program Files\Dropbox\Update\DropboxUpdate.exe   [134512]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001Core] (.Google Inc..) -- C:\Users\abo lith\AppData\Local\Google\Update\GoogleUpdate.exe   [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001UA] (.Google Inc..) -- C:\Users\abo lith\AppData\Local\Google\Update\GoogleUpdate.exe   [116648]
[MD5.1EE789CC95F9A9B9B13BC0EF95E8EDE3] [APT] [Synaptics TouchPad Enhancements] (.Synaptics Incorporated.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe   [2422512]
[MD5.00000000000000000000000000000000] [APT] [TextraPack] (.Synaptics Incorporated.) -- c:\programdata\{8cf07d9d-2792-4b77-8cf0-07d9d279f674}\game sex +18 girl porn.exe (.not file.)   [0]
[MD5.C3C53197EF659432AF8123C460E890F7] [APT] [WinThruster] (.Solvusoft Corporation.) -- C:\Program Files\WinThruster\WinThruster.exe   [7123376]
[MD5.C3C53197EF659432AF8123C460E890F7] [APT] [WinThruster_DEFAULT] (.Solvusoft Corporation.) -- C:\Program Files\WinThruster\WinThruster.exe   [7123376]
[MD5.C3C53197EF659432AF8123C460E890F7] [APT] [WinThruster_UPDATES] (.Solvusoft Corporation.) -- C:\Program Files\WinThruster\WinThruster.exe   [7123376]
O39 - APT: DropboxUpdateTaskMachineCore - (.Dropbox, Inc..) -- C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job   [912]
O39 - APT: DropboxUpdateTaskMachineUA - (.Dropbox, Inc..) -- C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job   [916]
O39 - APT: Automatic Planified Task - (...) -- C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5.job   [2450]  =>PUP.Optional.CrossRider
O39 - APT: Automatic Planified Task - (...) -- C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5_user.job   [2450]  =>PUP.Optional.CrossRider
O39 - APT: GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001Core - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001Core.job   [884]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001UA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001UA.job   [936]
O39 - APT: TextraPack - (.Synaptics Incorporated.) -- C:\Windows\Tasks\TextraPack.job   [404]
O39 - APT: WinThruster_DEFAULT - (.Solvusoft Corporation.) -- C:\Windows\Tasks\WinThruster_DEFAULT.job   [284]
O39 - APT: WinThruster_UPDATES - (.Solvusoft Corporation.) -- C:\Windows\Tasks\WinThruster_UPDATES.job   [292]
O39 - APT: AdobeAAMUpdater-1.0-abolith-abo lith - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-abolith-abo lith   [3494]
O39 - APT: AutoPico Daily Restart - (..) -- C:\Windows\System32\Tasks\AutoPico Daily Restart   [3710]  =>PUA.KMSpico
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC   [2794]
O39 - APT: DropboxUpdateTaskMachineCore - (.Dropbox, Inc..) -- C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore   [3652]
O39 - APT: DropboxUpdateTaskMachineUA - (.Dropbox, Inc..) -- C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA   [3888]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001Core - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001Core   [3508]
O39 - APT: GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001UA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-207331112-4217359802-1020704246-1001UA   [3888]
O39 - APT: Synaptics TouchPad Enhancements - (.Synaptics Incorporated.) -- C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements   [2990]
O39 - APT: TextraPack - (.Synaptics Incorporated.) -- C:\Windows\System32\Tasks\TextraPack   [3296]
O39 - APT: WinThruster - (.Solvusoft Corporation.) -- C:\Windows\System32\Tasks\WinThruster   [3094]
O39 - APT: WinThruster_DEFAULT - (.Solvusoft Corporation.) -- C:\Windows\System32\Tasks\WinThruster_DEFAULT   [2862]
O39 - APT: WinThruster_UPDATES - (.Solvusoft Corporation.) -- C:\Windows\System32\Tasks\WinThruster_UPDATES   [3018]

---\\ Software installed (O42) (209) - 31s
O42 - Logiciel: .NET Reactor - (.Eziriz.) [HKLM] -- .NET Reactor
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
O42 - Logiciel: Andy OS - (.Andy OS, Inc.) [HKLM] -- Andy OS
O42 - Logiciel: Assassin's Creed III - (.SCC-TDS.) [HKLM] -- Assassin's Creed III 1.0.0
O42 - Logiciel: AutoIt v3.3.14.0 - (.AutoIt Team.) [HKLM] -- AutoItv3
O42 - Logiciel: Avira Antivirus v15.0.11.579 - (.Avira Operations GmbH & Co. KG.) [HKLM] -- Avira Antivirus
O42 - Logiciel: BlueStacks App Player - (.BlueStack Systems, Inc..) [HKLM] -- BlueStacks App Player
O42 - Logiciel: Camfrog Video Chat 6.11 - (.Camshare, Inc..) [HKLM] -- Camfrog
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Adobe Media Player - (.Adobe Systems Incorporated.) [HKLM] -- com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Contenta Converter PREMIUM - (.Contenta Software.) [HKLM] -- ContentaConverter-PREMIUM
O42 - Logiciel: DeepSea Obfuscator v4 (4.0.3.31) - (...) [HKLM] -- DeepSea Obfuscator v4.0.3.31.Cracked.by.yoza[UpK]_is1
O42 - Logiciel: Dropbox - (.Dropbox, Inc..) [HKLM] -- Dropbox
O42 - Logiciel: DDNS Client -- Adams-Land Micro Systems - (...) [HKLM] -- Enterprise DDNS Client
O42 - Logiciel: FileViewPro - (.Solvusoft Corporation.) [HKLM] -- FileViewPro_is1
O42 - Logiciel: GOM Player - (.Gretech Corporation.) [HKLM] -- GOM Player
O42 - Logiciel: Inno Setup version 5.5.1 - (.jrsoftware.org.) [HKLM] -- Inno Setup 5_is1
O42 - Logiciel: Samsung Kies3 - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}
O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager
O42 - Logiciel: KMSpico v9.0.5.20131110 (RC) - (...) [HKLM] -- KMSpico_is1  =>PUA.KMSpico
O42 - Logiciel: Magic Photo Recovery 4.2 - (...) [HKLM] -- Magic Photo Recovery
O42 - Logiciel: Mozilla Firefox 39.0 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 39.0 (x86 en-US)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: No-IP DUC - (.Vitalwerks Internet Solutions LLC.) [HKLM] -- NoIPDUC
O42 - Logiciel: OpenAL - (...) [HKLM] -- OpenAL
O42 - Logiciel: PrivateTunnel - (.OpenVPN Technologies.) [HKLM] -- PrivateTunnel
O42 - Logiciel: Pro Evolution Soccer 2015 version 1.0 - (.Konami.) [HKLM] -- Pro Evolution Soccer 2015_is1
O42 - Logiciel: Resource Tuner 2.03 - (.Heaventools Software.) [HKLM] -- Resource Tuner_is1
O42 - Logiciel: SFX Compiler - (...) [HKLM] -- SFX Compiler
O42 - Logiciel: ShadowExplorer 0.9 - (.ShadowExplorer.com.) [HKLM] -- ShadowExplorer_is1
O42 - Logiciel: Smart Install Maker 5.03 - (...) [HKLM] -- Smart Install Maker 5.03
O42 - Logiciel: Smart Install Maker 5.04 - (.InstallBuilders.) [HKLM] -- Smart Install Maker 5.04
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: TAP-Windows 9.9.2 - (...) [HKLM] -- TAP-Windows
O42 - Logiciel: Tenorshare Photo Recovery  - (.Tenorshare, Inc..) [HKLM] -- Tenorshare Photo Recovery
O42 - Logiciel: TotalImageConverter - (.Softplicity, Inc..) [HKLM] -- Total Image Converter_is1
O42 - Logiciel: VLC media player 2.1.0 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: VMware Workstation - (.VMware, Inc.) [HKLM] -- VMware_Workstation
O42 - Logiciel: WinPcap 4.1.3 - (.Riverbed Technology, Inc..) [HKLM] -- WinPcapInst
O42 - Logiciel: WinRAR 5.00 beta 5 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: WinThruster - (.solvusoft Corporation.) [HKLM] -- WinThruster_is1
O42 - Logiciel: YouWave for Android - (...) [HKLM] -- YouWave
O42 - Logiciel: Visual C++ Compiler/Tools X86 X64 Cross Package - (.Microsoft Corporation.) [HKLM] -- {016F27F1-6335-32C1-BD4D-EDAC35FC0A0A}
O42 - Logiciel: Windows Espc Resource Package - (.Microsoft Corporation.) [HKLM] -- {0250C884-C3AF-3D3B-B415-643CF9F01714}
O42 - Logiciel: Windows Runtime Intellisense Content - en-us - (.Microsoft Corporation.) [HKLM] -- {0610DFB0-CCEA-6EC0-E3C3-A0160AD7FD98}
O42 - Logiciel: Visual C++ IDE Desktop Plus Package - (.Microsoft Corporation.) [HKLM] -- {06D88710-CFE2-319E-A152-E895DC2B64E6}
O42 - Logiciel: Visual C++ Professional Templates Package - (.Microsoft Corporation.) [HKLM] -- {08FF31B2-8FBD-3352-89AD-DD6D9C2BB22F}
O42 - Logiciel: Dropbox Update Helper - (.Dropbox, Inc..) [HKLM] -- {099218A5-A723-43DC-8DB5-6173656A1E94}
O42 - Logiciel: Visual C++ Library PGO X64 Package - (.Microsoft Corporation.) [HKLM] -- {0AC4A37A-C936-38B3-ACDA-66323EA43BCA}
O42 - Logiciel: Blend for Visual Studio SDK for Silverlight 5 - (.Microsoft Corporation.) [HKLM] -- {0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}
O42 - Logiciel: Visual C++ Library CRT Redist Resource Package - (.Microsoft Corporation.) [HKLM] -- {0C52B22E-97C0-3D90-8019-21954F393EFE}
O42 - Logiciel: Universal CRT Tools x86 - (.Microsoft Corporation.) [HKLM] -- {0D19389F-707A-A013-62AE-752E1C81A726}
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM] -- {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
O42 - Logiciel: VMware Workstation - (.VMware, Inc..) [HKLM] -- {0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}
O42 - Logiciel: REALTEK Wireless LAN Driver and Utility - (.REALTEK Semiconductor Corp..) [HKLM] -- {0DF70CB6-553A-4C57-8E6D-87635EECFB78}
O42 - Logiciel: Roslyn Language Services - x86 - (.Microsoft Corporation.) [HKLM] -- {12C7E475-97B8-3B24-A7D3-D5B03D0D1D9B}
O42 - Logiciel: Visual C++ Compiler/Tools Premium X86 Native Resource Package - (.Microsoft Corporation.) [HKLM] -- {12F27093-6F0B-3F60-BA7D-7463532F39D8}
O42 - Logiciel: Visual C++ Compiler/Tools Premium X86 X64 Cross Resource Package - (.Microsoft Corporation.) [HKLM] -- {15E11A26-A10E-39FF-8489-7E77E272D52A}
O42 - Logiciel: Tools for .Net 3.5 - (.Microsoft Corporation.) [HKLM] -- {1690CE56-2231-4E59-9006-A0876D949EA8}
O42 - Logiciel: Babel Obfuscator 4 - (.Alberto Ferrazzoli.) [HKLM] -- {17856158-5A86-4F9F-BC69-19129B2B3059}
O42 - Logiciel: Entity Framework 6.1.3 Tools  for Visual Studio 2015 - (.Microsoft Corporation.) [HKLM] -- {1A8A9739-BAD7-491F-B5B9-A79A2B965422}
O42 - Logiciel: Prerequisites for SSDT  - (.Microsoft Corporation.) [HKLM] -- {21373064-AD95-48DB-A32E-0D9E08EF7355}
O42 - Logiciel: Visual C++ Compiler/Tools Premium X86 X64 Cross Package - (.Microsoft Corporation.) [HKLM] -- {24FC0F0C-6A74-3004-9136-FA993B2AC059}
O42 - Logiciel: Visual C++ Library CRT Source Package - (.Microsoft Corporation.) [HKLM] -- {2746ED77-69F2-3D17-8E6F-CAE04FFAB2FE}
O42 - Logiciel: Visual C++ MSBuild Base Package - (.Microsoft Corporation.) [HKLM] -- {2A6B69C0-F373-3E0A-A08B-CA96F6E87910}
O42 - Logiciel: Visual C++ Professional Shared Templates Resource Package - (.Microsoft Corporation.) [HKLM] -- {312071FD-A1A5-3C18-9557-50F65A057936}
O42 - Logiciel: Visual C++ MSBuild X64 Package - (.Microsoft Corporation.) [HKLM] -- {34F1C823-A722-3CEE-AE37-5E093D8D5099}
O42 - Logiciel: Windows Software Development Kit for Windows Store Apps - (.Microsoft Corporation.) [HKLM] -- {37464E70-B0B9-9DFF-649A-CBE169BAD657}
O42 - Logiciel: Blend for Visual Studio SDK for .NET 4.5 - (.Microsoft Corporation.) [HKLM] -- {37E53780-3944-4A6A-842F-727128E8616E}
O42 - Logiciel: Roslyn Language Services - x86 - (.Microsoft Corporation.) [HKLM] -- {386C29BB-2CEA-3511-89A0-D78306B139AA}
O42 - Logiciel: Oracle VM VirtualBox 4.3.20 - (.Oracle Corporation.) [HKLM] -- {3ACD85F2-BD6D-44FE-8CAE-5C1C3757ED7E}
O42 - Logiciel: Visual C++ Library PGO X86 Package - (.Microsoft Corporation.) [HKLM] -- {3D5C8D3A-132A-3A92-AFD6-C8E72A8ED00D}
O42 - Logiciel: Visual C++ Library PGO ARM Package - (.Microsoft Corporation.) [HKLM] -- {3DBED308-12EF-3EC1-A593-EE23799077F9}
O42 - Logiciel: Visual C++ IDE Common Resource Package - (.Microsoft Corporation.) [HKLM] -- {3E9546FC-AC91-36DE-9449-7D2C3EB257D3}
O42 - Logiciel: Adobe Photoshop CS5 - (.Adobe Systems Incorporated.) [HKLM] -- {3EB745BA-194F-4475-9164-B20BB2172395}
O42 - Logiciel: Visual C++ Professional Shared Templates Package - (.Microsoft Corporation.) [HKLM] -- {3F67DD02-AB6C-3FAB-A881-E96D7FF723C5}
O42 - Logiciel: Multi-Device Hybrid Apps using C# - Templates - ENU - (.Microsoft Corporation.) [HKLM] -- {3F9C5688-4EFD-3263-9CF8-C064339483C9}
O42 - Logiciel: Visual C++ Compiler/Tools Premium X86 ARM Cross Resource Package - (.Microsoft Corporation.) [HKLM] -- {40831FBF-4095-3605-81D9-D2BDE7869128}
O42 - Logiciel: Search App by Ask - (.APN, LLC.) [HKLM] -- {41564952-412D-5350-00A7-A758B70C1D00}  =>PUP.Optional.BrowserTabSearch
O42 - Logiciel: Visual F# 4.0 VS - (.Microsoft Corporation.) [HKLM] -- {42FE610D-915D-3E33-8BD1-820D6BD16B4D}
O42 - Logiciel: Universal CRT Redistributable - (.Microsoft Corporation.) [HKLM] -- {43520E1F-06FE-6D91-2B8A-AF92B30B62E9}
O42 - Logiciel: BlueStacks Notification Center - (.BlueStack Systems, Inc..) [HKLM] -- {44181DF6-2751-48C7-B918-72F14508F127}
O42 - Logiciel: SmartAssembly 6 - (.Red Gate Software Ltd.) [HKLM] -- {4838DBA4-D915-4B9A-BFBC-DD0254638799}
O42 - Logiciel: Hex Workshop v6 - (.BreakPoint Software.) [HKLM] -- {48FE73F3-4C3A-4871-BCD0-A7726A08BD64}
O42 - Logiciel: Visual C++ IDE Windows Express Plus Package - (.Microsoft Corporation.) [HKLM] -- {4A800142-34D6-31A4-B17B-9232D46EDFF0}
O42 - Logiciel: Microsoft Azure Storage for Connected Services - (.Microsoft Corporation.) [HKLM] -- {4BC1D6E7-CECC-49B2-A09F-777BFD770AF8}
O42 - Logiciel: Microsoft Games for Windows Marketplace - (.Microsoft Corporation.) [HKLM] -- {4CB0307C-565E-4441-86BE-0DF2E4FB828C}
O42 - Logiciel: Visual C++ Library ATL Source Package - (.Microsoft Corporation.) [HKLM] -- {4E0B1A72-0E6D-3300-9AAF-6D89FB7606D6}
O42 - Logiciel: Visual C++ Library CRT X64 Store Package - (.Microsoft Corporation.) [HKLM] -- {4F79E969-2B33-3D9F-9CCF-57880E6B7DBC}
O42 - Logiciel: IIS 10.0 Express - (.Microsoft Corporation.) [HKLM] -- {52FB9588-DA23-41E5-90D2-D857AE52FE10}
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {54194F60-988C-4D03-B922-C2B00EFDA39A}
O42 - Logiciel: Windows App Certification Kit Native Components - (.Microsoft Corporation.) [HKLM] -- {550760A2-DC4A-CD2B-3C1B-01E0F9F1279E}
O42 - Logiciel: Visual C++ Compiler/Tools Premium X86 Native Package - (.Microsoft Corporation.) [HKLM] -- {5563CD7C-0EFF-3097-A833-082F849B8AFB}
O42 - Logiciel: TypeScript Power Tool - (.Microsoft Corporation.) [HKLM] -- {55F8616F-FF50-43F4-B8C3-BF5EC69AAF86}
O42 - Logiciel: Windows Software Development Kit for Windows Store Apps DirectX x86 Remote - (.Microsoft Corporation.) [HKLM] -- {56AD3004-0B49-967F-F682-B05650B61A78}
O42 - Logiciel: Microsoft .NET Version Manager (x86) 1.0.0-beta4 - (.Microsoft Corporation.) [HKLM] -- {5d578f40-5dcf-39e3-82b5-a8691760e3a8}
O42 - Logiciel: Visual C++ MSBuild Base Resource Package - (.Microsoft Corporation.) [HKLM] -- {5DCE203A-A712-3F4F-A9DA-1004FEC9F68B}
O42 - Logiciel: Visual C++ IDE Common Package - (.Microsoft Corporation.) [HKLM] -- {62FCBF72-D009-3E26-A732-E16B6B1C9D19}
O42 - Logiciel: Visual C++ Compiler/Tools Premium X86 Base Resource Package - (.Microsoft Corporation.) [HKLM] -- {6446382A-79BE-3AA3-B8AE-C334519468EB}
O42 - Logiciel: Microsoft Web Deploy 3.6 Beta3 - (.Microsoft Corporation.) [HKLM] -- {6619C1BD-80A3-42A6-A7D6-12EA19C1767A}
O42 - Logiciel: .NET Reactor - (.Eziriz.) [HKLM] -- {6732AE9F-CE1A-4DC7-A18D-A23CAA99724C}
O42 - Logiciel: Visual C++ IDE Debugger Package - (.Microsoft Corporation.) [HKLM] -- {67F42088-BDE4-3675-9B67-AC470628D099}
O42 - Logiciel: Tools for Apache Cordova - Templates - ENU - (.Microsoft Corporation.) [HKLM] -- {6D0F7998-D4FF-3046-8C4F-38091C103AF7}
O42 - Logiciel: Visual C++ Compiler/Tools Premium X86 Base Package - (.Microsoft Corporation.) [HKLM] -- {6D9DAEEE-2427-39B2-98D5-A9D4A3D9A86A}
O42 - Logiciel: Microsoft System CLR Types for SQL Server 2014 - (.Microsoft Corporation.) [HKLM] -- {718FFB65-F6E4-4D62-861F-ED10ED32C936}
O42 - Logiciel: Microsoft Report Viewer Add-On for Visual Studio 2015 - (.Microsoft Corporation.) [HKLM] -- {72EE4C5A-375A-473F-80F3-0932648D54CF}
O42 - Logiciel: Python Tools Redirection Template - (.Microsoft Corporation.) [HKLM] -- {73E8C006-8839-4F7E-9D97-6E6444BC1E2E}
O42 - Logiciel: Microsoft Build Tools 14.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {74A1938C-2129-4DB8-9980-BD75BA755EC6}
O42 - Logiciel: Visual C++ CRT Headers Package - (.Microsoft Corporation.) [HKLM] -- {751EF7F1-4CC8-3805-A254-AAD77EE95A40}
O42 - Logiciel: Visual C++ IDE Professional Plus Resource Package - (.Microsoft Corporation.) [HKLM] -- {76BA1807-783A-32CE-8EF7-AFE8C5DF7E46}
O42 - Logiciel: Windows App Certification Kit x86 - (.Microsoft Corporation.) [HKLM] -- {76FF502F-6811-F75B-2FEB-0B69BB584031}
O42 - Logiciel: Dotfuscator and Analytics Community Edition 5.18.0 - (.PreEmptive Solutions.) [HKLM] -- {7C361160-7ADC-46CE-AFDC-D10C6EADD032}
O42 - Logiciel: "Thief" - (...) [HKLM] -- {7CEA3557-5E36-49EE-9CBF-504EEA99E0DE}_is1
O42 - Logiciel: Visual C++ Library PGO Headers Package - (.Microsoft Corporation.) [HKLM] -- {81B323F4-9779-3F7E-97C7-752014E14FB7}
O42 - Logiciel: ccleaner version 1.5 - (.My Company, Inc..) [HKLM] -- {86417732-0ECF-4E69-8D78-BA1962B0E364}_is1
O42 - Logiciel: Samsung Kies3 - (.Samsung Electronics Co., Ltd..) [HKLM] -- {88547073-C566-4895-9005-EBE98EA3F7C7}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Visual C++ IDE Desktop Plus Resource Package - (.Microsoft Corporation.) [HKLM] -- {8AE65D69-29D3-38A3-83E4-F01A090C8BC3}
O42 - Logiciel: Visual F# 4.0 SDK - (.Microsoft Corporation.) [HKLM] -- {8BD70BC9-9029-3396-B103-BECEB174553C}
O42 - Logiciel: Visual C++ IDE Debugger Resource Package - (.Microsoft Corporation.) [HKLM] -- {8CEA6D31-AC95-3869-91EE-F55C2925F13B}
O42 - Logiciel: Visual C++ Compiler/Tools X86 Base Resource Package - (.Microsoft Corporation.) [HKLM] -- {8F84DBC5-8CF6-3BA7-A3FD-D41633DE78E2}
O42 - Logiciel: Update for Skype for Business 2015 (KB3054946) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}
O42 - Logiciel: Microsoft Access MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0015-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Excel MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0016-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft PowerPoint MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0018-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Publisher MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0019-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Outlook MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001A-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Word MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001B-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft InfoPath MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0044-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft DCF MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0090-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft OneNote MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00A1-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Groove MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00BA-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0117-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Lync MUI (English) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-012B-0409-0000-0000000FF1CE}
O42 - Logiciel: Update for Skype for Business 2015 (KB3054946) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}
O42 - Logiciel: Update for Skype for Business 2015 (KB2889853) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}
O42 - Logiciel: Windows Espc Package - (.Microsoft Corporation.) [HKLM] -- {91ED4EF1-B949-34EF-A900-A38B4CC4F853}
O42 - Logiciel: Visual C++ Compiler/Tools Premium ARM Base Resource Package - (.Microsoft Corporation.) [HKLM] -- {92D7352F-9094-3F78-96F3-C9D8E7CBB58C}
O42 - Logiciel: PreEmptive Analytics Visual Studio Components - (.PreEmptive Solutions.) [HKLM] -- {943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}
O42 - Logiciel: Windows Software Development Kit - (.Microsoft Corporation.) [HKLM] -- {984022F2-9BCA-A41D-6A38-1AE658F01415}
O42 - Logiciel: Visual C++ Library CRT ARM Desktop Package - (.Microsoft Corporation.) [HKLM] -- {9A0BE499-888A-3B91-B107-22E5BEFEC491}
O42 - Logiciel: Microsoft Expression Blend SDK for .NET 4 - (.Microsoft Corporation.) [HKLM] -- {9B3A1C97-A361-463E-8817-444F9F88CDFE}
O42 - Logiciel: Universal CRT Headers Libraries and Sources - (.Microsoft Corporation.) [HKLM] -- {9B81D7A3-34D8-D8A5-614F-AE14A396C8BE}
O42 - Logiciel: Visual C++ Compiler/Tools Premium ARM Base Package - (.Microsoft Corporation.) [HKLM] -- {9BAA55DD-907D-345D-864D-811A83D09C04}
O42 - Logiciel: Visual C++ Compiler/Tools X86 ARM Cross Resource Package - (.Microsoft Corporation.) [HKLM] -- {9E1BCC5F-2C31-311F-BEB2-18E0426633C7}
O42 - Logiciel: Microsoft Azure Mobile Services SDK V2.0 - (.Microsoft Corporation.) [HKLM] -- {A00EC54A-CE16-4CF6-A14A-5CF81A1FE03F}
O42 - Logiciel: Windows Software Development Kit DirectX x86 Remote - (.Microsoft Corporation.) [HKLM] -- {A1CB8286-CFB3-A985-D799-721A0F2A27F3}
O42 - Logiciel: Assassin's Creed III - (.SCC-TDS.) [HKLM] -- {A29C1CCD-8F7E-4471-8F35-346B232E7297}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {A2BCA9F1-566C-4805-97D1-7FDC93386723}
O42 - Logiciel: CutThePrice - (...) [HKLM] -- {A2C98B47-B5F4-94AA-281D-4135416774CF}
O42 - Logiciel: Visual C++ Compiler/Tools X86 X64 Cross Resource Package - (.Microsoft Corporation.) [HKLM] -- {A3384E5F-BC18-33BC-8F67-A229916C3B7E}
O42 - Logiciel: Visual C++ Library ATL X86 Package - (.Microsoft Corporation.) [HKLM] -- {A3754561-0278-3CD3-99AC-5AC21B79124D}
O42 - Logiciel: Visual C++ Library ATL ARM Package - (.Microsoft Corporation.) [HKLM] -- {A4A5B4AA-67EC-3BDB-927B-8463BEB19F1E}
O42 - Logiciel: Avira v1.1.42.10415 - (.Avira Operations GmbH & Co. KG.) [HKLM] -- {a5e00a72-db4a-4f77-8874-d1265b8fcd7e}
O42 - Logiciel: Visual C++ Library CRT X64 Desktop Package - (.Microsoft Corporation.) [HKLM] -- {A7004776-FB9A-309A-9ADD-14F5DEE43F39}
O42 - Logiciel: PDF Settings CS5 - (.Adobe Systems Incorporated.) [HKLM] -- {A78FE97A-C0C8-49CE-89D0-EDD524A17392}
O42 - Logiciel: Visual C++ Library CRT X86 Store Package - (.Microsoft Corporation.) [HKLM] -- {A80E918F-F2CE-3182-B7C1-0880219601EF}
O42 - Logiciel: IIS Express Application Compatibility Database for x86 - (...) [HKLM] -- {ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb
O42 - Logiciel: AzureTools.Notifications - (.Microsoft Corporation.) [HKLM] -- {AE75FA48-59DB-4C47-9B34-756093C15213}
O42 - Logiciel: Jumpstart Installation Program - (.Atheros.) [HKLM] -- {B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}
O42 - Logiciel: Visual C++ IDE Base Resource Package - (.Microsoft Corporation.) [HKLM] -- {B2568505-31DD-382D-8012-3EDC15E4A10F}
O42 - Logiciel: PowerShellIntegration.Notifications - (.Microsoft Corporation.) [HKLM] -- {B330548B-1EBE-429C-AA47-FC12748FA18F}
O42 - Logiciel: Visual C++ Library PGO X86 Package - (.Microsoft Corporation.) [HKLM] -- {B3853AF5-B77A-36F1-934B-1F675D416423}
O42 - Logiciel: Avira v1.1.42.10415 - (.Avira Operations GmbH & Co. KG.) [HKLM] -- {B4A68153-E9A2-4BC1-96C3-BEE5F56E788D}
O42 - Logiciel: Emex 3 - (.EMMA Labs.) [HKLM] -- {B6612124-BB66-459B-9889-0D5C74118145}
O42 - Logiciel: Visual C++ IDE Base Package - (.Microsoft Corporation.) [HKLM] -- {B79A23CA-1142-3D76-9188-9A6F8CF06BD6}
O42 - Logiciel: Visual C++ IDE Professional Plus Package - (.Microsoft Corporation.) [HKLM] -- {BEDCAF5F-B83D-34C2-8C28-21AABA3B4360}
O42 - Logiciel: Visual Studio 2012 Verification SDK - enu - (.Microsoft Corporation.) [HKLM] -- {C0760307-5570-321F-B274-4647CAD7D582}
O42 - Logiciel: Visual C++ Compiler/Tools X86 Base Package - (.Microsoft Corporation.) [HKLM] -- {C58578DB-FBF2-30C8-A130-6AE2BDC613D5}
O42 - Logiciel: Visual C++ Compiler/Tools X86 Native Resource Package - (.Microsoft Corporation.) [HKLM] -- {C5F6D14A-084C-32F6-804F-CE137914F840}
O42 - Logiciel: CodeWall 2010 - (.CodeWall Technologies.) [HKLM] -- {C7C5B9D0-B580-465B-8856-93CC133DCB26}_is1
O42 - Logiciel: Microsoft Azure Shared Components for Visual Studio 2015 - v1.4 - (.Microsoft Corporation.) [HKLM] -- {C8DA2F02-766C-4A0C-9500-2310D882A3F7}
O42 - Logiciel: IconChanger - (...) [HKLM] -- {C912EFA0-0076-11d5-B04A-BD6C80DF2479}
O42 - Logiciel: Visual C++ MSBuild X86 Package - (.Microsoft Corporation.) [HKLM] -- {CB3F4820-5E71-3F6D-9CE9-AF8DA70D9AD1}
O42 - Logiciel: Visual C++ Professional Templates Resource Package - (.Microsoft Corporation.) [HKLM] -- {CBE92AE7-AB5C-39B5-AF2E-4B90E80B8DCC}
O42 - Logiciel: Visual C++ Professional Items Package - (.Microsoft Corporation.) [HKLM] -- {CE4E3A70-FD47-3CEF-8557-093A9CDFFB02}
O42 - Logiciel: Microsoft NuGet - Visual Studio 2015 - (.Microsoft Corporation.) [HKLM] -- {CECE20DE-337E-338E-B371-04CCD974B111}
O42 - Logiciel: Update for  (KB2504637) - (.Microsoft Corporation.) [HKLM] -- {CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44}
O42 - Logiciel: Visual C++ Professional Items Resource Package - (.Microsoft Corporation.) [HKLM] -- {D0EE697D-711A-3A92-A33E-965D85D52ADE}
O42 - Logiciel: Application Insights Tools for Visual Studio 2015 RC - (.Microsoft Corporation.) [HKLM] -- {D160EB10-3249-44B8-91FE-FA266004BE3E}
O42 - Logiciel: Yano - (.NToolbox.) [HKLM] -- {D3EC2BBF-022A-4B16-8FE7-84D74040B146}
O42 - Logiciel: Visual C++ for Cross Platform Mobile Development - Templates - ENU - (.Microsoft Corporation.) [HKLM] -- {D61E381C-9D13-37C2-A3EC-3E629BCE62C9}
O42 - Logiciel: Visual C++ Compiler/Tools Premium X86 ARM Cross Package - (.Microsoft Corporation.) [HKLM] -- {D8C3A0F7-2D3E-3427-88FC-BEB44BB29E52}
O42 - Logiciel: Visual C++ Compiler/Tools X86 Native Package - (.Microsoft Corporation.) [HKLM] -- {DB4B3E9D-5EAB-3337-AC99-8287B2A89095}
O42 - Logiciel: Visual C++ Library CRT X86 Desktop Package - (.Microsoft Corporation.) [HKLM] -- {DD389342-5783-3A55-A406-BAD31112E7F5}
O42 - Logiciel: Visual C++ Library CRT ARM Store Package - (.Microsoft Corporation.) [HKLM] -- {DE2A98E4-FB9C-32DD-8CD0-67741687A5EB}
O42 - Logiciel: Adobe Media Player - (.Adobe Systems Incorporated.) [HKLM] -- {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
O42 - Logiciel: Visual C++ Library CRT ARM Redist Package - (.Microsoft Corporation.) [HKLM] -- {E9B3B495-54B3-3061-9559-D531DF1C0CAB}
O42 - Logiciel: Visual C++ Library CRT X86 Redist Package - (.Microsoft Corporation.) [HKLM] -- {ED262496-83FE-3A7B-863F-6161E2AE9AB2}
O42 - Logiciel: Visual C++ Compiler/Tools X86 ARM Cross Package - (.Microsoft Corporation.) [HKLM] -- {EE58BC3C-FB76-35EA-90D9-8552B1DF6CCD}
O42 - Logiciel: Download Windows Universal Tools - (.Microsoft Corporation.) [HKLM] -- {EFA507A3-9D2B-37E3-8530-8EC1FFA750C5}
O42 - Logiciel: Microsoft Azure Mobile Services Tools for Visual Studio - v1.4 - (.Microsoft Corporation.) [HKLM] -- {F06CDDED-8E4D-4E06-B218-43C1139A7FC1}
O42 - Logiciel: ÞåÑ ÃæäáÇíä 2.0 - (.TQ Digital Entertainment Inc..) [HKLM] -- {F0DEF3E8-F478-4918-BC22-3D72DF367BEE}_is1
O42 - Logiciel: Visual C++ MSBuild ARM Package - (.Microsoft Corporation.) [HKLM] -- {F244CACD-240B-3041-B9FC-B5C636A7FC3A}
O42 - Logiciel: Microsoft Games for Windows - LIVE Redistributable - (.Microsoft Corporation.) [HKLM] -- {F2508213-9989-4E85-A078-72BE483917EF}
O42 - Logiciel: Windows XP Targeting with C++ - (.Microsoft Corporation.) [HKLM] -- {F361FE04-789E-42F3-BBAB-E7B380AA5E06}
O42 - Logiciel: Visual C++ Library CRT X64 Redist Package - (.Microsoft Corporation.) [HKLM] -- {F4D7B763-1670-3A1A-9294-36A65651F3F3}
O42 - Logiciel: Microsoft Portable Library Multi-Targeting Pack Language Pack - enu - (.Microsoft Corporation.) [HKLM] -- {F4E9C543-01F6-3C40-A0E7-9FC64EBAFFA9}
O42 - Logiciel: Visual C++ Library ATL X64 Package - (.Microsoft Corporation.) [HKLM] -- {F6FDB536-EFA0-3DDE-B884-0583D7630F4E}
O42 - Logiciel: WCF Data Services 5.6.2 Runtime - (.Microsoft Corporation.) [HKLM] -- {F9843E68-4E61-41B0-946E-66989DB35902}
O42 - Logiciel: Microsoft Build Tools Language Resources 14.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {F984684E-1B49-4305-BF33-A55E3A814BAD}
O42 - Logiciel: Visual C++ Library ATL Headers Package - (.Microsoft Corporation.) [HKLM] -- {FC63903E-7C8A-35BE-A1DD-0ED14C139610}
O42 - Logiciel: Microsoft Portable Library Multi-Targeting Pack - (.Microsoft Corporation.) [HKLM] -- {FF6A1055-AA6A-3579-A862-5DBD0CCF782C}
O42 - Logiciel: tools-windows - (.VMware, Inc..) [HKLM] -- {FFD9383C-01D5-4897-A954-43AF599AED30}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU] -- UnityWebPlayer
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent

---\\ HKCU & HKLM Software Keys (163) - 31s
HKLM\SOFTWARE\Adobe
HKLM\SOFTWARE\AGEIA Technologies
HKLM\SOFTWARE\Alien Skin
HKLM\SOFTWARE\AMD
HKLM\SOFTWARE\AppDataLow
HKLM\SOFTWARE\Atheros
HKLM\SOFTWARE\ATI
HKLM\SOFTWARE\ATI Technologies
HKLM\SOFTWARE\AutoIt v3
HKLM\SOFTWARE\Avira
HKLM\SOFTWARE\BlueStacks
HKLM\SOFTWARE\BreakPoint
HKLM\SOFTWARE\Camfrog
HKLM\SOFTWARE\Caphyon
HKLM\SOFTWARE\Dropbox
HKLM\SOFTWARE\DropboxUpdate
HKLM\SOFTWARE\EA Games
HKLM\SOFTWARE\Electronic Arts
HKLM\SOFTWARE\Eset
HKLM\SOFTWARE\GoForFiles
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\GRETECH
HKLM\SOFTWARE\IM Providers
HKLM\SOFTWARE\InstalledOptions
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\Internet Download Manager
HKLM\SOFTWARE\iSkysoft
HKLM\SOFTWARE\Javasoft
HKLM\SOFTWARE\Khronos
HKLM\SOFTWARE\KONAMI
HKLM\SOFTWARE\Licenses
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\Malwarebytes' Anti-Malware
HKLM\SOFTWARE\MimarSinan
HKLM\SOFTWARE\Monect
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\NuGet
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\Oracle
HKLM\SOFTWARE\Piriform
HKLM\SOFTWARE\PrivateTunnel
HKLM\SOFTWARE\REALTEK Semiconductor Corp.
HKLM\SOFTWARE\Red Gate
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\RtWLan
HKLM\SOFTWARE\SAMSUNG
HKLM\SOFTWARE\Shell Labs
HKLM\SOFTWARE\Solvusoft
HKLM\SOFTWARE\SuppHelpDir
HKLM\SOFTWARE\Synaptics
HKLM\SOFTWARE\TallApplications
HKLM\SOFTWARE\TAP-Windows
HKLM\SOFTWARE\Thingummy Software
HKLM\SOFTWARE\ThinPrint
HKLM\SOFTWARE\TOSHIBA
HKLM\SOFTWARE\TP-LINK
HKLM\SOFTWARE\Tqdigital
HKLM\SOFTWARE\Ubisoft
HKLM\SOFTWARE\Valve
HKLM\SOFTWARE\VideoLAN
HKLM\SOFTWARE\VMware, Inc.
HKLM\SOFTWARE\Volatile
HKLM\SOFTWARE\webssearchesSoftware  =>PUP.Optional.WebsSearches
HKLM\SOFTWARE\WIBU-SYSTEMS
HKLM\SOFTWARE\WinPcap
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\X-AVCSD
HKCU\SOFTWARE\--((Mutex))--
HKCU\SOFTWARE\2977511028ce8f07a28d638a1639bb60  =>PUP.Optional.CrossRider
HKCU\SOFTWARE\3884007ee45cef6a80df0789049ee115  =>PUP.Optional.CrossRider
HKCU\SOFTWARE\7PhotoRecovery
HKCU\SOFTWARE\90bb8f7e920b8c42b00542e139f7cca8  =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\af7bf56e8791ace7786e8847bbd31524  =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Andy
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\AskPartnerNetwork  =>Toolbar.Ask
HKCU\SOFTWARE\ASProtect
HKCU\SOFTWARE\Atheros
HKCU\SOFTWARE\ATI
HKCU\SOFTWARE\AutoIt v3
HKCU\SOFTWARE\Avira
HKCU\SOFTWARE\BIFROST1.2  =>Trojan.Bifrose
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\BreakPoint
HKCU\SOFTWARE\BreakPoint License Manager
HKCU\SOFTWARE\Camfrog
HKCU\SOFTWARE\Caphyon
HKCU\SOFTWARE\CodeWall
HKCU\SOFTWARE\contentasoftware
HKCU\SOFTWARE\DownloadManager
HKCU\SOFTWARE\Dropbox
HKCU\SOFTWARE\DropboxUpdate
HKCU\SOFTWARE\drpsu
HKCU\SOFTWARE\East Imperial Soft
HKCU\SOFTWARE\Eidos Montreal
HKCU\SOFTWARE\EMMA Labs
HKCU\SOFTWARE\Enterprise DDNS Client
HKCU\SOFTWARE\ESET
HKCU\SOFTWARE\feef32027c0d4b2b420997f004b00720  =>PUP.Optional.CrossRider
HKCU\SOFTWARE\file repair
HKCU\SOFTWARE\FLT
HKCU\SOFTWARE\GetData
HKCU\SOFTWARE\GoforFiles
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\GRETECH
HKCU\SOFTWARE\Heaventools
HKCU\SOFTWARE\iCarePro
HKCU\SOFTWARE\iCare_Vesion
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\Indigo Rose
HKCU\SOFTWARE\InstallBuilders
HKCU\SOFTWARE\Javasoft
HKCU\SOFTWARE\Jordan Russell
HKCU\SOFTWARE\Licenses
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\MediaChance
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\njRAT v0.5.0
HKCU\SOFTWARE\njRAT v0.7d
HKCU\SOFTWARE\NToolbox
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\Oracle
HKCU\SOFTWARE\Piriform
HKCU\SOFTWARE\Psiphon3
HKCU\SOFTWARE\Recovery Software
HKCU\SOFTWARE\Red Gate
HKCU\SOFTWARE\Red Gate Software Ltd
HKCU\SOFTWARE\RegisteredApplications
HKCU\SOFTWARE\Samsung
HKCU\SOFTWARE\Shell Labs
HKCU\SOFTWARE\skype
HKCU\SOFTWARE\SkypeRS
HKCU\SOFTWARE\SmartLine Vision
HKCU\SOFTWARE\Softplicity
HKCU\SOFTWARE\Solvusoft
HKCU\SOFTWARE\SpyGate-RAT Builder v 2.9
HKCU\SOFTWARE\SpyGate-RAT Builder v 3.2
HKCU\SOFTWARE\SpyNetRAT-DISCLAIMER
HKCU\SOFTWARE\Square Enix
HKCU\SOFTWARE\SupHpUISoft  =>PUP.Optional.CrossRider
HKCU\SOFTWARE\Synaptics
HKCU\SOFTWARE\TallApplications
HKCU\SOFTWARE\Tqdigital
HKCU\SOFTWARE\Trolltech
HKCU\SOFTWARE\Turkojan
HKCU\SOFTWARE\Ubisoft
HKCU\SOFTWARE\Unity
HKCU\SOFTWARE\Valve
HKCU\SOFTWARE\Vitalwerks
HKCU\SOFTWARE\VMware, Inc.
HKCU\SOFTWARE\WebApp
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\YouWave Android
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\ThinPrint
HKCU\SOFTWARE\AppDataLow\Software\Unity

---\\ Contents of the Common Files folders (O43) (335) - 22s
O43 - CFD: 2015/07/14 11:11:39 - [] D -- C:\Program Files\7-Data Photo Recovery
O43 - CFD: 2014/12/11 22:22:17 - [] D -- C:\Program Files\Adobe
O43 - CFD: 2014/12/11 22:20:37 - [] D -- C:\Program Files\Adobe Media Player
O43 - CFD: 2014/08/03 07:00:13 - [] D -- C:\Program Files\AMD
O43 - CFD: 2015/01/15 13:37:36 - [] D -- C:\Program Files\Andy
O43 - CFD: 2015/01/15 13:29:28 - [] D -- C:\Program Files\AndyDrivers
O43 - CFD: 2015/01/10 22:38:36 - [0] D -- C:\Program Files\AndyOfflineInstaller
O43 - CFD: 2015/01/15 13:28:59 - [] D -- C:\Program Files\AndyOfflineInstaller42
O43 - CFD: 2015/07/15 06:12:55 - [] D -- C:\Program Files\AppInsights
O43 - CFD: 2015/07/15 08:07:57 - [] D -- C:\Program Files\Application Verifier
O43 - CFD: 2015/07/17 11:23:04 - [] D -- C:\Program Files\AskPartnerNetwork  =>Toolbar.Ask
O43 - CFD: 2014/09/29 14:08:10 - [] D -- C:\Program Files\Assassins Creed IV Black Flag
O43 - CFD: 2015/07/13 20:55:23 - [] D -- C:\Program Files\AutoIt3
O43 - CFD: 2015/07/17 11:18:28 - [] D -- C:\Program Files\Avira
O43 - CFD: 2015/07/13 20:32:31 - [] D -- C:\Program Files\Babel
O43 - CFD: 2015/01/11 16:34:33 - [] D -- C:\Program Files\BlueStacks
O43 - CFD: 2015/07/11 13:11:27 - [] D -- C:\Program Files\BreakPoint Software
O43 - CFD: 2015/07/16 20:03:46 - [] D -- C:\Program Files\Camfrog
O43 - CFD: 2015/07/14 18:51:51 - [] D -- C:\Program Files\CCleaner
O43 - CFD: 2015/07/17 11:27:39 - [] D -- C:\Program Files\ccleaner2
O43 - CFD: 2015/05/05 00:21:09 - [] D -- C:\Program Files\CodeMeter
O43 - CFD: 2015/07/13 21:12:30 - [] D -- C:\Program Files\CodeWall 4
O43 - CFD: 2015/07/15 07:57:04 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2015/05/06 18:51:05 - [] D -- C:\Program Files\ContentaConverter-PREMIUM
O43 - CFD: 2015/07/18 00:03:55 - [] D -- C:\Program Files\CouTThePrice
O43 - CFD: 2015/07/18 00:04:31 - [] D -- C:\Program Files\CutThePrice
O43 - CFD: 2015/07/13 21:11:30 - [] D -- C:\Program Files\DeepSea Obfuscator 4
O43 - CFD: 2015/02/10 15:46:11 - [] D -- C:\Program Files\Disney Interactive Studios
O43 - CFD: 2015/07/15 12:24:02 - [] D -- C:\Program Files\Dropbox
O43 - CFD: 2015/05/05 22:46:55 - [] D -- C:\Program Files\East Imperial Soft
O43 - CFD: 2015/05/06 15:36:18 - [] D -- C:\Program Files\Enigma Software Group  =>.Enigma Software
O43 - CFD: 2015/07/11 11:06:44 - [] D -- C:\Program Files\Enterprise DDNS Client
O43 - CFD: 2015/07/18 16:21:56 - [] D -- C:\Program Files\ESET
O43 - CFD: 2015/07/15 02:21:52 - [] D -- C:\Program Files\Eziriz
O43 - CFD: 2015/05/06 10:32:50 - [] D -- C:\Program Files\FileViewPro
O43 - CFD: 2015/07/17 23:28:54 - [] D -- C:\Program Files\game sex +18 girl porn
O43 - CFD: 2014/08/04 18:51:59 - [] D -- C:\Program Files\Google
O43 - CFD: 2014/08/05 08:37:25 - [] D -- C:\Program Files\GRETECH
O43 - CFD: 2015/07/15 05:49:35 - [] D -- C:\Program Files\HTML Help Workshop
O43 - CFD: 2015/07/13 20:42:39 - [] D -- C:\Program Files\IconChanger
O43 - CFD: 2015/07/15 06:06:21 - [] D -- C:\Program Files\IIS
O43 - CFD: 2015/07/15 06:13:44 - [] D -- C:\Program Files\IIS Express
O43 - CFD: 2015/07/15 21:50:23 - [] D -- C:\Program Files\Inno Setup 5
O43 - CFD: 2015/07/14 11:15:47 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2014/09/16 15:20:19 - [] D -- C:\Program Files\Internet Download Manager
O43 - CFD: 2014/08/02 23:06:05 - [] D -- C:\Program Files\Internet Download Manager_
O43 - CFD: 2015/07/15 22:16:19 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2015/07/15 03:41:38 - [] D -- C:\Program Files\Invalid Visual Studio Folder
O43 - CFD: 2015/07/14 11:13:15 - [0] D -- C:\Program Files\iSkysoft
O43 - CFD: 2014/08/06 18:09:32 - [] D -- C:\Program Files\Jumpstart
O43 - CFD: 2014/08/03 06:52:07 - [] D -- C:\Program Files\KMSpico  =>PUA.KMSpico
O43 - CFD: 2015/07/05 02:44:05 - [] D -- C:\Program Files\Konami
O43 - CFD: 2015/03/28 08:22:27 - [] D -- C:\Program Files\LotR Battle for Middle-Earth II
O43 - CFD: 2014/08/02 22:23:01 - [] D -- C:\Program Files\Microsoft Analysis Services
O43 - CFD: 2015/07/15 07:12:38 - [] D -- C:\Program Files\Microsoft ASP.NET
O43 - CFD: 2015/07/15 06:47:32 - [] D -- C:\Program Files\Microsoft DNX
O43 - CFD: 2015/02/10 16:42:26 - [] D -- C:\Program Files\Microsoft Games for Windows - LIVE
O43 - CFD: 2015/07/15 04:28:22 - [] D -- C:\Program Files\Microsoft Help Viewer
O43 - CFD: 2014/08/02 22:25:23 - [] D -- C:\Program Files\Microsoft Office
O43 - CFD: 2015/07/15 08:56:00 - [] D -- C:\Program Files\Microsoft SDKs
O43 - CFD: 2015/07/15 19:37:49 - [] D -- C:\Program Files\Microsoft Silverlight
O43 - CFD: 2015/07/15 08:35:51 - [] D -- C:\Program Files\Microsoft SQL Server
O43 - CFD: 2015/07/15 08:36:12 - [] D -- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 2015/07/15 08:51:17 - [] D -- C:\Program Files\Microsoft Visual Studio 11.0
O43 - CFD: 2015/07/15 05:50:23 - [] D -- C:\Program Files\Microsoft Visual Studio 12.0
O43 - CFD: 2015/07/15 08:53:50 - [] D -- C:\Program Files\Microsoft Visual Studio 14.0
O43 - CFD: 2015/07/15 06:07:13 - [] D -- C:\Program Files\Microsoft WCF Data Services
O43 - CFD: 2015/07/15 06:47:02 - [] D -- C:\Program Files\Microsoft Web Tools
O43 - CFD: 2015/07/15 03:45:24 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2015/07/11 08:30:11 - [] D -- C:\Program Files\Mozilla Firefox
O43 - CFD: 2015/07/11 08:30:11 - [] D -- C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 2015/07/15 04:29:47 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2015/07/10 13:20:26 - [] D -- C:\Program Files\No-IP
O43 - CFD: 2015/07/15 11:04:06 - [] D -- C:\Program Files\NToolbox
O43 - CFD: 2015/07/15 06:09:16 - [] D -- C:\Program Files\NuGet
O43 - CFD: 2014/12/06 19:43:05 - [] D -- C:\Program Files\NVIDIA Corporation
O43 - CFD: 2014/12/06 19:42:21 - [] D -- C:\Program Files\OpenAL
O43 - CFD: 2015/07/10 13:28:09 - [] D -- C:\Program Files\OpenVPN Technologies
O43 - CFD: 2015/01/15 13:29:44 - [] D -- C:\Program Files\Oracle
O43 - CFD: 2014/10/08 16:20:01 - [] D -- C:\Program Files\REALTEK
O43 - CFD: 2015/07/14 11:52:47 - [] D -- C:\Program Files\Recovery Software
O43 - CFD: 2015/07/14 00:49:58 - [] D -- C:\Program Files\Red Gate
O43 - CFD: 2015/02/10 16:35:14 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2015/07/15 01:03:40 - [] D -- C:\Program Files\Resource Tuner
O43 - CFD: 2014/08/02 23:06:05 - [] D -- C:\Program Files\Router Password Kracker
O43 - CFD: 2014/10/15 10:07:46 - [] D -- C:\Program Files\Samsung
O43 - CFD: 2014/11/28 01:12:06 - [] D -- C:\Program Files\SCC-TDS
O43 - CFD: 2015/07/15 01:38:48 - [] D -- C:\Program Files\SFX Compiler
O43 - CFD: 2015/07/18 16:21:16 - [] D -- C:\Program Files\ShadowExplorer
O43 - CFD: 2015/07/15 07:18:26 - [] D -- C:\Program Files\ShellDir
O43 - CFD: 2015/07/15 01:00:27 - [] D -- C:\Program Files\Smart Install Maker
O43 - CFD: 2014/11/28 19:45:38 - [] D -- C:\Program Files\Splinter Cell Blacklist
O43 - CFD: 2014/09/22 02:05:10 - [] D -- C:\Program Files\Synaptics
O43 - CFD: 2014/08/03 06:51:50 - [] D -- C:\Program Files\TAP-Windows
O43 - CFD: 2015/07/17 11:27:39 - [] D -- C:\Program Files\Tenorshare Photo Recovery
O43 - CFD: 2014/08/02 23:06:05 - [] D -- C:\Program Files\TOSHIBA
O43 - CFD: 2015/05/05 00:58:13 - [] D -- C:\Program Files\TotalImageConverter
O43 - CFD: 2013/08/22 10:24:44 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2014/08/05 08:36:36 - [] D -- C:\Program Files\VideoLAN
O43 - CFD: 2014/09/20 12:22:59 - [] D -- C:\Program Files\VMware
O43 - CFD: 2014/08/02 23:06:05 - [] D -- C:\Program Files\WeFi
O43 - CFD: 2014/08/02 23:06:05 - [] D -- C:\Program Files\WiFi Password Decryptor
O43 - CFD: 2015/03/28 09:45:26 - [] D -- C:\Program Files\Windows Defender
O43 - CFD: 2015/05/20 08:47:16 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 2015/07/15 08:28:19 - [] D -- C:\Program Files\Windows Kits
O43 - CFD: 2014/12/06 20:06:19 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 2014/12/06 20:06:18 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2014/12/06 20:06:19 - [] D -- C:\Program Files\Windows Multimedia Platform
O43 - CFD: 2013/08/22 11:17:26 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2014/12/06 20:06:18 - [] D -- C:\Program Files\Windows Photo Viewer
O43 - CFD: 2014/12/06 20:06:18 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 2013/08/22 11:17:26 - [] SHD -- C:\Program Files\Windows Sidebar
O43 - CFD: 2014/10/17 11:03:19 - [] HD -- C:\Program Files\WindowsApps
O43 - CFD: 2014/12/06 20:06:12 - [] D -- C:\Program Files\WindowsPowerShell
O43 - CFD: 2014/08/06 18:08:57 - [] D -- C:\Program Files\WinPcap
O43 - CFD: 2014/08/05 08:39:27 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2015/05/06 10:01:32 - [] D -- C:\Program Files\WinThruster
O43 - CFD: 2015/01/09 16:48:01 - [] D -- C:\Program Files\YouWave Android
O43 - CFD: 2015/07/15 02:21:54 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\.NET Reactor
O43 - CFD: 2014/12/06 20:07:12 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 2015/03/28 09:45:26 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/06/21 04:08:57 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2014/12/11 22:20:37 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
O43 - CFD: 2015/01/11 09:59:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
O43 - CFD: 2014/08/06 18:09:29 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
O43 - CFD: 2015/07/13 20:54:50 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
O43 - CFD: 2015/07/18 00:43:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
O43 - CFD: 2015/01/11 16:34:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
O43 - CFD: 2015/05/06 14:59:15 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BYclouder Vmware File Recovery
O43 - CFD: 2015/07/17 11:27:39 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
O43 - CFD: 2015/07/13 21:12:30 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeWall
O43 - CFD: 2015/05/06 18:51:05 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contenta Converter PREMIUM
O43 - CFD: 2014/11/19 17:41:59 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike
O43 - CFD: 2015/07/11 11:06:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DDNS Enterprise Client
O43 - CFD: 2015/07/13 21:11:30 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSea Obfuscator 4
O43 - CFD: 2015/07/15 12:23:53 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
O43 - CFD: 2015/05/05 22:46:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East Imperial Soft
O43 - CFD: 2015/05/06 10:32:04 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro
O43 - CFD: 2015/02/13 15:10:36 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 2015/07/03 22:58:21 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
O43 - CFD: 2015/07/11 13:11:29 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6
O43 - CFD: 2015/07/13 20:42:39 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconChanger
O43 - CFD: 2015/07/15 21:50:23 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inno Setup 5
O43 - CFD: 2014/09/15 02:50:24 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2014/08/03 06:51:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>PUA.KMSpico
O43 - CFD: 2013/08/22 11:17:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/07/15 05:58:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
O43 - CFD: 2015/02/10 16:42:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
O43 - CFD: 2015/07/16 20:09:13 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
O43 - CFD: 2015/07/15 19:38:20 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
O43 - CFD: 2015/07/03 00:28:18 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetDragon
O43 - CFD: 2015/07/15 11:04:07 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NToolbox Yano
O43 - CFD: 2015/07/10 13:29:51 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Technologies
O43 - CFD: 2015/07/17 11:27:39 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
O43 - CFD: 2015/07/05 03:55:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2015
O43 - CFD: 2014/10/08 16:20:07 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK RTL8187 Wireless LAN Utility
O43 - CFD: 2015/07/14 11:14:14 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Software
O43 - CFD: 2015/07/14 00:50:00 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Gate
O43 - CFD: 2015/07/15 01:03:40 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Tuner
O43 - CFD: 2014/10/15 10:05:52 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
O43 - CFD: 2015/07/15 01:38:48 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFX Compiler
O43 - CFD: 2015/07/18 16:21:15 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
O43 - CFD: 2015/07/13 21:48:19 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Install Maker 5.04
O43 - CFD: 2015/07/10 13:29:51 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
O43 - CFD: 2014/12/06 20:07:12 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 2013/08/22 14:13:01 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2015/07/17 11:27:39 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenorshare Photo Recovery
O43 - CFD: 2015/02/13 14:35:19 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief
O43 - CFD: 2015/05/05 00:58:14 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Image Converter
O43 - CFD: 2014/08/05 08:36:46 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
O43 - CFD: 2015/07/15 05:54:10 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
O43 - CFD: 2014/09/20 12:23:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
O43 - CFD: 2015/07/15 08:07:58 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
O43 - CFD: 2014/08/06 18:08:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
O43 - CFD: 2014/08/05 08:39:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 2015/05/06 10:01:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
O43 - CFD: 2015/01/09 16:48:01 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouWave Android
O43 - CFD: 2015/07/18 00:04:31 - [] D -- C:\ProgramData\12720049163940182906
O43 - CFD: 2014/12/12 17:53:53 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 2015/07/17 11:21:04 - [] D -- C:\ProgramData\APN
O43 - CFD: 2013/08/22 10:23:42 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 2015/07/17 11:23:04 - [] D -- C:\ProgramData\AskPartnerNetwork  =>Toolbar.Ask
O43 - CFD: 2014/08/06 18:09:34 - [] D -- C:\ProgramData\Atheros
O43 - CFD: 2015/07/18 00:42:12 - [] D -- C:\ProgramData\Avira
O43 - CFD: 2015/01/11 16:34:36 - [] D -- C:\ProgramData\BlueStacks
O43 - CFD: 2015/01/11 16:37:17 - [] D -- C:\ProgramData\BlueStacksSetup
O43 - CFD: 2015/07/16 20:03:51 - [] D -- C:\ProgramData\Camfrog Update
O43 - CFD: 2014/09/25 21:06:54 - [] D -- C:\ProgramData\Caphyon
O43 - CFD: 2015/07/18 00:01:50 - [] D -- C:\ProgramData\cjbefnmgdappignpipchicmgdegdigan
O43 - CFD: 2013/08/22 10:23:42 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 2013/08/22 10:23:42 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 2015/07/14 00:49:53 - [] D -- C:\ProgramData\Downloaded Installations
O43 - CFD: 2015/07/15 12:13:58 - [] D -- C:\ProgramData\Dropbox
O43 - CFD: 2015/07/14 11:15:47 - [] D -- C:\ProgramData\Farstone
O43 - CFD: 2015/07/05 19:35:40 - [] D -- C:\ProgramData\GRETECH
O43 - CFD: 2014/09/15 02:50:25 - [0] D -- C:\ProgramData\IDM
O43 - CFD: 2015/07/15 02:38:52 - [] D -- C:\ProgramData\Isolated Storage
O43 - CFD: 2015/05/06 10:04:21 - [] D -- C:\ProgramData\IsolatedStorage
O43 - CFD: 2015/06/19 02:02:34 - [] D -- C:\ProgramData\KONAMI
O43 - CFD: 2015/05/06 15:42:00 - [] D -- C:\ProgramData\Malwarebytes
O43 - CFD: 2015/07/15 09:00:08 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 2015/07/15 06:47:32 - [] D -- C:\ProgramData\Microsoft DNX
O43 - CFD: 2015/07/18 03:31:00 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 2014/08/03 07:41:47 - [] D -- C:\ProgramData\Mozilla
O43 - CFD: 2015/07/15 13:17:52 - [] D -- C:\ProgramData\NuGet
O43 - CFD: 2014/11/28 20:54:07 - [] D -- C:\ProgramData\Orbit
O43 - CFD: 2015/07/17 10:36:33 - [] D -- C:\ProgramData\Package Cache
O43 - CFD: 2015/07/15 07:20:33 - [] D -- C:\ProgramData\PreEmptive Solutions
O43 - CFD: 2015/07/14 00:49:58 - [] D -- C:\ProgramData\Red Gate
O43 - CFD: 2014/12/11 22:23:04 - [] D -- C:\ProgramData\regid.1986-12.com.adobe
O43 - CFD: 2015/07/15 03:08:21 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 2014/10/15 10:07:29 - [] D -- C:\ProgramData\Samsung
O43 - CFD: 2013/08/22 10:23:42 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 2015/02/10 17:35:29 - [] D -- C:\ProgramData\Steam
O43 - CFD: 2015/05/05 10:58:13 - [0] AD -- C:\ProgramData\TEMP
O43 - CFD: 2013/08/22 10:23:42 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 2014/08/02 21:57:48 - [] D -- C:\ProgramData\TP-LINK
O43 - CFD: 2015/07/10 19:51:56 - [] D -- C:\ProgramData\Vitalwerks
O43 - CFD: 2015/07/18 10:59:38 - [] D -- C:\ProgramData\VMware
O43 - CFD: 2015/07/15 10:11:00 - [] D -- C:\ProgramData\VsTelemetry
O43 - CFD: 2014/08/02 23:06:04 - [] D -- C:\ProgramData\WeFi
O43 - CFD: 2015/07/15 08:06:47 - [] D -- C:\ProgramData\Windows App Certification Kit
O43 - CFD: 2015/07/15 02:21:55 - [] HDC -- C:\ProgramData\{1A298735-7267-4D8F-B4AB-ED851AA7F4FD}
O43 - CFD: 2015/07/18 00:01:06 - [] D -- C:\ProgramData\{8cf07d9d-2792-4b77-8cf0-07d9d279f674}
O43 - CFD: 2014/12/11 22:21:49 - [] D -- C:\Program Files\Common Files\Adobe
O43 - CFD: 2014/08/03 07:26:44 - [] D -- C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 2014/08/03 07:00:17 - [] D -- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 2015/07/15 04:29:23 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2014/08/02 23:06:05 - [0] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2015/05/06 15:14:04 - [] D -- C:\Program Files\Common Files\iSkysoft
O43 - CFD: 2015/07/15 05:41:55 - [] D -- C:\Program Files\Common Files\Merge Modules
O43 - CFD: 2015/07/15 07:57:04 - [] D -- C:\Program Files\Common Files\Microsoft
O43 - CFD: 2015/07/15 06:47:33 - [] D -- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2013/08/22 11:17:35 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2015/07/05 02:38:23 - [] D -- C:\Program Files\Common Files\Steam
O43 - CFD: 2014/12/06 20:06:18 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2014/09/20 12:23:25 - [] D -- C:\Program Files\Common Files\VMware
O43 - CFD: 2015/02/10 16:17:59 - [] D -- C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD: 2014/10/08 21:37:55 - [0] D -- C:\Users\abo lith\AppData\Roaming\337Games
O43 - CFD: 2006/06/30 13:43:21 - [] D -- C:\Users\abo lith\AppData\Roaming\aa
O43 - CFD: 2014/12/11 22:35:57 - [] D -- C:\Users\abo lith\AppData\Roaming\Adobe
O43 - CFD: 2015/01/15 13:37:36 - [] D -- C:\Users\abo lith\AppData\Roaming\Andy
O43 - CFD: 2015/07/18 00:49:47 - [] D -- C:\Users\abo lith\AppData\Roaming\Avira
O43 - CFD: 2015/07/16 20:06:02 - [] D -- C:\Users\abo lith\AppData\Roaming\Camfrog
O43 - CFD: 2015/07/18 22:01:47 - [] D -- C:\Users\abo lith\AppData\Roaming\DMCache
O43 - CFD: 2015/07/18 11:08:04 - [] D -- C:\Users\abo lith\AppData\Roaming\Dropbox
O43 - CFD: 2015/07/10 20:52:37 - [] D -- C:\Users\abo lith\AppData\Roaming\EMMA Labs
O43 - CFD: 2014/09/15 02:41:27 - [] D -- C:\Users\abo lith\AppData\Roaming\GoforFiles
O43 - CFD: 2014/08/05 08:37:30 - [] D -- C:\Users\abo lith\AppData\Roaming\GRETECH
O43 - CFD: 2015/01/09 16:53:01 - [] D -- C:\Users\abo lith\AppData\Roaming\gtk-2.0
O43 - CFD: 2015/07/13 20:44:42 - [] D -- C:\Users\abo lith\AppData\Roaming\IconChanger
O43 - CFD: 2014/12/06 20:14:28 - [] D -- C:\Users\abo lith\AppData\Roaming\Identities
O43 - CFD: 2015/07/02 18:20:00 - [] D -- C:\Users\abo lith\AppData\Roaming\IDM
O43 - CFD: 2014/08/03 07:16:41 - [] D -- C:\Users\abo lith\AppData\Roaming\InstallShield
O43 - CFD: 2015/05/06 10:04:21 - [] D -- C:\Users\abo lith\AppData\Roaming\IsolatedStorage
O43 - CFD: 2014/08/03 07:26:31 - [] D -- C:\Users\abo lith\AppData\Roaming\Macromedia
O43 - CFD: 2015/07/17 05:42:33 - [0] D -- C:\Users\abo lith\AppData\Roaming\Micro
O43 - CFD: 2015/07/15 09:00:48 - [] SD -- C:\Users\abo lith\AppData\Roaming\Microsoft
O43 - CFD: 2015/07/15 13:18:39 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft FxCop
O43 - CFD: 2014/08/06 00:54:44 - [] D -- C:\Users\abo lith\AppData\Roaming\Mozilla
O43 - CFD: 2014/12/06 20:22:05 - [] D -- C:\Users\abo lith\AppData\Roaming\My Battle for Middle-earth(tm) II Files
O43 - CFD: 2015/07/15 13:17:51 - [] D -- C:\Users\abo lith\AppData\Roaming\NuGet
O43 - CFD: 2015/07/11 08:48:08 - [] D -- C:\Users\abo lith\AppData\Roaming\Psiphon3
O43 - CFD: 2015/07/18 00:01:05 - [] D -- C:\Users\abo lith\AppData\Roaming\Resentful Compassion
O43 - CFD: 2015/07/15 01:03:54 - [] D -- C:\Users\abo lith\AppData\Roaming\Resource Tuner 2
O43 - CFD: 2014/10/15 10:06:01 - [] D -- C:\Users\abo lith\AppData\Roaming\Samsung
O43 - CFD: 2014/09/25 20:18:59 - [] D -- C:\Users\abo lith\AppData\Roaming\SCC-TDS
O43 - CFD: 2015/05/05 00:58:22 - [] D -- C:\Users\abo lith\AppData\Roaming\Softplicity
O43 - CFD: 2015/05/06 10:01:33 - [] D -- C:\Users\abo lith\AppData\Roaming\Solvusoft
O43 - CFD: 2015/07/17 02:03:10 - [0] D -- C:\Users\abo lith\AppData\Roaming\system
O43 - CFD: 2014/09/25 21:12:17 - [] D -- C:\Users\abo lith\AppData\Roaming\Theta
O43 - CFD: 2015/07/18 22:04:31 - [] D -- C:\Users\abo lith\AppData\Roaming\uTorrent
O43 - CFD: 2015/04/17 01:20:17 - [] D -- C:\Users\abo lith\AppData\Roaming\vlc
O43 - CFD: 2015/05/05 11:24:50 - [] D -- C:\Users\abo lith\AppData\Roaming\VMware
O43 - CFD: 2015/06/21 02:55:12 - [] D -- C:\Users\abo lith\AppData\Roaming\webssearches  =>PUP.Optional.WebsSearches
O43 - CFD: 2014/08/03 07:16:37 - [] D -- C:\Users\abo lith\AppData\Roaming\WinBatch
O43 - CFD: 2014/08/09 01:08:09 - [] D -- C:\Users\abo lith\AppData\Roaming\WinRAR
O43 - CFD: 2015/07/18 16:22:31 - [] D -- C:\Users\abo lith\AppData\Roaming\www.shadowexplorer.com
O43 - CFD: 2015/07/18 22:05:44 - [] D -- C:\Users\abo lith\AppData\Roaming\ZHP
O43 - CFD: 2014/12/11 22:35:57 - [] D -- C:\Users\abo lith\AppData\Local\Adobe
O43 - CFD: 2014/08/03 06:48:26 - [0] SHD -- C:\Users\abo lith\AppData\Local\Application Data
O43 - CFD: 2015/07/14 22:43:58 - [] D -- C:\Users\abo lith\AppData\Local\AutoIt v3
O43 - CFD: 2015/07/16 20:04:04 - [] D -- C:\Users\abo lith\AppData\Local\Camfrog
O43 - CFD: 2015/07/10 20:52:41 - [] D -- C:\Users\abo lith\AppData\Local\Caphyon
O43 - CFD: 2015/07/16 20:03:58 - [] D -- C:\Users\abo lith\AppData\Local\CrashRpt  =>.Legitimate.CrashReports
O43 - CFD: 2015/03/28 10:22:40 - [0] D -- C:\Users\abo lith\AppData\Local\Diagnostics
O43 - CFD: 2015/04/30 20:06:10 - [0] D -- C:\Users\abo lith\AppData\Local\Downloaded Installations
O43 - CFD: 2015/07/15 12:13:58 - [] D -- C:\Users\abo lith\AppData\Local\Dropbox
O43 - CFD: 2014/12/29 00:34:37 - [0] D -- C:\Users\abo lith\AppData\Local\ElevatedDiagnostics
O43 - CFD: 2015/06/21 23:36:34 - [0] SHD -- C:\Users\abo lith\AppData\Local\EmieBrowserModeList
O43 - CFD: 2015/06/21 23:36:34 - [0] SHD -- C:\Users\abo lith\AppData\Local\EmieSiteList
O43 - CFD: 2015/06/21 23:36:34 - [0] SHD -- C:\Users\abo lith\AppData\Local\EmieUserList
O43 - CFD: 2015/07/10 20:52:34 - [] D -- C:\Users\abo lith\AppData\Local\EMMA Labs
O43 - CFD: 2015/01/11 13:00:02 - [] D -- C:\Users\abo lith\AppData\Local\Facebook
O43 - CFD: 2015/05/06 10:04:29 - [] D -- C:\Users\abo lith\AppData\Local\FileViewPro
O43 - CFD: 2015/02/13 14:37:18 - [] D -- C:\Users\abo lith\AppData\Local\Game Launcher
O43 - CFD: 2015/02/13 14:37:18 - [] D -- C:\Users\abo lith\AppData\Local\Game Updater
O43 - CFD: 2014/08/08 16:11:16 - [] D -- C:\Users\abo lith\AppData\Local\Google
O43 - CFD: 2014/08/03 06:48:26 - [0] SHD -- C:\Users\abo lith\AppData\Local\History
O43 - CFD: 2015/05/06 15:14:05 - [] D -- C:\Users\abo lith\AppData\Local\iSkysoft
O43 - CFD: 2015/07/15 10:23:06 - [] D -- C:\Users\abo lith\AppData\Local\Microsoft
O43 - CFD: 2014/08/02 22:22:51 - [0] D -- C:\Users\abo lith\AppData\Local\Microsoft Help
O43 - CFD: 2014/08/06 18:26:26 - [] D -- C:\Users\abo lith\AppData\Local\Mozilla
O43 - CFD: 2015/01/15 13:40:39 - [] D -- C:\Users\abo lith\AppData\Local\Ofi Labs
O43 - CFD: 2015/07/15 21:21:55 - [] D -- C:\Users\abo lith\AppData\Local\Packages
O43 - CFD: 2014/08/03 06:51:30 - [] D -- C:\Users\abo lith\AppData\Local\Programs
O43 - CFD: 2015/02/13 14:37:19 - [] D -- C:\Users\abo lith\AppData\Local\SKIDROW
O43 - CFD: 2015/07/14 00:38:50 - [] D -- C:\Users\abo lith\AppData\Local\SkinSoft
O43 - CFD: 2015/07/05 02:38:01 - [] D -- C:\Users\abo lith\AppData\Local\Steam
O43 - CFD: 2015/07/18 22:06:08 - [] D -- C:\Users\abo lith\AppData\Local\Temp
O43 - CFD: 2014/08/03 06:48:26 - [0] SHD -- C:\Users\abo lith\AppData\Local\Temporary Internet Files
O43 - CFD: 2015/02/08 21:57:24 - [] D -- C:\Users\abo lith\AppData\Local\Unity
O43 - CFD: 2014/09/02 11:03:22 - [] D -- C:\Users\abo lith\AppData\Local\VirtualStore
O43 - CFD: 2015/07/10 13:20:28 - [] D -- C:\Users\abo lith\AppData\Local\Vitalwerks
O43 - CFD: 2015/05/05 11:24:50 - [0] D -- C:\Users\abo lith\AppData\Local\VMware
O43 - CFD: 2013/08/22 11:17:27 - [] RD -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 2013/08/22 11:17:27 - [] RD -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/07/15 22:24:30 - [] RD -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/01/15 13:37:35 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy
O43 - CFD: 2015/07/13 20:22:54 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Babel
O43 - CFD: 2015/07/16 20:03:54 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat
O43 - CFD: 2014/11/19 20:22:40 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
O43 - CFD: 2015/05/05 22:46:56 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\East Imperial Soft
O43 - CFD: 2015/07/10 20:52:38 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EMMA Labs
O43 - CFD: 2014/08/05 08:33:41 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 2014/09/15 02:50:24 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
O43 - CFD: 2013/08/22 11:17:27 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/07/10 13:20:26 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
O43 - CFD: 2015/07/14 11:14:14 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Software
O43 - CFD: 2015/07/15 01:38:48 - [0] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SFX Compiler
O43 - CFD: 2015/07/15 01:00:27 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Install Maker 5.03
O43 - CFD: 2015/07/18 11:10:38 - [] RD -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2013/08/22 11:17:27 - [] RD -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 2015/05/06 14:54:49 - [0] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tenorshare Photo Recovery
O43 - CFD: 2014/08/05 08:39:27 - [] D -- C:\Users\abo lith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

---\\ Latest files created in Windows Prefetcher (O45) (2) - 21s
O45 - LFCP:[MD5.4F7DB341304CA95CC520FEEFFA4310D8] 2015/07/17 11:16:56 A -- C:\Windows\Prefetch\OFFERCAST_AVIRAV7_.EXE-4633961C.pf  =>Toolbar.Ask
O45 - LFCP:[MD5.6F793624FE9FA85BA9417C9B7574030F] 2015/07/18 16:17:59 A -- C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-37FCD94F.pf  =>.Enigma Software

---\\ System Drivers List (SDL) (O58) (75) - 13s
O58 - SDL:2013/08/22 08:33:26 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\drivers\3ware.sys   [86368]
O58 - SDL:2013/08/22 08:33:25 A . (.PMC-Sierra - PMC-Sierra Storport  Driver For SPC8x6G SAS.) -- C:\Windows\System32\drivers\adp80xx.sys   [773472]
O58 - SDL:2013/08/22 08:33:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys   [72544]
O58 - SDL:2013/08/22 08:33:26 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys   [215392]
O58 - SDL:2013/08/22 08:33:24 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys   [22880]
O58 - SDL:2013/08/22 08:33:26 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys   [101728]
O58 - SDL:2010/01/06 06:20:10 A . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driv.) -- C:\Windows\System32\drivers\athur.sys   [1500160]
O58 - SDL:2013/09/26 17:22:14 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\drivers\atikmdag.sys   [10926080]
O58 - SDL:2013/09/26 17:22:14 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\System32\drivers\atikmpag.sys   [495616]
O58 - SDL:2015/07/18 00:40:15 A . (.Avira Operations GmbH & Co. KG - Avira Minifilter Driver.) -- C:\Windows\System32\drivers\avgntflt.sys   [108448]
O58 - SDL:2015/07/18 00:40:15 A . (.Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement.) -- C:\Windows\System32\drivers\avipbb.sys   [136728]
O58 - SDL:2015/07/18 00:40:15 A . (.Avira Operations GmbH & Co. KG - Avira Manager Driver.) -- C:\Windows\System32\drivers\avkmgr.sys   [37896]
O58 - SDL:2015/07/17 11:27:53 A . (.Avira Operations GmbH & Co. KG - Avira WFP Network Driver.) -- C:\Windows\System32\drivers\avnetflt.sys   [37384]
O58 - SDL:2013/08/13 02:25:32 A . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\drivers\bcmfn2.sys   [16088]
O58 - SDL:2013/10/21 17:01:32 A . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless dr.) -- C:\Windows\System32\drivers\BCMWL63.SYS   [6715568]
O58 - SDL:2013/04/11 12:53:52 A . (...) -- C:\Windows\System32\drivers\farmntio.sys   [24800]
O58 - SDL:2012/08/26 16:52:30 A . (.VMware, Inc. - VMware USB monitor.) -- C:\Windows\System32\drivers\hcmon.sys   [41496]
O58 - SDL:2013/02/19 11:59:36 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\HECI.sys   [49272]
O58 - SDL:2013/08/22 08:33:29 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys   [56672]
O58 - SDL:2013/07/24 00:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor GPIO Controller.) -- C:\Windows\System32\drivers\iaiogpio.sys   [22016]
O58 - SDL:2013/07/24 00:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller.) -- C:\Windows\System32\drivers\iaioi2c.sys   [61936]
O58 - SDL:2013/09/20 15:42:34 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) -- C:\Windows\System32\drivers\iaStorA.sys   [488808]
O58 - SDL:2013/08/10 03:39:44 A . (.Intel Corporation - Intel Rapid Storage Technology driver (inbo.) -- C:\Windows\System32\drivers\iaStorAV.sys   [524784]
O58 - SDL:2013/08/22 08:33:29 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys   [333664]
O58 - SDL:2014/06/09 11:40:58 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys   [113680]
O58 - SDL:2010/02/26 15:31:24 A . (.Intel Corporation - Intel(R) Turbo Boost Technology Driver.) -- C:\Windows\System32\drivers\Impcd.sys   [132480]
O58 - SDL:2008/05/15 13:28:44 A . (.Atheros Communications, Inc. - Atheros Security NDIS 6.0 Filter Driver.) -- C:\Windows\System32\drivers\jswpslwf.sys   [20384]
O58 - SDL:2013/07/18 12:55:18 A . (.Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabi.) -- C:\Windows\System32\drivers\L1C63x86.sys   [111304]
O58 - SDL:2013/08/22 08:33:29 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys   [94048]
O58 - SDL:2013/08/22 08:33:30 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys   [79712]
O58 - SDL:2013/08/22 08:33:30 A . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas3.sys   [68960]
O58 - SDL:2013/08/22 08:33:29 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sss.sys   [69472]
O58 - SDL:2013/08/22 08:33:30 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys   [51552]
O58 - SDL:2013/08/22 08:33:29 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\megasr.sys   [464736]
O58 - SDL:2013/03/23 13:53:16 A . (...) -- C:\Windows\System32\drivers\monectdevices.sys   [4992]
O58 - SDL:2013/08/22 08:33:32 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\drivers\mvumis.sys   [58208]
O58 - SDL:2013/06/18 21:30:37 A . (.Ralink Technology Corp. - Ralink 802.11n Wireless Adapter Driver.) -- C:\Windows\System32\drivers\netr28u.sys   [1696528]
O58 - SDL:2013/03/01 04:48:42 A . (.Riverbed Technology, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) -- C:\Windows\System32\drivers\npf.sys   [36600]
O58 - SDL:2013/08/22 08:33:32 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys   [120160]
O58 - SDL:2013/08/22 08:33:33 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys   [141664]
O58 - SDL:2015/01/26 20:29:28 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) -- C:\Windows\System32\drivers\ptun0901.sys   [23552]
O58 - SDL:2010/01/07 05:20:22 RA . (.Realtek Semiconductor Corporation - Realtek RTL8187 NDIS Driver.) -- C:\Windows\System32\drivers\rtl8187.sys   [375808]
O58 - SDL:2013/08/22 11:16:47 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys   [20480]
O58 - SDL:2013/08/22 08:32:56 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys   [41312]
O58 - SDL:2013/08/22 08:32:57 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys   [79200]
O58 - SDL:2014/08/06 09:13:34 A . (.Synaptics Incorporated - Synaptics SMBus Driver.) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys   [27888]
O58 - SDL:2015/07/18 00:40:15 A . (.Avira Operations GmbH & Co. KG - AVIRA SnapShot Driver.) -- C:\Windows\System32\drivers\ssmdrv.sys   [31848]
O58 - SDL:2014/10/13 08:57:48 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudbus.sys   [89856]
O58 - SDL:2014/10/13 08:57:48 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudmdm.sys   [184192]
O58 - SDL:2012/02/16 00:24:38 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (M.) -- C:\Windows\System32\drivers\ssudserd.sys   [181432]
O58 - SDL:2013/08/22 08:32:57 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\drivers\stexstor.sys   [26976]
O58 - SDL:2014/08/06 09:13:58 A . (.Synaptics Incorporated - Synaptics Touchpad 32-bit Driver.) -- C:\Windows\System32\drivers\SynTP.sys   [617200]
O58 - SDL:2013/08/22 15:40:22 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\drivers\tap0901.sys   [35288]
O58 - SDL:2013/11/01 03:22:28 A . (.Windows (R) Win 7 DDK provider - Toshiba Hotkey Driver.) -- C:\Windows\System32\drivers\Thotkey.sys   [29072]
O58 - SDL:2009/06/29 08:16:22 A . (.TOSHIBA Corporation - TOSHIBA HDD Protection - Shock Sensor Drive.) -- C:\Windows\System32\drivers\Thpevm.sys   [13120]
O58 - SDL:2013/11/01 03:22:28 A . (.TOSHIBA Corporation - TOSHIBA Bluetooth EC Driver.) -- C:\Windows\System32\drivers\tosrfec.sys   [22424]
O58 - SDL:2013/08/29 09:22:06 A . (.TOSHIBA Corporation - TOSHIBA ACPI-Based Value Added Logical and.) -- C:\Windows\System32\drivers\TVALZ_O.SYS   [27200]
O58 - SDL:2014/11/21 16:16:54 A . (.Oracle Corporation - VirtualBox Support Driver.) -- C:\Windows\System32\drivers\VBoxDrv.sys   [744520]
O58 - SDL:2014/11/21 16:16:32 A . (.Oracle Corporation - VirtualBox Host-Only Network Adapter Driver.) -- C:\Windows\System32\drivers\VBoxNetAdp.sys   [116184]
O58 - SDL:2014/11/21 16:16:32 A . (.Oracle Corporation - VirtualBox Bridged Networking Driver.) -- C:\Windows\System32\drivers\VBoxNetFlt.sys   [126496]
O58 - SDL:2013/07/04 16:37:08 A . (.Oracle Corporation - VirtualBox USB Driver.) -- C:\Windows\System32\drivers\VBoxUSB.sys   [84752]
O58 - SDL:2014/11/21 16:16:32 A . (.Oracle Corporation - VirtualBox USB Monitor Driver.) -- C:\Windows\System32\drivers\VBoxUSBMon.sys   [104384]
O58 - SDL:2013/08/22 08:33:00 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys   [18272]
O58 - SDL:2012/08/26 17:46:34 A . (.VMware, Inc. - VMware PCI VMCI Bus Device.) -- C:\Windows\System32\drivers\vmci.sys   [71152]
O58 - SDL:2012/08/15 15:16:48 A . (.VMware, Inc. - VMware virtual network driver (32-bit).) -- C:\Windows\System32\drivers\vmnet.sys   [19608]
O58 - SDL:2012/08/15 15:16:48 A . (.VMware, Inc. - VMware virtual network adapter driver (32-b.) -- C:\Windows\System32\drivers\vmnetadapter.sys   [16664]
O58 - SDL:2012/08/15 15:16:50 A . (.VMware, Inc. - VMware bridge driver (32-bit).) -- C:\Windows\System32\drivers\vmnetbridge.sys   [37016]
O58 - SDL:2012/08/15 15:18:28 A . (.VMware, Inc. - VMware network application interface driver.) -- C:\Windows\System32\drivers\vmnetuserif.sys   [25752]
O58 - SDL:2012/08/26 16:52:30 A . (.VMware, Inc. - VMware USB driver.) -- C:\Windows\System32\drivers\vmusb.sys   [31280]
O58 - SDL:2012/08/15 15:18:38 A . (.VMware, Inc. - VMware kernel driver.) -- C:\Windows\System32\drivers\vmx86.sys   [61848]
O58 - SDL:2013/08/22 08:33:01 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\drivers\vsmraid.sys   [148832]
O58 - SDL:2012/08/26 17:46:34 A . (.VMware, Inc. - VMware vSockets Service.) -- C:\Windows\System32\drivers\vsock.sys   [61296]
O58 - SDL:2011/07/12 09:36:28 A . (.VMware, Inc. - VMware Virtual Storage Volume Driver.) -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys   [22768]
O58 - SDL:2013/08/22 08:33:01 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\drivers\VSTXRAID.SYS   [276832]
O58 - SDL:2010/01/05 13:31:32 RA . (.Atheros Communications, Inc. - Driver for Atheros Wireless Network Adapter.) -- C:\Windows\System32\athuw.sys   [1714176]

---\\ Last modified or created user files (O61) (107) - 136s
O61 - LFC: 2015/07/18 00:21:18 A . (..) -- C:\Users\abo lith\explorer.exe   [150016]
O61 - LFC: 2015/07/18 00:21:07 A . (..) -- C:\Users\abo lith\win.7.exe   [150016]
O61 - LFC: 2015/07/15 13:37:37 A . (.doom.) -- C:\Users\abo lith\Pictures\AVIRA.exe   [12800]
O61 - LFC: 2015/07/15 12:12:19 A . (..) -- C:\Users\abo lith\Dropbox\123.exe   [44544]
O61 - LFC: 2015/07/15 13:37:37 A . (.doom.) -- C:\Users\abo lith\Dropbox\baan.exe   [12800]
O61 - LFC: 2015/07/15 12:33:09 A . (.?????????????????????????????.) -- C:\Users\abo lith\Dropbox\Downloader.exe   [14336]
O61 - LFC: 2015/07/15 11:22:57 A . (..) -- C:\Users\abo lith\Dropbox\m.exe   [91648]
O61 - LFC: 2015/07/15 13:56:48 A . (.doom.) -- C:\Users\abo lith\Downloads\baan.exe   [12800]
O61 - LFC: 2015/07/15 22:09:58 A . (.My Company, Inc..) -- C:\Users\abo lith\Downloads\ccleanerr.exe   [922731]
O61 - LFC: 2015/07/16 22:03:33 A . (.Copyright ©  2015.) -- C:\Users\abo lith\Downloads\chatsex.exe   [12800]
O61 - LFC: 2015/07/11 11:06:40 A . (.Adams-Land..) -- C:\Users\abo lith\Downloads\ClientSetup.exe   [710998]
O61 - LFC: 2015/07/15 00:54:56 A . (..) -- C:\Users\abo lith\Downloads\Download.exe   [222720]
O61 - LFC: 2015/07/15 12:34:14 A . (.?????????????????????????????.) -- C:\Users\abo lith\Downloads\Downloader.exe   [14336]
O61 - LFC: 2015/07/18 00:00:51 A . (..) -- C:\Users\abo lith\Downloads\game sex +18 girl porn.exe.torrent.exe   [258560]
O61 - LFC: 2015/07/11 08:49:59 A . (..) -- C:\Users\abo lith\Downloads\psiphon3.exe   [3527784]
O61 - LFC: 2015/07/15 02:38:42 A . (..) -- C:\Users\abo lith\Downloads\Server (1).exe   [400896]
O61 - LFC: 2015/07/15 01:47:55 A . (..) -- C:\Users\abo lith\Downloads\Server.exe   [245760]
O61 - LFC: 2015/07/13 20:54:28 A . (.AutoIt Team.) -- C:\Users\abo lith\Downloads\Programs\autoit-v3-setup.exe   [12043656]
O61 - LFC: 2015/07/13 21:12:18 A . (.CodeWall Technologies.) -- C:\Users\abo lith\Downloads\Programs\CodeWall4_0_0.exe   [5922675]
O61 - LFC: 2015/07/18 16:21:23 A . (.ESET.) -- C:\Users\abo lith\Downloads\Programs\esetsmartinstaller_enu_3.exe   [2870984]
O61 - LFC: 2015/07/15 21:50:01 A . (.jrsoftware.org.) -- C:\Users\abo lith\Downloads\Programs\isetup-5.5.1.exe   [1905704]
O61 - LFC: 2015/07/17 14:26:01 A . (.Copyright ©  2015.) -- C:\Users\abo lith\Downloads\Programs\photo.exe   [167424]
O61 - LFC: 2015/07/11 08:48:05 A . (..) -- C:\Users\abo lith\Downloads\Programs\psiphon-87-en-win.exe   [3529832]
O61 - LFC: 2015/07/15 01:03:13 A . (.Heaventools Software.) -- C:\Users\abo lith\Downloads\Programs\ResTuner_setup.exe   [4365557]
O61 - LFC: 2015/07/18 16:20:50 A . (.ShadowExplorer.com.) -- C:\Users\abo lith\Downloads\Programs\ShadowExplorer-0.9-setup_3.exe   [969845]
O61 - LFC: 2015/07/13 21:48:05 A . (.InstallBuilders.) -- C:\Users\abo lith\Downloads\Programs\simsetup.exe   [1601784]
O61 - LFC: 2015/07/14 00:48:27 A . (.Red Gate Software Ltd..) -- C:\Users\abo lith\Downloads\Programs\SmartAssembly.exe   [4798848]
O61 - LFC: 2015/07/17 05:04:04 A . (.Copyright ©  2015.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication6\WindowsApplication6\obj\Debug\hd porn.exe   [12800]
O61 - LFC: 2015/07/17 05:03:38 A . (..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication6\WindowsApplication6\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll   [6144]
O61 - LFC: 2015/07/17 05:04:04 A . (.Copyright ©  2015.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication6\WindowsApplication6\bin\Debug\hd porn.exe   [12800]
O61 - LFC: 2015/07/16 21:45:57 A . (.Copyright ©  2015.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication5\WindowsApplication5\obj\Debug\chatsex.exe   [12800]
O61 - LFC: 2015/07/16 21:44:55 A . (..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication5\WindowsApplication5\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll   [6144]
O61 - LFC: 2015/07/16 21:18:48 A . (.Copyright ©  2015.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication4\WindowsApplication4\obj\Debug\CAMSEX.exe   [12800]
O61 - LFC: 2015/07/16 21:17:19 A . (..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication4\WindowsApplication4\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll   [6144]
O61 - LFC: 2015/07/16 21:18:48 A . (.Copyright ©  2015.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication4\WindowsApplication4\bin\Debug\CAMSEX.exe   [12800]
O61 - LFC: 2015/07/16 20:40:03 A . (.Camshare, Inc..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication3\WindowsApplication3\Resources\camfrog.exe   [12346440]
O61 - LFC: 2015/07/16 20:40:03 A . (.xxn.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication3\WindowsApplication3\Resources\chatsex.exe   [13824]
O61 - LFC: 2015/07/16 20:44:36 A . (.camfrog.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication3\WindowsApplication3\obj\Debug\camfrog.exe   [12377088]
O61 - LFC: 2015/07/16 20:44:16 A . (..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication3\WindowsApplication3\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll   [6656]
O61 - LFC: 2015/07/16 20:32:31 A . (.Camshare, Inc..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication2\WindowsApplication2\Resources\camfrog.exe   [12346440]
O61 - LFC: 2015/07/16 20:32:32 A . (.xxn.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication2\WindowsApplication2\Resources\chatsex.exe   [13824]
O61 - LFC: 2015/07/16 19:51:12 A . (..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication2\WindowsApplication2\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll   [6656]
O61 - LFC: 2015/07/16 19:35:55 A . (.xxn.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication1\WindowsApplication1\obj\Debug\chatsex.exe   [13824]
O61 - LFC: 2015/07/16 19:32:02 A . (..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\WindowsApplication1\WindowsApplication1\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll   [6656]
O61 - LFC: 2015/07/15 13:00:46 A . (..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\the end\the end\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll   [6144]
O61 - LFC: 2015/07/15 13:37:37 A . (.doom.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\baan\baan\obj\Debug\baan.exe   [12800]
O61 - LFC: 2015/07/15 13:36:03 A . (..) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\baan\baan\obj\Debug\TempPE\My Project.Resources.Designer.vb.dll   [6144]
O61 - LFC: 2015/07/15 13:37:37 A . (.doom.) -- C:\Users\abo lith\Documents\Visual Studio 2015\Projects\baan\baan\bin\Debug\baan.exe   [12800]
O61 - LFC: 2015/07/17 23:01:48 A . (.game sex +18 girl porn.) -- C:\Users\abo lith\Documents\Output\sex game.exe   [10156145]
O61 - LFC: 2015/07/17 11:14:52 A . (..) -- C:\Users\abo lith\Documents\KONAMI\Pro Evolution Soccer 2015\save\SYSTEM.bin   [136577]
O61 - LFC: 2015/07/14 06:56:18 A . (..) -- C:\Users\abo lith\Documents\CodeWall\Server.exe   [151552]
O61 - LFC: 2015/07/13 21:14:05 A . (..) -- C:\Users\abo lith\Documents\Assassin's Creed III\Obfuscated\pic.exe   [119808]
O61 - LFC: 2015/07/17 05:20:02 A . (..) -- C:\Users\abo lith\Desktop\111111.exe   [400384]
O61 - LFC: 2015/07/17 05:36:35 A . (..) -- C:\Users\abo lith\Desktop\234.exe   [273408]
O61 - LFC: 2015/07/17 12:26:09 A . (.Copyright ©  2015.) -- C:\Users\abo lith\Desktop\key windows 10.exe   [167424]
O61 - LFC: 2015/07/17 12:18:40 A . (..) -- C:\Users\abo lith\Desktop\Server.exe   [24064]
O61 - LFC: 2015/07/13 21:15:14 A . (.???????????????????????????????.) -- C:\Users\abo lith\Desktop\ÇáÒÚíã\App.exe   [481280]
O61 - LFC: 2015/07/14 00:28:32 A . (.???????????????????????????????.) -- C:\Users\abo lith\Desktop\ÇáÒÚíã\Stub.exe   [56320]
O61 - LFC: 2015/07/15 22:02:14 A . (.My Company, Inc..) -- C:\Users\abo lith\Desktop\USB Show-www.kingnt.com\ccleanerr.exe   [922731]
O61 - LFC: 2015/07/15 13:37:37 A . (.doom.) -- C:\Users\abo lith\Desktop\USB Show-www.kingnt.com\kay office 2010.exe   [12800]
O61 - LFC: 2015/07/17 12:26:09 A . (.Copyright ©  2015.) -- C:\Users\abo lith\Desktop\Source\obj\Debug\key windows 10.exe   [167424]
O61 - LFC: 2015/07/17 23:27:18 A . (.game sex +18 girl porn.) -- C:\Users\abo lith\Desktop\Output\game sex +18 girl porn.exe   [16705408]
O61 - LFC: 2015/07/14 06:53:46 A . (..) -- C:\Users\abo lith\Desktop\New folder (8)\Server.exe   [91648]
O61 - LFC: 2015/07/14 02:03:46 A . (..) -- C:\Users\abo lith\Desktop\New folder (8)\æÑÇËÉ.exe   [91648]
O61 - LFC: 2015/07/14 06:57:07 A . (..) -- C:\Users\abo lith\Desktop\New folder (8)\Obfuscated\Server.exe   [119808]
O61 - LFC: 2015/07/15 02:35:13 A . (..) -- C:\Users\abo lith\Desktop\New folder (8)\j_Secure\Server.exe   [400896]
O61 - LFC: 2015/07/17 03:33:19 A . (..) -- C:\Users\abo lith\Desktop\New folder (13)\popup.dll   [359936]
O61 - LFC: 2015/07/17 02:25:03 A . (..) -- C:\Users\abo lith\Desktop\New folder (12)\123.exe   [291328]
O61 - LFC: 2015/07/17 02:35:02 A . (..) -- C:\Users\abo lith\Desktop\New folder (12)\sdfgh.exe   [278528]
O61 - LFC: 2015/07/17 02:21:18 A . (..) -- C:\Users\abo lith\Desktop\New folder (12)\server.exe   [291328]
O61 - LFC: 2015/07/17 10:44:48 A . (..) -- C:\Users\abo lith\Desktop\New folder (12)\sqlite3.dll   [175104]
O61 - LFC: 2015/07/17 02:26:47 A . (..) -- C:\Users\abo lith\Desktop\New folder (12)\ËÞÝÛÚ.exe   [278528]
O61 - LFC: 2015/07/15 23:06:40 A . (..) -- C:\Users\abo lith\Desktop\New folder (11)\ccleaner.exe   [1634]
O61 - LFC: 2015/07/15 14:47:16 A . (..) -- C:\Users\abo lith\Desktop\New folder (11)\New AutoIt v3 Script.exe   [858624]
O61 - LFC: 2015/07/15 14:47:05 A . (..) -- C:\Users\abo lith\Desktop\New folder (11)\ÝÝ.exe   [858624]
O61 - LFC: 2015/07/15 11:30:25 A . (.?????????????????????????????????.) -- C:\Users\abo lith\Desktop\New folder (10)\Downloader.exe   [11776]
O61 - LFC: 2015/07/15 11:34:27 A . (.?????????????????????????????????.) -- C:\Users\abo lith\Desktop\New folder (10)\Obfuscated\obfuscated\Downloader.exe   [15872]
O61 - LFC: 2015/07/15 12:39:08 A . (.?????????????????????????????.) -- C:\Users\abo lith\Desktop\BRTK-Downloader V2\Downloader.exe   [14336]
O61 - LFC: 2015/07/15 12:17:07 A . (..) -- C:\Users\abo lith\Desktop\BRTK-Downloader V2\Test Download\Brontok.exe   [179973]
O61 - LFC: 2015/07/17 15:38:20 A . (.Copyright ©  2015.) -- C:\Users\abo lith\AppData\Locala_UoFQFxNq.exe   [167424]
O61 - LFC: 2015/07/14 02:10:46 A . (..) -- C:\Users\abo lith\AppData\LocalHWqPyVYjSL.exe   [91648]
O61 - LFC: 2015/07/15 14:06:19 A . (.doom.) -- C:\Users\abo lith\AppData\LocalnNHQKMPSMm.exe   [12800]
O61 - LFC: 2015/07/14 02:26:36 A . (..) -- C:\Users\abo lith\AppData\LocalpTjNuHIbLO.exe   [91648]
O61 - LFC: 2015/07/13 23:25:25 A . (.???????????????????????????????.) -- C:\Users\abo lith\AppData\LocalrfnfKmujhG.exe   [572928]
O61 - LFC: 2015/07/14 01:46:47 A . (..) -- C:\Users\abo lith\AppData\LocalsuWfoQ_IJz.exe   [91648]
O61 - LFC: 2015/07/15 03:18:03 A . (..) -- C:\Users\abo lith\AppData\LocalXiEGtrxSkF.exe   [91648]
O61 - LFC: 2015/07/11 13:16:01 A . (..) -- C:\Users\abo lith\AppData\Roaming\VMPipe32.dll   [29]
O61 - LFC: 2015/07/18 00:01:05 A . (..) -- C:\Users\abo lith\AppData\Roaming\Resentful Compassion\Resentful Compassion.exe   [66048]
O61 - LFC: 2015/07/13 20:22:54 RA . (..) -- C:\Users\abo lith\AppData\Roaming\Microsoft\Installer\{17856158-5A86-4F9F-BC69-19129B2B3059}\_853F67D554F05449430E7E.exe   [30818]
O61 - LFC: 2015/07/13 20:22:54 RA . (..) -- C:\Users\abo lith\AppData\Roaming\Microsoft\Installer\{17856158-5A86-4F9F-BC69-19129B2B3059}\_CE6336DC057AF144B23A84.exe   [10134]
O61 - LFC: 2015/07/14 00:50:24 A . (.SkinSoft.) -- C:\Users\abo lith\AppData\Local\SkinSoft\VisualStyler\2.3.3.3\x86\ssapihook.dll   [58368]
O61 - LFC: 2015/07/17 03:45:28 A . (.SkinSoft.) -- C:\Users\abo lith\AppData\Local\SkinSoft\dotNET_Reactor\x86\ssapihook.dll   [69632]
O61 - LFC: 2015/07/16 21:37:07 A . (..) -- C:\Users\abo lith\AppData\Local\Microsoft\Windows\INetCache\IE\SM2IHR88\urlblockindex[1].bin   [16]
O61 - LFC: 2015/07/15 12:58:52 AH . (..) -- C:\Users\abo lith\AppData\Local\Microsoft\VisualStudio\14.0\VTC\ba026afd1e1dfc9f17e4ba2aa57a35bb\~PC\ProjectTemplates\cache.bin   [47080]
O61 - LFC: 2015/07/16 19:25:12 AH . (..) -- C:\Users\abo lith\AppData\Local\Microsoft\VisualStudio\14.0\VTC\ba026afd1e1dfc9f17e4ba2aa57a35bb\~IC\ItemTemplates\cache.bin   [14712]
O61 - LFC: 2015/07/15 12:58:55 AH . (..) -- C:\Users\abo lith\AppData\Local\Microsoft\VisualStudio\14.0\VTC\a7c40ee277c1c723e5ece9ba2f4d7797\~PC\ProjectTemplates\cache.bin   [481736]
O61 - LFC: 2015/07/16 19:25:14 AH . (..) -- C:\Users\abo lith\AppData\Local\Microsoft\VisualStudio\14.0\VTC\a7c40ee277c1c723e5ece9ba2f4d7797\~IC\ItemTemplates\cache.bin   [601960]
O61 - LFC: 2015/07/15 12:58:52 AH . (..) -- C:\Users\abo lith\AppData\Local\Microsoft\VisualStudio\14.0\VTC\4848a1a971ae3d539fe201505686cfe0\~PC\PT\cache.bin   [10088]
O61 - LFC: 2015/07/14 16:00:00 A . (..) -- C:\Users\abo lith\AppData\Local\Google\Update\Install\{65B1C6A9-4B5F-429D-AFE6-7CA20306A717}\43.0.2357.134_43.0.2357.132_chrome_updater.exe   [1080912]
O61 - LFC: 2015/07/14 16:00:00 A . (..) -- C:\Users\abo lith\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.134\43.0.2357.134_43.0.2357.132_chrome_updater.exe   [1080912]
O61 - LFC: 2015/07/16 19:45:58 AT . (..) -- C:\Users\abo lith\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe   [130888]
O61 - LFC: 2015/07/18 16:22:04 A . (..) -- C:\Users\abo lith\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin   [1113849]
O61 - LFC: 2015/07/13 10:14:22 A . (..) -- C:\Users\abo lith\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll   [16307888]
O61 - LFC: 2015/07/14 00:55:14 A . (..) -- C:\Users\abo lith\AppData\Local\Google\Chrome\Application\43.0.2357.134\libexif.dll   [310088]
O61 - LFC: 2015/07/13 23:01:21 A . (..) -- C:\Users\abo lith\AppData\Local\Google\Chrome\Application\43.0.2357.134\natives_blob.bin   [410937]
O61 - LFC: 2015/07/13 23:01:22 A . (..) -- C:\Users\abo lith\AppData\Local\Google\Chrome\Application\43.0.2357.134\snapshot_blob.bin   [449780]
O61 - LFC: 2015/07/14 00:55:16 A . (..) -- C:\Users\abo lith\AppData\Local\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll   [16308040]

---\\ File Associations Shell Spawning (O67) (10) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <ChromeHTML.BMYD6A3JSDLTM5NLY5UPVSII5M>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\abo lith\AppData\Local\Google\Chrome\Application\chrome.exe

---\\ Start Menu Internet (SMI) (O68) (8) - 0s
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe 
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.ex http://istart.webssearches.com/  =>PUP.Optional.WebsSearches
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe

---\\ Search Browser Infection (SBI) (O69) (2) - 7s
O69 - SBI: prefs.js [abo lith - 4qnshrvt.default] user_pref("extensions.quick_start.enable_search1", false);  =>PUP.Optional.QuickStart
O69 - SBI: prefs.js [abo lith - 4qnshrvt.default] user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);  =>PUP.Optional.QuickStart

---\\ Search Svchost Services (SSS) (O83) (36) - 3s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll   [161792]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll   [126976]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll   [126976]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll   [250368]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll   [1212928]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL   [733696]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll   [822784]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll   [24064]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll   [89600]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll   [115712]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll   [93696]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll   [1015808]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll   [185856]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll   [74752]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll   [108032]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll   [190464]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll   [296448]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll   [64512]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL   [75264]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll   [41984]
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\Windows\System32\wlidsvc.dll   [1245184]
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Windows Location Framework Service.) -- C:\Windows\System32\GeofenceMonitorService.dll   [367104]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll   [297984]
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\Windows\System32\DeviceSetupManager.dll   [167424]
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\Windows\System32\NcaSvc.dll   [142848]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll   [95232]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll   [461824]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll   [183296]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll   [58368]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll   [390144]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll   [254464]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll   [3062784]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll   [734208]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll   [576512]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll   [155648]
O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filt.) -- C:\Windows\System32\KeyboardFilterSvc.dll   [76096]

---\\ Firewall Active Exception List (FirewallRules) (O87) (44) - 7s
O87 - FAEL: "{CF220CA8-2C16-4A23-A368-001AD40F2956}" [In-None-P6-TRUE] .(. - KMS GUI ELDI.) -- C:\Program Files\KMSpico\KMSELDI.exe  =>PUA.KMSpico
O87 - FAEL: "{823A6BD8-4DB7-49FA-ADB3-5AE900B24935}" [In-None-P17-TRUE] .(. - KMS GUI ELDI.) -- C:\Program Files\KMSpico\KMSELDI.exe  =>PUA.KMSpico
O87 - FAEL: "{A1EE0C2F-95EB-4201-AA36-A712E93E379C}" [In-None-P17-TRUE] .(.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O87 - FAEL: "{E10A5227-0423-4A35-81BE-00D17845DBDE}" [In-None-P17-TRUE] .(.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O87 - FAEL: "{4C519EA6-1D74-4EF1-8B90-F1338E49A6ED}" [In-None-P17-TRUE] .(...) -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
O87 - FAEL: "{097868D4-29E2-4367-8AF7-E5C414FF59BF}" [In-None-P17-TRUE] .(...) -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
O87 - FAEL: "{9CE88EE8-5832-4662-99E0-529F38646F95}" [In-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\abo lith\AppData\Roaming\uTorrent\uTorrent.exe
O87 - FAEL: "{70A7A6E1-2074-4E2F-8AD7-BB6ECED602C0}" [In-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\abo lith\AppData\Roaming\uTorrent\uTorrent.exe
O87 - FAEL: "{101644AC-CE38-4543-9372-337C3898FCBF}" [In-None-P6-TRUE] .(.Realtek Semiconductor Corp. - RtWLan ( For Vista / Win7) Application(Exte.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
O87 - FAEL: "{BFD8F91F-EE64-4A0C-B5A8-D9796CF1407C}" [In-None-P17-TRUE] .(.Realtek Semiconductor Corp. - RtWLan ( For Vista / Win7) Application(Exte.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
O87 - FAEL: "TCP Query User{4D31404F-1435-47EF-BD7E-F6B6E89B8CE1}C:\games\counter-strike\hl.exe" [In-None-P6-TRUE] .(.Valve - Half-Life Launcher.) -- C:\games\counter-strike\hl.exe
O87 - FAEL: "UDP Query User{DFDF2726-0327-45EE-B09D-E32BC364982C}C:\games\counter-strike\hl.exe" [In-None-P17-TRUE] .(.Valve - Half-Life Launcher.) -- C:\games\counter-strike\hl.exe
O87 - FAEL: "TCP Query User{7782B28C-5C59-4BA5-BC14-937BACACD03B}D:\memonetdvd\need for speed most wanted\speed.exe" [In-None-P6-TRUE] .(...) -- D:\memonetdvd\need for speed most wanted\speed.exe
O87 - FAEL: "UDP Query User{3C57C15B-2D45-4F3B-AF32-F382AE063AED}D:\memonetdvd\need for speed most wanted\speed.exe" [In-None-P17-TRUE] .(...) -- D:\memonetdvd\need for speed most wanted\speed.exe
O87 - FAEL: "TCP Query User{A5945E2E-EF32-4D70-95B8-52837CAFE6A5}C:\program files\youwave android\vb\vboxsdl.exe" [In-None-P6-TRUE] .(...) -- C:\program files\youwave android\vb\vboxsdl.exe
O87 - FAEL: "UDP Query User{09727ADC-9CFD-44BC-BD42-7D023E07B9DE}C:\program files\youwave android\vb\vboxsdl.exe" [In-None-P17-TRUE] .(...) -- C:\program files\youwave android\vb\vboxsdl.exe
O87 - FAEL: "TCP Query User{2327FED5-F5AC-47B0-94F3-2EA83F265B2B}C:\program files\andy\andy.exe" [In-None-P6-TRUE] .(."" - Andy.) -- C:\program files\andy\andy.exe
O87 - FAEL: "UDP Query User{D3BDAB36-9C05-4AA6-9A8B-7A36978C2441}C:\program files\andy\andy.exe" [In-None-P17-TRUE] .(."" - Andy.) -- C:\program files\andy\andy.exe
O87 - FAEL: "TCP Query User{16CAB35D-5245-4069-88BA-2F405AEF584C}C:\program files\scc-tds\assassin's creed iii\ac3sp.exe" [In-None-P6-TRUE] .(...) -- C:\program files\scc-tds\assassin's creed iii\ac3sp.exe
O87 - FAEL: "UDP Query User{FA7723D3-0906-491B-85EB-33F3A9F06F9A}C:\program files\scc-tds\assassin's creed iii\ac3sp.exe" [In-None-P17-TRUE] .(...) -- C:\program files\scc-tds\assassin's creed iii\ac3sp.exe
O87 - FAEL: "{19FCF58A-A3D6-48F3-BCF2-1F34FCB4EA9C}" [In-None-P6-TRUE] .(.Square Enix - Thief.) -- C:\Games\Thief\Binaries\Win32\Shipping-ThiefGame.exe
O87 - FAEL: "{4D23F057-7A77-4254-8D14-00D45346AA9D}" [In-None-P17-TRUE] .(.Square Enix - Thief.) -- C:\Games\Thief\Binaries\Win32\Shipping-ThiefGame.exe
O87 - FAEL: "{52B3E174-14B7-4E81-A115-480549270CFC}" [In-None-P6-TRUE] .(.Square Enix - Thief.) -- C:\Games\Thief\Binaries\Win64\Shipping-ThiefGame.exe
O87 - FAEL: "{E3C6A86E-E0F3-459D-8BE8-851B14842964}" [In-None-P17-TRUE] .(.Square Enix - Thief.) -- C:\Games\Thief\Binaries\Win64\Shipping-ThiefGame.exe
O87 - FAEL: "{AF4AB151-7328-48BF-AE8B-BBB5FE4ECC15}" [In-None-P6-TRUE] .(.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O87 - FAEL: "{508D7B30-B224-4572-9F78-AB036631F1C4}" [In-None-P17-TRUE] .(.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O87 - FAEL: "TCP Query User{DC6619E7-9234-4981-85BB-E6E3A36B1188}C:\program files\konami\pro evolution soccer 2015\pes2015.exe" [In-None-P6-TRUE] .(.Konami Digital Entertainment Co., Ltd. - Pro Evolution Soccer 2015.) -- C:\program files\konami\pro evolution soccer 2015\pes2015.exe
O87 - FAEL: "UDP Query User{670C950E-ECFF-4762-BC98-433C148D7575}C:\program files\konami\pro evolution soccer 2015\pes2015.exe" [In-None-P17-TRUE] .(.Konami Digital Entertainment Co., Ltd. - Pro Evolution Soccer 2015.) -- C:\program files\konami\pro evolution soccer 2015\pes2015.exe
O87 - FAEL: "TCP Query User{C99F5647-F9C7-4143-91E2-553306B02B00}C:\users\abo lith\desktop\spygate-rat v 2.9\spygate-rat v 2.9.exe" [In-None-P6-TRUE] .(.UACODER - SpyGate-RAT v 2.9.) -- C:\users\abo lith\desktop\spygate-rat v 2.9\spygate-rat v 2.9.exe
O87 - FAEL: "UDP Query User{8F571B21-F257-43F4-8D4F-D3ACD9F38644}C:\users\abo lith\desktop\spygate-rat v 2.9\spygate-rat v 2.9.exe" [In-None-P17-TRUE] .(.UACODER - SpyGate-RAT v 2.9.) -- C:\users\abo lith\desktop\spygate-rat v 2.9\spygate-rat v 2.9.exe
O87 - FAEL: "TCP Query User{951722CC-2F83-47FC-B64E-5317D11E917A}C:\users\abo lith\desktop\bifrost\bifrost 1.2.1d\bifrost.exe" [In-None-P6-TRUE] .(. - Bifrost 1.2.1.) -- C:\users\abo lith\desktop\bifrost\bifrost 1.2.1d\bifrost.exe
O87 - FAEL: "UDP Query User{8A31AE64-3FAA-40FB-AF0D-6988666A6E00}C:\users\abo lith\desktop\bifrost\bifrost 1.2.1d\bifrost.exe" [In-None-P17-TRUE] .(. - Bifrost 1.2.1.) -- C:\users\abo lith\desktop\bifrost\bifrost 1.2.1d\bifrost.exe
O87 - FAEL: "TCP Query User{0DCD8F00-3034-4DCC-8025-242140AA6A57}C:\users\abo lith\desktop\bifrost\bifrost_1.2.b\bifrost.exe" [In-None-P6-TRUE] .(.http://www.chasenet.org - Bifrost 1.2.1.) -- C:\users\abo lith\desktop\bifrost\bifrost_1.2.b\bifrost.exe
O87 - FAEL: "UDP Query User{B5FE0DE9-01EF-49EE-A581-DC4315044558}C:\users\abo lith\desktop\bifrost\bifrost_1.2.b\bifrost.exe" [In-None-P17-TRUE] .(.http://www.chasenet.org - Bifrost 1.2.1.) -- C:\users\abo lith\desktop\bifrost\bifrost_1.2.b\bifrost.exe
O87 - FAEL: "TCP Query User{8833295E-5B15-4B97-B16B-18303D847C00}C:\users\abo lith\desktop\new folder (12)\spynet.exe" [In-None-P6-TRUE] .(...) -- C:\users\abo lith\desktop\new folder (12)\spynet.exe
O87 - FAEL: "UDP Query User{3B446918-CAD7-47AF-8507-DF8310A8974A}C:\users\abo lith\desktop\new folder (12)\spynet.exe" [In-None-P17-TRUE] .(...) -- C:\users\abo lith\desktop\new folder (12)\spynet.exe
O87 - FAEL: "TCP Query User{35FC3014-15B0-437B-9E0F-F833BC0C4E9C}C:\users\abo lith\desktop\ÕÕÕ\njrat.exe" [In-None-P6-TRUE] .(.njq8 - njRAT.) -- C:\users\abo lith\desktop\ÕÕÕ\njrat.exe
O87 - FAEL: "UDP Query User{6D5AA897-A4FD-4A58-AB60-6122C58B1574}C:\users\abo lith\desktop\ÕÕÕ\njrat.exe" [In-None-P17-TRUE] .(.njq8 - njRAT.) -- C:\users\abo lith\desktop\ÕÕÕ\njrat.exe
O87 - FAEL: "TCP Query User{985A876A-43B9-468F-8015-3B290CF7245E}C:\users\abo lith\desktop\new folder (13)\cliente.exe" [In-None-P6-TRUE] .(...) -- C:\users\abo lith\desktop\new folder (13)\cliente.exe
O87 - FAEL: "UDP Query User{643620D7-E789-40F2-A619-D606975FDF7C}C:\users\abo lith\desktop\new folder (13)\cliente.exe" [In-None-P17-TRUE] .(...) -- C:\users\abo lith\desktop\new folder (13)\cliente.exe
O87 - FAEL: "{A797F1E6-C063-438B-A75F-E68CCC148D34}" [In-None-P6-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe  =>PUA.KMSpico
O87 - FAEL: "{0809FF10-982E-49CA-BC44-AF67CE2E615F}" [In-None-P17-TRUE] .(. - AutoPico.) -- C:\Program Files\KMSpico\AutoPico.exe  =>PUA.KMSpico
O87 - FAEL: "{60E0C148-5C2B-4F29-8451-CBBAC982F81F}" [In-None-P6-TRUE] .(...) -- C:\Windows\System32\KMSServer.exe
O87 - FAEL: "{CA84CB60-67ED-41C0-8C68-A0EF6A4077AB}" [In-None-P17-TRUE] .(...) -- C:\Windows\System32\KMSServer.exe

---\\ Windows Installer Scan (WIS)(NTFS)(O93) (1) - 15s
[MD5.] [WIS][2015/06/05 04:55:15] (.APN, LLC - Ask.com ® - Install Builder.) -- C:\Windows\Installer\34e642.msi   [430080]  =>PUP.Optional.Bandoo

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) (29) - 40s
SR - Auto   [2013/09/26 17:22:14] [  209408]   (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - Auto   [2015/07/18 00:30:34] [  827184]  Avira Mail Protection (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
SR - Auto   [2015/07/18 00:33:54] [  450808]  Avira Scheduler (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - Auto   [2015/07/18 00:30:24] [  450808]  Avira Real-Time Protection (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - Auto   [2015/07/18 00:30:58] [ 1188360]  Avira Web Protection (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
SR - Auto   [2015/04/28 02:05:36] [  178568]  Ask Update Service (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
SR - Auto   [2015/07/02 13:13:50] [  218816]  Avira Service Host (Avira.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
SS - Auto   [2013/12/20 17:43:48] [  402192]  BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-Service.exe
SR - Auto   [2013/12/20 17:44:22] [  385808]  BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
SR - Auto   [2015/07/14 11:50:16] [ 1035768]  Camfrog Update Service (camfrog_update_service) . (.Camshare Inc..) - C:\Program Files\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
SR - Auto   [2012/07/19 15:18:38] [ 2568120]  CodeMeter Runtime Server (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
SS - Auto   [2015/07/15 12:13:57] [  134512]  Dropbox Update Service (dbupdate) (dbupdate) . (.Dropbox, Inc..) - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
SS - Demand [2015/07/15 12:13:57] [  134512]  Dropbox Update Service (dbupdatem) (dbupdatem) . (.Dropbox, Inc..) - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
SR - Auto   [2015/03/16 11:11:54] [   53248]  DDNS Enterprise Client (DDNS Enterprise Client) . (.Dynamic DNS Services  http://www.dyndnsservices.com.) - C:\Program Files\Enterprise DDNS Client\ddnsclient.exe
SR - Auto   [2008/09/27 05:03:34] [  188416]  JumpStart Push-Button Service (jswpbapi) . (.Atheros Communications, Inc..) - C:\Program Files\Jumpstart\jswpbapi.exe
SS - Demand [2008/09/27 05:02:28] [  954368]  JumpStart Wi-Fi Protected Setup (jswpsapi) . (.Atheros Communications, Inc..) - C:\Program Files\Jumpstart\jswpsapi.exe
SS - Demand [2015/07/10 15:08:21] [  148136]  Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - Auto   [2015/01/29 20:43:06] [   17816]  Private Tunnel Core Service (ptservice) . (.OpenVPN Technologies, Inc.) - C:\Program Files\OpenVPN Technologies\PrivateTunnel\ptservice.exe
SR - Auto   [2009/12/07 13:49:24] [   40960]  Realtek87B (Realtek87B) . (.Realtek.) - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
SR - Auto   [2015/07/18 00:01:05] [   66048]  Resentful Compassion (Resentful Compassion) . (...) - C:\Users\abo lith\AppData\Roaming\Resentful Compassion\Resentful Compassion.exe
SS - Auto   [2013/11/11 05:52:50] [  686080]  Service KMSELDI (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe
SR - Auto   [2013/01/02 17:49:24] [    9216]  ShadowExplorer Service (sesvc) . (.www.shadowexplorer.com.) - C:\Program Files\ShadowExplorer\sesvc.exe
SR - Auto   [2014/10/13 08:57:46] [  743688]  SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
SS - Demand [2010/02/19 14:37:14] [  517096]   (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - Auto   [2012/08/26 16:52:30] [   79872]  VMware Authorization Service (VMAuthdService) . (.VMware, Inc..) - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
SR - Auto   [2012/08/15 15:18:40] [  357016]  VMware DHCP Service (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\System32\vmnetdhcp.exe
SR - Auto   [2012/08/26 16:52:30] [  719512]  VMware USB Arbitration Service (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
SR - Auto   [2012/08/15 15:17:26] [  435864]  VMware NAT Service (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\System32\vmnat.exe
SR - Auto   [2012/08/26 16:52:30] [15680000]  VMware Workstation Server (VMwareHostd) . (...) - C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe

---\\ Additional Scan (O88) (30) - 0s
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe  =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe  =>Toolbar.Ask
C:\Users\abo lith\AppData\Roaming\Mozilla\Firefox\Profiles\4qnshrvt.default\extensions\toolbar_AVIRA-SP@apn.ask.com.xpi  =>Toolbar.Ask
C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml  =>PUP.Optional.WebsSearches
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5350-00A7-7A786E7484D7}  =>PUP.Optional.BrowserTabSearch
C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll  =>Toolbar.Ask
HKLM\SYSTEM\CurrentControlSet\Services\APNMCP  =>Toolbar.Ask
HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI  =>PUA.KMSpico
C:\Program Files\KMSpico\Service_KMS.exe  =>PUA.KMSpico
C:\Program Files\KMSpico\AutoPico.exe  =>PUA.KMSpico
C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5_user.job  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\AutoPico Daily Restart  =>PUA.KMSpico
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1  =>PUA.KMSpico
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41564952-412D-5350-00A7-A758B70C1D00}  =>PUP.Optional.BrowserTabSearch
HKLM\SOFTWARE\webssearchesSoftware  =>PUP.Optional.WebsSearches
HKCU\SOFTWARE\AskPartnerNetwork  =>Toolbar.Ask
HKCU\SOFTWARE\BIFROST1.2  =>Trojan.Bifrose
HKCU\SOFTWARE\SupHpUISoft  =>PUP.Optional.CrossRider
C:\Program Files\AskPartnerNetwork  =>Toolbar.Ask
C:\Program Files\KMSpico  =>PUA.KMSpico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>PUA.KMSpico
C:\ProgramData\AskPartnerNetwork  =>Toolbar.Ask
C:\Users\abo lith\AppData\Roaming\webssearches  =>PUP.Optional.WebsSearches
C:\Users\abo lith\AppData\Local\CrashRpt  =>.Legitimate.CrashReports
C:\Windows\Prefetch\OFFERCAST_AVIRAV7_.EXE-4633961C.pf  =>Toolbar.Ask
C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-37FCD94F.pf  =>.Enigma Software
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\Open\command [Bad: C:\Program Files\Internet Explorer\iexplore.ex http://istart.webssearches.com/]  =>PUP.Optional.WebsSearches
C:\Program Files\KMSpico\KMSELDI.exe  =>PUA.KMSpico
C:\Windows\Installer\34e642.msi  =>PUP.Optional.Bandoo

---\\ Summary of the elements found on your workstation (10) - 0s
http://www.nicolascoolman.fr/toolbar-ask/  =>Toolbar.Ask
http://www.nicolascoolman.fr/hijacker-webssearches/  =>PUP.Optional.WebsSearches
http://www.nicolascoolman.fr/pup-isstart/  =>PUP.Optional.IsStart
http://www.nicolascoolman.fr/pup-browsertabsearch/  =>PUP.Optional.BrowserTabSearch
http://www.nicolascoolman.fr/pup-kmspico/  =>PUA.KMSpico
http://www.nicolascoolman.fr/pup-crossrider/  =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/blog  =>Trojan.Bifrose
http://www.nicolascoolman.fr/blog  =>.Legitimate.CrashReports
http://www.nicolascoolman.fr/pup-quickstart/  =>PUP.Optional.QuickStart
http://www.nicolascoolman.fr/adware-bandoo/  =>PUP.Optional.Bandoo

~ End of the scan, 92830 items in 332 seconds (1295)(0)()