~ ZHPDiag v2015.8.5.111 By Nicolas Coolman (2015/08/5)
~ Run by 1 (Administrator)  (2015/08/06 22:25:00)
~ Site: http://www.nicolascoolman.fr
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version:  Version OK
~ Mode: Scan
~ Report: C:\Users\1\Desktop\ZHPDiag.txt
~ Report: C:\Users\1\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Deactivate
~ System startup: Normal (Normal boot)
~ Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)

---\\ Internet Browsers (2) - 0s
GCIE: Google Chrome v44.0.2403.130
MSIE: Internet Explorer v11.0.9600.17420

---\\ Windows Product Information (4) - 2s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK (Auto)
Windows Activation Technologies : OK

---\\ Surveillance software (1) - 0s
Adobe Reader XI

---\\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System:  32-bit 
~ Boot mode: Normal (Normal boot)
Total RAM: 2054.448 MB (24% free)
~ System Restore: Activé (Enable)
~ System drive C: has 305 GB free of 476 GB

---\\ Connection to the system mode (3) - 0s
~ Computer Name: 1-PC
~ User Name: 1
~ Logged in as Administrator

---\\ Enumeration of the disk units (1) - 0s
~ Drive C: has 305 GB free of 476 GB  (System)

---\\ State of the Windows Security Center (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

---\\ Search Generic System Files (23) - 1s
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2616320]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Windows host process (Rundll32).) () -- C:\Windows\System32\rundll32.exe [44544]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) () -- C:\Windows\System32\Wininit.exe [96256]
[MD5.6DD7D61A8EF3DFEC4FAEFEB395E77424] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\Windows\System32\wininet.dll [1892864]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Windows Logon Application.) () -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) () -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\Windows\System32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - NT File System Driver.) () -- C:\Windows\System32\drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\Windows\System32\drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) () -- C:\Windows\System32\drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\Windows\System32\drivers\volsnap.sys [245632]

---\\ Process running (25) - 2s
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.920]  =>PUP.Optional.Elex
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.1044]  =>PUP.Optional.Elex
[MD5.0FD99BAF91AD54ED70E64DE5BBA03559] - (...) -- C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93\hnsw400D.tmp [161792] [PID.1988]  =>PUP.Optional.CrossRider
[MD5.BA0438030506CD093286A5DF7D1385A5] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [500528] [PID.2032]
[MD5.C450C12E64F4B4DCE1396D281938869E] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files\Elex-tech\YAC\iSafeTray.exe [369488] [PID.1240]  =>PUP.Optional.Elex
[MD5.C5323F961012E91A9E4BF4FF377655F3] - (...) -- C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93\jnsb250C.tmp [209920] [PID.2096]  =>PUP.Optional.CrossRider
[MD5.64CA2D28CA1AAFE1DCAEFD96A6D5174B] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [108336] [PID.2168]
[MD5.26B3BA0D9AF3397B8E24ADC8DFDB3534] - (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2778416] [PID.2348]
[MD5.E7516B7083F888D3DB830FBBAB50A7EE] - (...) -- C:\Users\1\AppData\Local\gmsd_fr_009010051\upgmsd_fr_009010051.exe [3299472] [PID.2536]  =>PUP.Optional.CrossRider
[MD5.30F88BA17A74A714D088D869ABE9043B] - (...) -- C:\Program Files\Elex-tech\YAC\iDesk.exe [890584] [PID.2872]  =>PUP.Optional.Elex
[MD5.79EBA8852D377115E725D241545F3576] - (.Intel(R) Corporation - Intel(R) BlueTooth(R) HS Security Manager S.) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240] [PID.5104]
[MD5.4D990243DDDCC8B830316CA08979EC2C] - (.Elex do Brasil Participações Ltda - YAC.) -- C:\Program Files\Elex-tech\YAC\iSafe.exe [713544] [PID.4844]  =>PUP.Optional.Elex
[MD5.6E155D7D50FB6B4E90A700D0D5E43652] - (...) -- C:\Users\1\AppData\Local\gmsd_fr_009010053\upgmsd_fr_009010053.exe [3354256] [PID.3508]  =>PUP.Optional.CrossRider
[MD5.90A18CDD69B64AE65607E07BF7D61034] - (...) -- C:\Program Files\gmsd_fr_009010053\gmsd_fr_009010053.exe [3982480] [PID.3308]  =>PUP.Optional.CrossRider
[MD5.2A06DE988BC7AAC1D206E0804C4FFAAB] - (.WS - WS Client Service.) -- C:\Program Files\WordShark_1.10.0.20\Service\wssvc.exe [300120] [PID.4624]  =>PUP.Optional.WordShark
[MD5.5B637791E05117D25EAD9F66D9D1B44C] - (.Copyright 2013 - .) -- C:\Users\1\AppData\Local\Temp\nsjBDF1.tmp [210449] [PID.7016]
[MD5.153F088DFDB3F940AD9DAEB04A3ACC4D] - (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\1\AppData\Local\SmartWeb\SmartWebHelper.exe [270368] [PID.3400]  =>PUP.Optional.SmartWebSearch
[MD5.44069C2AC699C8DAD80A96FB1C8DFE57] - (.SoftBrain Technologies Ltd. - SmartWeb Application.) -- C:\Users\1\AppData\Local\SmartWeb\SmartWebApp.exe [557088] [PID.7400]  =>PUP.Optional.SmartWebSearch
[MD5.2E08A39DE1FBA54F9BF02A4B6453D9F1] - (.XTab system - ProtectSvc.exe.) -- C:\Program Files\MiuiTab\ProtectService.exe [125112] [PID.3436]  =>PUP.Optional.MiuiTab
[MD5.6A129DF750B69B6FA3E6C76EC3DCEE40] - (.SearchProtect - CmdShell.exe.) -- C:\Program Files\MiuiTab\CmdShell.exe [31928] [PID.7240]  =>PUP.Optional.MiuiTab
[MD5.BE2A33454BAC289094F6CC7A78AC1E20] - (.XTab system - SupHPNot.exe.) -- C:\Program Files\MiuiTab\HPNotify.exe [674488] [PID.3684]  =>PUP.Optional.MiuiTab
[MD5.853B07E93461762ED86A14DDB16EED17] - (...) -- C:\Users\1\AppData\Local\gmsd_fr_005010053\upgmsd_fr_005010053.exe [3352720] [PID.5588]  =>PUP.Optional.CrossRider
[MD5.1B366B05B4A815BC2CD19D8EDAB2DAF8] - (...) -- C:\Program Files\gmsd_fr_005010053\gmsd_fr_005010053.exe [3981456] [PID.6400]  =>PUP.Optional.CrossRider
[MD5.54C63A59197D9B6BB55C13B0DB40AC7A] - (...) -- C:\Users\1\AppData\Local\Temp\nsd5B91.tmp [229125] [PID.7512]
[MD5.9CED7CE775836334AB925ABECD2FDC6D] - (...) -- C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93\knst5BCA.tmp [607744] [PID.688]  =>PUP.Optional.CrossRider

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) (2) - 0s
G2 - GCE: Preference [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest  =>.Google Inc.

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) (13) - 2s
P2 - EXT FILE: (...) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\defsearchp@gmail.com.xpi  =>PUP.Optional.PriceFountain
P2 - EXT FILE: (...) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\minibar@go.im.xpi  =>PUP.Optional.Minibar
P2 - EXT FILE: (...) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\searchplugins\Google.xml
P2 - EXT FILE: (...) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\searchplugins\oursurfing.xml  =>PUP.Optional.OurSurfing
P2 - EXT: (. - RAnndomPrice.) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\01EFO@eIZ.net
P2 - EXT: (.Avira - Segurança do navegador Avira.) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\abs@avira.com
P2 - EXT: (.PlusHDV06.07 - Plus-HD.3.1nV06.07.) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\AVJYFVOD75109374@HCDE39471360.com
P2 - EXT: (. - unisaLese.) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\CTjmM0UM@p.org
P2 - EXT: (. - youtubeadblocker.) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\m4YK3@g.net
P2 - EXT: (. - uNIIsales.) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\RE061QX@s78.net
P2 - EXT: (.iMacros Team, iOpus Software GmbH - iMacros for Firefox.) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
P2 - FPN: [HKCU] [@citrixonline.com/appdetectorplugin] - (.Citrix Online.) -- C:\Users\1\AppData\Local\Citrix\Plugins\104\npappdetector.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) (12) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/  =>PUP.Optional.OurSurfing
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/  =>PUP.Optional.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/  =>PUP.Optional.StartSearch
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean  =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0

---\\ Internet Explorer, Proxy Management (R5) (5) - 0s
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs (3) - 1s
F2 - REG:system.ini: UserInit=C:\Windows\System32\Userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.)

---\\ Hosts file redirection (O1) (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Browser Helper Object (BHO) (O2) (2) - 0s
O2 - BHO: 68671f62832e4803b34065d441f9a2210065123 - {11111111-1111-1111-1111-110611511123} . (...) -- C:\Program Files\iWebar\iWebar-bho.dll (.not file.)  =>PUP.Optional.CrossRider
O2 - BHO: GoodTab Class - {1F91A9A1-01BA-4c81-863D-3BA0751E1419} . (.Good Co. Limited - GoodTab.) -- C:\Program Files\MiuiTab\SupTab.dll  =>PUP.Optional.MiuiTab

---\\ Auto loading programs from Registry and folders (O4) (21) - 1s
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gmsd_fr_009010051]  (Orphean)
O4 - HKLM\..\Run: [gmsd_fr_005010051]  (Orphean)
O4 - HKLM\..\Run: [gmsd_fr_009010053] . (...) -- C:\Program Files\gmsd_fr_009010053\gmsd_fr_009010053.exe  =>PUP.Optional.CrossRider
O4 - HKLM\..\Run: [SmartWeb] . (.SoftBrain Technologies Ltd. - SmartWeb helper.) -- C:\Users\1\AppData\Local\SmartWeb\SmartWebHelper.exe  =>PUP.Optional.SmartWebSearch
O4 - HKLM\..\Run: [gmsd_fr_005010053] . (...) -- C:\Program Files\gmsd_fr_005010053\gmsd_fr_005010053.exe  =>PUP.Optional.CrossRider
O4 - HKLM\..\RunOnce: [upgmsd_fr_009010051.exe] . (...) -- C:\Users\1\AppData\Local\gmsd_fr_009010051\upgmsd_fr_009010051.exe  =>PUP.Optional.CrossRider
O4 - HKLM\..\RunOnce: [Update] C:\Users\1\AppData\Roaming\ASPackage\ASPackage.exe (.not file.)  =>PUP.Optional.ASPackage
O4 - HKLM\..\RunOnce: [upgmsd_fr_009010053.exe] C:\Users\1\AppData\Local\gmsd_fr_009010051\upgmsd_fr_009010053.exe (.not file.)  =>PUP.Optional.CrossRider
O4 - HKLM\..\RunOnce: [upgmsd_fr_005010053.exe] C:\Users\1\AppData\Local\gmsd_fr_009010051\upgmsd_fr_005010053.exe (.not file.)  =>PUP.Optional.CrossRider
O4 - HKCU\..\Run: [hubiC] C:\Program Files\OVH\hubiC\hubiC.exe (.not file.)
O4 - HKCU\..\Run: [ApowersoftScreenRecorder] C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1210835065-3189822163-686493430-1000\..\Run: [hubiC] C:\Program Files\OVH\hubiC\hubiC.exe (.not file.)
O4 - HKUS\S-1-5-21-1210835065-3189822163-686493430-1000\..\Run: [ApowersoftScreenRecorder] C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (.not file.)

---\\ Global shortcuts Startup (O4G) (4) - 2s
O4 - GS\Startup [1]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\1\AppData\Local\SmartWeb\SmartWebHelper.exe  =>PUP.Optional.SmartWebSearch
O4 - GS\Startup [Administrator]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\1\AppData\Local\SmartWeb\SmartWebHelper.exe  =>PUP.Optional.SmartWebSearch
O4 - GS\Startup [Guest]: SmartWeb.lnk . (.SoftBrain Technologies Ltd. - SmartWeb helper.) C:\Users\1\AppData\Local\SmartWeb\SmartWebHelper.exe  =>PUP.Optional.SmartWebSearch
O4 - GS\CommonDesktop [Public]: YAC.lnk . (.Elex do Brasil Participações Ltda - iStart.) C:\Program Files\Elex-tech\YAC\iStart.exe  =>PUP.Optional.Elex

---\\ Winsock hijacker (Layered Service Provider) (O10) (5) - 0s
O10 - WLSP:\Catalog_Entries\000000000001\Winsock LSP File . (...) -- C:\Windows\System32\Shjencueit.dll (Hijacker.Winsock)
O10 - WLSP:\Catalog_Entries\000000000002\Winsock LSP File . (...) -- C:\Windows\System32\Shjencueit.dll (Hijacker.Winsock)
O10 - WLSP:\Catalog_Entries\000000000003\Winsock LSP File . (...) -- C:\Windows\System32\Shjencueit.dll (Hijacker.Winsock)
O10 - WLSP:\Catalog_Entries\000000000004\Winsock LSP File . (...) -- C:\Windows\System32\Shjencueit.dll (Hijacker.Winsock)
O10 - WLSP:\Catalog_Entries\000000000050\Winsock LSP File . (...) -- C:\Windows\System32\Shjencueit.dll (Hijacker.Winsock)

---\\ Lop.com/Domain Hijackers (O17) (9) - 1s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.222.18.222 209.222.18.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 209.222.18.222 209.222.18.218
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 209.222.18.222 209.222.18.218

---\\ AppInit_DLLs Registry value Autorun (O20) (1) - 0s
O20 - AppInit_DLLs: . (...) - c:\programdata\tomorrowgames\tomorrowgames32.dll   (.not file.)  =>PUP.Optional.TomorrowGames

---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) (23) - 1s
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) . (.Intel Corporation - Intel® Centrino® Wireless Bluetooth® + High.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Sec (BTHSSecurityMgr) . (.Intel(R) Corporation - Intel(R) BlueTooth(R) HS Security Manager S.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Skype Click to Call Updater (c2cautoupdatesvc) . (...) - C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (.not file.)
O23 - Service: Skype Click to Call PNR Service (c2cpnrsvc) . (...) - C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (.not file.)
O23 - Service: Wire Professional Version (comyninu) . (...) - C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93\hnsw400D.tmp  =>PUP.Optional.CrossRider
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Pointer Outbid (fibiwugy) . (...) - C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93\knst5BCA.tmp  =>PUP.Optional.CrossRider
O23 - Service: Country Code Wireless (helecufu) . (...) - C:\Users\1\AppData\Roaming\016D6829-1436364048-CB11-862F-82A9C6BEBA93\knsi9645.tmp (.not file.)  =>PUP.Optional.CrossRider
O23 - Service: Key In Bold Italic (hyverumu) . (...) - C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93\jnsb250C.tmp  =>PUP.Optional.CrossRider
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\MiuiTab\ProtectService.exe  =>PUP.Optional.AgentODR
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files\Elex-tech\YAC\iSafeSvc.exe  =>PUP.Optional.YetAnotherCleaner
O23 - Service: Network Virtual Bridge (Network Virtual Bridge) . (...) - C:\Program Files\Network Virtual Bridge\PROXY\adsentinel.exe (.not file.)
O23 - Service: Network Virtual Bridge S (Network Virtual Bridge S) . (...) - C:\Program Files\Network Virtual Bridge\SERVICE\SNetwork Virtual Bridge.exe (.not file.)
O23 - Service: Network Virtual Bridge Update Protocol (Network Virtual Bridge Update Protocol) . (...) - C:\Program Files\Network Virtual Bridge Update Protocol\Network Virtual Bridge Update Protocol.exe (.not file.)
O23 - Service: PsisQiya (PsisQiya) . (...) - C:\Program Files\PsisQiya\PsisQiya.exe (.not file.)
O23 - Service: qMcpsdJoip (qMcpsdJoip) . (...) - C:\ProgramData\HXqDVDEW\qMcpsdJoip.exe (.not file.)  =>PUP.Optional.Salus
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WikiBrowserUpdateService (WikiBrowserUpdateService) . (...) - C:\Users\1\AppData\Local\WikiUpdate.exe (.not file.)  =>PUP.Optional.WikiBrowser
O23 - Service: WS 1.10.0.20 Client Service (wssvc_1.10.0.20) . (.WS - WS Client Service.) - C:\Program Files\WordShark_1.10.0.20\Service\wssvc.exe  =>PUP.Optional.WordShark
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

---\\ Task Planned Automatically (O39) (78) - 6s
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\079140e8-b171-4010-a0e3-bd597cc31a82-5.job   [2428]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\079140e8-b171-4010-a0e3-bd597cc31a82-5_user.job   [2428]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\35c771a7-8118-43e2-b695-b0cc9c5b91e7-5.job   [2420]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\35c771a7-8118-43e2-b695-b0cc9c5b91e7-5_user.job   [2420]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-1.job   [3730]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-2.job   [2396]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-5.job   [2740]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-5_user.job   [3084]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-6.job   [5812]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-7.job   [5812]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\760ea730-8a3d-475c-81c6-c424212e406c-5.job   [2426]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\760ea730-8a3d-475c-81c6-c424212e406c-5_user.job   [2426]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-5.job   [2412]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-5_user.job   [2412]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\bca0778f-2663-4b49-a8bb-c8b1bb0592af-5.job   [2748]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\bca0778f-2663-4b49-a8bb-c8b1bb0592af-5_user.job   [2748]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job   [332]  =>PUP.Optional.BidailySync
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5.job   [2740]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5_user.job   [2740]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\DUWJP.job   [1320]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\FVUIKLQ1.job   [316]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job   [1042]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bc487203b316.job   [1052]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job   [1056]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\HMUDUIIMBIDEJUPY.job   [334]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\HVUFJ1.job   [346]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\JQSABNCRTTASNRRR.job   [334]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\NGTYIOSUIIPRGQDC.job   [334]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\Optscan.job   [332]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\Software Removal Tool logs upload retry.job   [324]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\Software Removal Tool post reboot run.job   [294]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\Superclean.job   [332]
O39 - APT: Orphean - (...) -- C:\Windows\Tasks\XUNMY1.job   [322]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\079140e8-b171-4010-a0e3-bd597cc31a82-5   [5458]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\079140e8-b171-4010-a0e3-bd597cc31a82-5_user   [5438]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-1   [6760]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-2   [5426]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-5   [5770]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-5_user   [6094]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-6   [8840]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-7   [8842]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\4431e93c-9d1d-44cf-a154-b905d01a83c8-5   [5440]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\4431e93c-9d1d-44cf-a154-b905d01a83c8-5_user   [5420]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\760ea730-8a3d-475c-81c6-c424212e406c-5   [5456]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\760ea730-8a3d-475c-81c6-c424212e406c-5_user   [5436]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\7968905b-190e-499d-81ad-f58daec54437-5   [5460]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\7968905b-190e-499d-81ad-f58daec54437-5_user   [5440]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-5   [5442]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-5_user   [5422]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\Adobe Acrobat Update Task   [3874]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\bca0778f-2663-4b49-a8bb-c8b1bb0592af-5   [5778]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\bca0778f-2663-4b49-a8bb-c8b1bb0592af-5_user   [5758]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]   [3236]  =>PUP.Optional.BidailySync
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5   [5770]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5_user   [5750]  =>PUP.Optional.CrossRider
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\DUWJP   [4330]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\Ehcks   [3630]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\FTUWBMH   [4678]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\FVUIKLQ1   [2838]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [3790]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0bc487203b316   [3800]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [4052]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\HMUDUIIMBIDEJUPY   [3360]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series   [3598]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\HVUFJ1   [2868]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\JQSABNCRTTASNRRR   [3360]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\NGTYIOSUIIPRGQDC   [3360]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\Optscan   [3236]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\Private Internet Access Startup   [3142]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313732323135323938312d3437415a556c2a3223346c41   [4210]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\Superclean   [3236]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\tet3008   [3080]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Core   [4152]  =>PUP.Optional.WordShark
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update   [4162]  =>PUP.Optional.WordShark
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\XUNMY1   [2844]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\{11522577-C9C7-4DD0-B916-A3875D4965A1}   [3124]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\{A5F35DC7-0885-4E0C-9ECB-A51D02C3C6BC}   [3122]
O39 - APT: Orphean - (...) -- C:\Windows\System32\Tasks\{D6380844-D686-4626-8835-2DB0719072BA}   [3110]

---\\ Software installed (O42) (44) - 13s
O42 - Logiciel: ArchiFacile version 18.8 - (.JSYS.) [HKLM] -- ArchiFacile_is1
O42 - Logiciel: Free Video to MP3 Converter version 5.0.59.525 - (.DVDVideoSoft Ltd..) [HKLM] -- Free Video to MP3 Converter_is1
O42 - Logiciel: GamesDesktop 001.005010053 - (.GAMESDESKTOP.) [HKLM] -- gmsd_fr_005010053_is1  =>PUP.Optional.GamesDesktop
O42 - Logiciel: GamesDesktop 001.009010053 - (.GAMESDESKTOP.) [HKLM] -- gmsd_fr_009010053_is1  =>PUP.Optional.GamesDesktop
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: HP Photo Creations - (.HP.) [HKLM] -- HP Photo Creations
O42 - Logiciel: YAC(Yet Another Cleaner!) - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] -- iSafe  =>PUP.Optional.Elex
O42 - Logiciel: mystartsearch uninstall - (.mystartsearch.) [HKLM] -- mystartsearch uninstall  =>PUP.Optional.StartSearch
O42 - Logiciel: Network Virtual Bridge - (.Network Virtual Bridge.) [HKLM] -- Network Virtual Bridge
O42 - Logiciel: Network Virtual Bridge Update Protocol - (.Network Virtual Bridge Update Protocol.) [HKLM] -- Network Virtual Bridge Update Protocol
O42 - Logiciel: Prism - Convertisseur de fichiers vidéo - (.NCH Software.) [HKLM] -- Prism
O42 - Logiciel: Intel PROSet Wireless - (...) [HKLM] -- ProInst
O42 - Logiciel: SmartWeb - (.SoftBrain Technologies Ltd..) [HKLM] -- SmartWeb  =>PUP.Optional.SmartWebSearch
O42 - Logiciel: Total Recorder 8.3 Professional Edition - (...) [HKLM] -- TotalRecorder
O42 - Logiciel: Intel(R) TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz
O42 - Logiciel: Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v2.0 - (...) [HKLM] -- Windows Vista - 7 - 8 - 8.1 KMS Activator Ultima~8B81782A_is1
O42 - Logiciel: WinRAR 5.11 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: WordShark 1.10.0.20 - (.WordShark.) [HKLM] -- WordShark_1.10.0.20  =>PUP.Optional.WordShark
O42 - Logiciel: XviD Video Codec (remove only) - (...) [HKLM] -- XviD Video Codec
O42 - Logiciel: Syncios version 4.2.1 - (.Anvsoft, Inc..) [HKLM] -- {068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1
O42 - Logiciel: OpenOffice 4.1.1 - (.Apache Software Foundation.) [HKLM] -- {121727D5-FDF3-4723-BA57-EB383440ED72}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {235EBB33-3DA1-46DF-AADE-9955123409CB}
O42 - Logiciel: Skype™ 7.5 - (.Skype Technologies S.A..) [HKLM] -- {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
O42 - Logiciel: Java 8 Update 25 - (.Oracle Corporation.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83218025F0}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC}
O42 - Logiciel: hubiC - x86 - (.OVH.) [HKLM] -- {55CDE6A7-6E4C-4E7A-8823-02440E0C4C37}
O42 - Logiciel: Screen Grab Pro - (...) [HKLM] -- {581125F9-D1C6-4797-93BB-47A992D69AA8}
O42 - Logiciel: HP Deskjet 1050 J410 series Help - (.Hewlett Packard.) [HKLM] -- {5C90D8CF-F12A-41C6-9007-3B651A1F0D78}
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}
O42 - Logiciel: HP Deskjet 1050 J410 series Product Improvement Study - (.Hewlett-Packard Co..) [HKLM] -- {5E83AB6E-2284-4468-BF97-A451904F186C}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
O42 - Logiciel: Skype Click to Call - (.Microsoft Corporation.) [HKLM] -- {6D1221A9-17BF-4EC0-81F2-27D30EC30701}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
O42 - Logiciel: Private Internet Access Support Files - (.Private Internet Access.) [HKLM] -- {7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}
O42 - Logiciel: hubiC - (.OVH.) [HKLM] -- {856b67e7-2245-4b30-8c95-a1ae830d9db5}
O42 - Logiciel: Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed - (.Intel Corporation.) [HKLM] -- {90F00673-A276-4A58-B675-B426D39D1E09}
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-0804-1033-1959-001824147215}
O42 - Logiciel: Adobe Reader XI (11.0.12) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: HPDiagnosticAlert - (.Microsoft.) [HKLM] -- {B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}
O42 - Logiciel: HP Deskjet 1050 J410 series Basic Device Software - (.Hewlett-Packard Co..) [HKLM] -- {C111B73A-93EA-4A12-80E2-0460F11D431F}
O42 - Logiciel: Logiciel Intel® PROSet/Wireless WiFi - (.Intel Corporation.) [HKLM] -- {ECE5B218-A086-4E18-A362-D11181681457}
O42 - Logiciel: Intel(R) Control Center - (.Intel Corporation.) [HKLM] -- {F8A9085D-4C7A-41a9-8A77-C8998A96C421}

---\\ HKCU & HKLM Software Keys (152) - 13s
HKLM\SOFTWARE\36c49227-0053-933c-b550-b3bc1867de52  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\81aa15d5-3b1a-c59a-3fb8-1114206429a1  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\ACCA
HKLM\SOFTWARE\Adobe
HKLM\SOFTWARE\AIM Toolbar
HKLM\SOFTWARE\AppDataLow
HKLM\SOFTWARE\Apple Computer, Inc.
HKLM\SOFTWARE\Apple Inc.
HKLM\SOFTWARE\AskPartnerNetwork  =>Toolbar.Ask
HKLM\SOFTWARE\ATI Technologies
HKLM\SOFTWARE\AviraSpeedup
HKLM\SOFTWARE\Borland
HKLM\SOFTWARE\CBSTEST
HKLM\SOFTWARE\CinemaPlus-3.2cV12.07  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\Com NotificationV25.03  =>PUP.Optional.ComNotification
HKLM\SOFTWARE\Conduit  =>PUP.Optional.Conduit
HKLM\SOFTWARE\CXT
HKLM\SOFTWARE\Cygwin
HKLM\SOFTWARE\DVDVideoSoft
HKLM\SOFTWARE\Elex-tech
HKLM\SOFTWARE\fecf6590-ce22-433d-b6e2-5abbff946005  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\GAMESDESKTOP  =>PUP.Optional.GamesDesktop
HKLM\SOFTWARE\GEAR Software
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\Hewlett-Packard
HKLM\SOFTWARE\HighCriteria
HKLM\SOFTWARE\HP
HKLM\SOFTWARE\I - Cinema  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\IHProtect  =>PUP.Optional.AgentODR
HKLM\SOFTWARE\IM Providers
HKLM\SOFTWARE\Iminent  =>PUP.Optional.IMBooster
HKLM\SOFTWARE\InstalledBrowserExtensions  =>PUP.Optional.BrowserExtensions
HKLM\SOFTWARE\Intel
HKLM\SOFTWARE\JavaSoft
HKLM\SOFTWARE\JreMetrics
HKLM\SOFTWARE\KiwiG PhonTunes
HKLM\SOFTWARE\LogMeInRescueCallingCard
HKLM\SOFTWARE\Lucky Luke
HKLM\SOFTWARE\Macromedia
HKLM\SOFTWARE\MimarSinan
HKLM\SOFTWARE\Mozilla
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\MozillaPlugins
HKLM\SOFTWARE\NCH Software
HKLM\SOFTWARE\Network Virtual Bridge
HKLM\SOFTWARE\Network Virtual Bridge Update Protocol
HKLM\SOFTWARE\ODBC
HKLM\SOFTWARE\OpenOffice
HKLM\SOFTWARE\Opera Software
HKLM\SOFTWARE\OVH
HKLM\SOFTWARE\Plus-HD.3.1nV06.07  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\RAW
HKLM\SOFTWARE\Reg
HKLM\SOFTWARE\RegisteredApplications
HKLM\SOFTWARE\RocketLife
HKLM\SOFTWARE\RT 7 Lite
HKLM\SOFTWARE\SearchProtect  =>PUP.Optional.SearchProtect
HKLM\SOFTWARE\searchult  =>PUP.Optional.Gen
HKLM\SOFTWARE\shopperz02082015  =>PUP.Optional.Shopperz
HKLM\SOFTWARE\Skype
HKLM\SOFTWARE\Sonic
HKLM\SOFTWARE\SpeedBit
HKLM\SOFTWARE\SupDp  =>PUP.Optional.SupTab
HKLM\SOFTWARE\supTab  =>PUP.Optional.SupTab
HKLM\SOFTWARE\supWindowsMangerProtect  =>PUP.Optional.Fuyu
HKLM\SOFTWARE\TeamViewer
HKLM\SOFTWARE\Traction Software
HKLM\SOFTWARE\Visan
HKLM\SOFTWARE\WajIntEnhance  =>PUP.Optional.Wajam
HKLM\SOFTWARE\WinRAR
HKLM\SOFTWARE\WombatUpdater
HKLM\SOFTWARE\WordShark_1.10.0.17  =>PUP.Optional.WordShark
HKLM\SOFTWARE\WordShark_1.10.0.20  =>PUP.Optional.WordShark
HKLM\SOFTWARE\WordSurfer_1.10.0.19  =>PUP.Optional.WordSurfer
HKCU\SOFTWARE\Abyssmedia
HKCU\SOFTWARE\ACCA
HKCU\SOFTWARE\Adobe
HKCU\SOFTWARE\Akeo Consulting
HKCU\SOFTWARE\AOL
HKCU\SOFTWARE\APN PIP  =>PUP.Optional.Conduit
HKCU\SOFTWARE\Appandora
HKCU\SOFTWARE\AppDataLow
HKCU\SOFTWARE\Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc.
HKCU\SOFTWARE\AskPartnerNetwork  =>Toolbar.Ask
HKCU\SOFTWARE\Audacity
HKCU\SOFTWARE\Bytescout
HKCU\SOFTWARE\CamStudioOpenSource for Nick
HKCU\SOFTWARE\chermenin
HKCU\SOFTWARE\Chromium
HKCU\SOFTWARE\Citrix
HKCU\SOFTWARE\DailyPcClean  =>PUP.Optional.DailyPCClean
HKCU\SOFTWARE\Dropbox
HKCU\SOFTWARE\DropboxUpdate
HKCU\SOFTWARE\DUWJP
HKCU\SOFTWARE\DVDVideoSoft
HKCU\SOFTWARE\ej-technologies
HKCU\SOFTWARE\FTUWBMH
HKCU\SOFTWARE\GNU
HKCU\SOFTWARE\Google
HKCU\SOFTWARE\Hewlett-Packard
HKCU\SOFTWARE\HighCriteria
HKCU\SOFTWARE\HomeTab  =>PUP.Optional.CertifiedToolbar
HKCU\SOFTWARE\HP
HKCU\SOFTWARE\IM Providers
HKCU\SOFTWARE\iMacros
HKCU\SOFTWARE\InstalledBrowserExtensions  =>PUP.Optional.BrowserExtensions
HKCU\SOFTWARE\InstallPath
HKCU\SOFTWARE\INTEL
HKCU\SOFTWARE\JavaSoft
HKCU\SOFTWARE\KiwiGeeker
HKCU\SOFTWARE\Kromtech
HKCU\SOFTWARE\Licenses
HKCU\SOFTWARE\Linkey  =>PUP.Optional.LinkeySearch
HKCU\SOFTWARE\LogMeInRescueCallingCard
HKCU\SOFTWARE\Macromedia
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\MurGee.com
HKCU\SOFTWARE\NCH Software
HKCU\SOFTWARE\NCH Swift Sound
HKCU\SOFTWARE\Netscape
HKCU\SOFTWARE\ODBC
HKCU\SOFTWARE\OpenOffice
HKCU\SOFTWARE\Opera Software
HKCU\SOFTWARE\OVH
HKCU\SOFTWARE\protic  =>PUP.Optional.Gen
HKCU\SOFTWARE\RAW
HKCU\SOFTWARE\Reg
HKCU\SOFTWARE\SearchProtectWS  =>PUP.Optional.SearchProtect
HKCU\SOFTWARE\SimplyTech  =>PUP.Optional.SimplyTech
HKCU\SOFTWARE\Skype
HKCU\SOFTWARE\Software
HKCU\SOFTWARE\Spoon
HKCU\SOFTWARE\StormWarningsApp  =>PUP.Optional.StormWarnings
HKCU\SOFTWARE\Syncios
HKCU\SOFTWARE\TeamViewer
HKCU\SOFTWARE\TNT2  =>PUP.Optional.TidyNetwork
HKCU\SOFTWARE\Tutorials  =>PUP.Optional.AgenceExclusive
HKCU\SOFTWARE\TutoTag  =>PUP.Optional.AgenceExclusive
HKCU\SOFTWARE\VB and VBA Program Settings
HKCU\SOFTWARE\Video Download Capture
HKCU\SOFTWARE\Visan
HKCU\SOFTWARE\WajIEnhance  =>PUP.Optional.Wajam
HKCU\SOFTWARE\WajIntEnhance  =>PUP.Optional.Wajam
HKCU\SOFTWARE\WebApp
HKCU\SOFTWARE\WinRAR
HKCU\SOFTWARE\WinRAR SFX
HKCU\SOFTWARE\ZebHelpProcess Helper
HKCU\SOFTWARE\AppDataLow\Software
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
HKCU\SOFTWARE\AppDataLow\Software\SmartWeb  =>PUP.Optional.SmartWebSearch

---\\ Contents of the Common Files folders (O43) (284) - 14s
O43 - CFD: 2015/08/06 22:12:11 - [] D -- C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93  =>PUP.Optional.CrossRider
O43 - CFD: 2014/12/26 04:10:25 - [0] D -- C:\Program Files\81acc394-582b-4b16-8a02-205d1e7a0987  =>PUP.Optional.CrossRider
O43 - CFD: 2014/12/29 18:55:46 - [0] D -- C:\Program Files\8fba5ec7-385c-4140-a6c1-ffcc53be9361  =>PUP.Optional.CrossRider
O43 - CFD: 2015/01/21 16:33:04 - [] D -- C:\Program Files\Absolute Radio Live Scores
O43 - CFD: 2014/12/26 03:46:58 - [] D -- C:\Program Files\Adobe
O43 - CFD: 2015/06/30 20:09:45 - [0] D -- C:\Program Files\Apowersoft
O43 - CFD: 2015/01/26 21:46:46 - [] D -- C:\Program Files\Apple Software Update
O43 - CFD: 2015/03/04 18:54:54 - [] D -- C:\Program Files\ArchiFacile
O43 - CFD: 2015/01/12 02:51:23 - [0] D -- C:\Program Files\Avira
O43 - CFD: 2015/08/03 22:09:05 - [0] D -- C:\Program Files\BXLucky
O43 - CFD: 2015/06/09 20:13:40 - [0] D -- C:\Program Files\CamStudio 2.7
O43 - CFD: 2014/11/30 11:06:29 - [] D -- C:\Program Files\Cisco
O43 - CFD: 2015/08/05 18:15:17 - [0] D -- C:\Program Files\Com NotificationV25.03  =>PUP.Optional.ComNotification
O43 - CFD: 2015/08/05 21:25:57 - [] D -- C:\Program Files\Common Files
O43 - CFD: 2015/01/26 21:21:30 - [0] D -- C:\Program Files\DigiCouponn  =>PUP.Optional.DiGiCoupon
O43 - CFD: 2011/04/12 04:24:27 - [] D -- C:\Program Files\DVD Maker
O43 - CFD: 2015/05/28 19:20:02 - [] D -- C:\Program Files\DVDVideoSoft
O43 - CFD: 2014/12/29 18:38:14 - [] D -- C:\Program Files\Elex-tech  =>PUP.Optional.Elex
O43 - CFD: 2015/08/05 02:26:54 - [] D -- C:\Program Files\Exploremedia  =>PUP.Optional.Gen
O43 - CFD: 2014/12/29 18:55:46 - [0] D -- C:\Program Files\f2cf1818-ec8b-4262-b345-e9201346d155  =>PUP.Optional.CrossRider
O43 - CFD: 2015/08/05 21:27:24 - [0] D -- C:\Program Files\gmsd_fr_005010051  =>PUP.Optional.CrossRider
O43 - CFD: 2015/08/06 22:08:38 - [] D -- C:\Program Files\gmsd_fr_005010053  =>PUP.Optional.CrossRider
O43 - CFD: 2015/08/05 17:43:40 - [0] D -- C:\Program Files\gmsd_fr_009010051  =>PUP.Optional.CrossRider
O43 - CFD: 2015/08/06 20:35:34 - [] D -- C:\Program Files\gmsd_fr_009010053  =>PUP.Optional.CrossRider
O43 - CFD: 2014/11/23 20:19:39 - [] D -- C:\Program Files\Google
O43 - CFD: 2015/07/12 04:21:57 - [0] D -- C:\Program Files\GUM8B1F.tmp
O43 - CFD: 2015/02/09 18:11:02 - [] D -- C:\Program Files\HighCriteria
O43 - CFD: 2014/12/29 02:51:18 - [] D -- C:\Program Files\HP
O43 - CFD: 2014/11/30 03:18:35 - [] D -- C:\Program Files\HP Photo Creations
O43 - CFD: 2015/06/09 15:09:46 - [] HD -- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2014/11/30 11:10:16 - [] D -- C:\Program Files\Intel
O43 - CFD: 2015/07/12 05:42:52 - [] D -- C:\Program Files\Internet Explorer
O43 - CFD: 2015/01/26 21:51:35 - [] D -- C:\Program Files\iPod
O43 - CFD: 2015/01/26 21:52:37 - [] D -- C:\Program Files\iTunes
O43 - CFD: 2014/12/23 13:41:10 - [] D -- C:\Program Files\Java
O43 - CFD: 2015/07/08 16:02:15 - [0] D -- C:\Program Files\mbot_fr_014010025  =>PUP.Optional.CrossRider
O43 - CFD: 2014/12/26 03:29:06 - [0] D -- C:\Program Files\Microsoft
O43 - CFD: 2011/04/12 04:24:27 - [] D -- C:\Program Files\Microsoft Games
O43 - CFD: 2014/11/23 23:04:10 - [] D -- C:\Program Files\Microsoft Office
O43 - CFD: 2014/11/23 23:04:03 - [] D -- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 2014/11/23 23:02:07 - [] D -- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 2014/11/23 23:08:30 - [] D -- C:\Program Files\Microsoft Works
O43 - CFD: 2014/11/24 01:18:16 - [] D -- C:\Program Files\Microsoft.NET
O43 - CFD: 2015/08/06 22:08:01 - [] D -- C:\Program Files\MiuiTab  =>PUP.Optional.MiuiTab
O43 - CFD: 2015/08/04 02:17:41 - [0] D -- C:\Program Files\Mozilla Firefox
O43 - CFD: 2014/11/23 23:04:17 - [] D -- C:\Program Files\MSBuild
O43 - CFD: 2015/07/12 12:07:59 - [0] D -- C:\Program Files\MyVirtualHome
O43 - CFD: 2015/04/30 21:31:31 - [] D -- C:\Program Files\NCH Software
O43 - CFD: 2015/04/16 16:25:51 - [] D -- C:\Program Files\Network Virtual Bridge
O43 - CFD: 2015/07/12 05:31:20 - [] D -- C:\Program Files\Network Virtual Bridge Update Protocol
O43 - CFD: 2015/04/06 15:55:56 - [] D -- C:\Program Files\OpenOffice 4
O43 - CFD: 2015/02/01 00:18:33 - [] D -- C:\Program Files\OVH
O43 - CFD: 2015/07/12 05:31:43 - [] D -- C:\Program Files\pia_manager
O43 - CFD: 2015/08/05 02:36:27 - [0] D -- C:\Program Files\Plus-HD.3.1nV06.07  =>PUP.Optional.CrossRider
O43 - CFD: 2014/12/26 03:08:40 - [0] D -- C:\Program Files\pre_installer_fr
O43 - CFD: 2015/07/12 05:42:52 - [] SHD -- C:\Program Files\PsisQiya
O43 - CFD: 2009/07/14 06:52:30 - [] D -- C:\Program Files\Reference Assemblies
O43 - CFD: 2015/08/05 17:43:40 - [] D -- C:\Program Files\shopperz02082015  =>PUP.Optional.Shopperz
O43 - CFD: 2015/06/09 17:01:33 - [] RD -- C:\Program Files\Skype
O43 - CFD: 2015/07/08 18:09:51 - [] D -- C:\Program Files\Software  =>PUP.Optional.Boxore
O43 - CFD: 2015/07/12 05:31:43 - [] D -- C:\Program Files\Syncios
O43 - CFD: 2015/06/30 20:05:50 - [] D -- C:\Program Files\TeamViewer
O43 - CFD: 2015/06/09 15:09:46 - [] D -- C:\Program Files\Traction Software
O43 - CFD: 2015/01/25 17:40:48 - [] D -- C:\Program Files\uNIIsales  =>PUP.Optional.Multiplug
O43 - CFD: 2009/07/14 06:53:23 - [0] HD -- C:\Program Files\Uninstall Information
O43 - CFD: 2015/02/27 15:47:53 - [] D -- C:\Program Files\unisaLese  =>PUP.Optional.Multiplug
O43 - CFD: 2014/11/26 22:53:55 - [] D -- C:\Program Files\Windows Defender
O43 - CFD: 2014/11/26 22:54:19 - [] D -- C:\Program Files\Windows Journal
O43 - CFD: 2011/04/12 04:16:02 - [] D -- C:\Program Files\Windows Mail
O43 - CFD: 2014/11/26 22:54:03 - [] D -- C:\Program Files\Windows Media Player
O43 - CFD: 2009/07/14 06:52:30 - [] D -- C:\Program Files\Windows NT
O43 - CFD: 2011/04/12 04:16:02 - [] D -- C:\Program Files\Windows Photo Viewer
O43 - CFD: 2010/11/20 23:33:48 - [] D -- C:\Program Files\Windows Portable Devices
O43 - CFD: 2011/04/12 04:16:02 - [] D -- C:\Program Files\Windows Sidebar
O43 - CFD: 2014/12/29 02:34:22 - [] D -- C:\Program Files\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v2.0
O43 - CFD: 2014/11/23 22:13:25 - [] D -- C:\Program Files\WinRAR
O43 - CFD: 2015/08/06 20:38:36 - [] D -- C:\Program Files\WordShark_1.10.0.20  =>PUP.Optional.WordShark
O43 - CFD: 2015/06/09 17:27:12 - [] D -- C:\Program Files\XviD
O43 - CFD: 2015/02/27 15:47:51 - [] D -- C:\Program Files\youtubeadblocker  =>PUP.Optional.YouTubeAdBlock
O43 - CFD: 2014/11/23 19:21:35 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2014/11/23 23:06:25 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/06/30 20:09:44 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
O43 - CFD: 2015/03/04 18:54:54 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArchiFacile
O43 - CFD: 2015/05/28 19:19:30 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
O43 - CFD: 2014/11/23 19:21:37 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
O43 - CFD: 2015/08/06 22:08:38 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP  =>PUP.Optional.GamesDesktop
O43 - CFD: 2015/08/05 21:25:59 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 2014/12/29 02:51:17 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
O43 - CFD: 2014/11/30 10:55:33 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
O43 - CFD: 2015/08/04 02:07:58 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
O43 - CFD: 2015/01/26 21:52:48 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
O43 - CFD: 2014/12/23 13:42:06 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
O43 - CFD: 2009/07/14 06:42:30 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2014/11/24 00:52:41 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
O43 - CFD: 2014/11/23 23:02:08 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
O43 - CFD: 2015/04/06 15:56:28 - [] SD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
O43 - CFD: 2015/07/12 15:48:29 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes ACCA
O43 - CFD: 2015/04/30 21:31:36 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo
O43 - CFD: 2014/11/24 21:50:32 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
O43 - CFD: 2015/06/09 20:17:07 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2015/04/30 21:31:36 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software
O43 - CFD: 2015/01/26 22:12:29 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios
O43 - CFD: 2011/04/12 04:24:18 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2015/02/09 18:11:04 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Recorder
O43 - CFD: 2015/06/09 15:09:46 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traction Software
O43 - CFD: 2014/11/23 22:13:25 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 2015/06/09 17:27:12 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD
O43 - CFD: 2014/12/29 18:38:35 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
O43 - CFD: 2015/07/12 05:42:52 - [] D -- C:\ProgramData\10626454718617734077
O43 - CFD: 2015/07/08 16:01:11 - [] D -- C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
O43 - CFD: 2015/08/05 02:21:55 - [] D -- C:\ProgramData\19a87fa1ec024bbcbb41931263354405
O43 - CFD: 2015/08/06 22:07:16 - [] D -- C:\ProgramData\6WinManPro6
O43 - CFD: 2015/07/08 16:11:54 - [] D -- C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
O43 - CFD: 2015/01/26 21:21:31 - [] D -- C:\ProgramData\9378c043e4fbcbbd
O43 - CFD: 2015/08/05 21:25:28 - [0] D -- C:\ProgramData\9cb4aa2000004644
O43 - CFD: 2015/07/08 17:22:08 - [] D -- C:\ProgramData\abc
O43 - CFD: 2014/11/24 00:24:06 - [] D -- C:\ProgramData\Adobe
O43 - CFD: 2015/01/26 21:46:42 - [] D -- C:\ProgramData\Apple
O43 - CFD: 2015/01/26 21:51:34 - [] D -- C:\ProgramData\Apple Computer
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Application Data
O43 - CFD: 2015/01/26 21:52:37 - [] D -- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
O43 - CFD: 2015/08/04 02:02:15 - [] D -- C:\ProgramData\Dell
O43 - CFD: 2015/06/09 17:16:17 - [] D -- C:\ProgramData\Deskshare
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Desktop
O43 - CFD: 2015/01/26 22:05:21 - [0] D -- C:\ProgramData\DigiCouponn  =>PUP.Optional.DiGiCoupon
O43 - CFD: 2015/08/05 21:25:28 - [] D -- C:\ProgramData\DiscOuntEEXteNsi  =>PUP.Optional.Multiplug
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Documents
O43 - CFD: 2015/06/21 02:30:50 - [] D -- C:\ProgramData\Dropbox
O43 - CFD: 2015/08/05 02:37:44 - [] D -- C:\ProgramData\ec118d4800004bbf
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Favorites
O43 - CFD: 2015/08/05 21:25:29 - [0] D -- C:\ProgramData\FWinManProF
O43 - CFD: 2015/01/23 13:26:13 - [] D -- C:\ProgramData\hmhnbobfjgjmbopchalgmeealfdklokl
O43 - CFD: 2014/11/30 03:17:45 - [] D -- C:\ProgramData\HP
O43 - CFD: 2014/11/30 03:18:34 - [] D -- C:\ProgramData\HP Photo Creations
O43 - CFD: 2015/07/12 05:42:51 - [] D -- C:\ProgramData\HXqDVDEW
O43 - CFD: 2015/08/06 22:07:39 - [] D -- C:\ProgramData\IHProtectUpDate  =>PUP.Optional.AgentODR
O43 - CFD: 2014/11/30 11:06:28 - [] D -- C:\ProgramData\Intel
O43 - CFD: 2015/06/16 15:31:16 - [] D -- C:\ProgramData\IsolatedStorage
O43 - CFD: 2015/01/16 03:13:02 - [] D -- C:\ProgramData\jacblkbdhncpmblofjecnmgegggnbaka
O43 - CFD: 2015/06/30 18:02:09 - [] SD -- C:\ProgramData\Microsoft
O43 - CFD: 2014/11/23 23:10:40 - [] D -- C:\ProgramData\Microsoft Help
O43 - CFD: 2015/06/09 14:11:24 - [] D -- C:\ProgramData\Mozilla
O43 - CFD: 2015/08/05 21:25:29 - [0] D -- C:\ProgramData\MWinManProM
O43 - CFD: 2015/07/12 12:07:57 - [] D -- C:\ProgramData\MyVirtualHome
O43 - CFD: 2015/04/30 21:31:39 - [] D -- C:\ProgramData\NCH Software
O43 - CFD: 2014/12/23 13:41:26 - [] D -- C:\ProgramData\Oracle
O43 - CFD: 2015/07/12 05:42:51 - [] D -- C:\ProgramData\Package Cache
O43 - CFD: 2015/01/16 03:12:27 - [] D -- C:\ProgramData\pkfhadkndolkejfikoefibejoieddkcc
O43 - CFD: 2014/11/30 11:09:08 - [] D -- C:\ProgramData\Roaming
O43 - CFD: 2015/08/05 02:22:00 - [] D -- C:\ProgramData\Service1104
O43 - CFD: 2015/07/12 05:42:51 - [] D -- C:\ProgramData\Service7609
O43 - CFD: 2015/07/12 05:42:51 - [] D -- C:\ProgramData\Service8609
O43 - CFD: 2015/06/09 16:55:40 - [] D -- C:\ProgramData\Skype
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Start Menu
O43 - CFD: 2014/12/23 13:42:48 - [] D -- C:\ProgramData\Sun
O43 - CFD: 2015/08/06 11:48:33 - [0] D -- C:\ProgramData\SWinManProS
O43 - CFD: 2009/07/14 06:53:55 - [0] SHD -- C:\ProgramData\Templates
O43 - CFD: 2014/11/30 03:18:34 - [] D -- C:\ProgramData\Visan
O43 - CFD: 2015/01/26 21:09:55 - [] D -- C:\ProgramData\WindSolutions
O43 - CFD: 2015/08/05 02:04:35 - [] D -- C:\ProgramData\{0a6cc7d7-4c45-2bd2-0a6c-cc7d74c41f5d}
O43 - CFD: 2015/08/06 11:37:57 - [] D -- C:\ProgramData\{3b557809-28b3-41a8-3b55-5780928be024}
O43 - CFD: 2015/07/17 20:34:12 - [] D -- C:\ProgramData\{6df26454-1d5d-4e4d-6df2-264541d59150}
O43 - CFD: 2015/07/19 11:17:00 - [] D -- C:\ProgramData\{ae9277f4-17e4-4194-ae92-277f417edfd0}
O43 - CFD: 2014/11/24 00:18:25 - [] D -- C:\Program Files\Common Files\Adobe
O43 - CFD: 2015/01/26 21:51:34 - [] D -- C:\Program Files\Common Files\Apple
O43 - CFD: 2014/11/23 23:04:03 - [] D -- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2015/05/28 19:19:02 - [] D -- C:\Program Files\Common Files\DVDVideoSoft
O43 - CFD: 2015/06/09 15:09:39 - [] D -- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2014/11/30 11:06:28 - [] D -- C:\Program Files\Common Files\Intel
O43 - CFD: 2014/12/23 13:42:47 - [] D -- C:\Program Files\Common Files\Java
O43 - CFD: 2015/04/06 15:54:26 - [] D -- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2009/07/14 04:37:05 - [] D -- C:\Program Files\Common Files\Services
O43 - CFD: 2014/11/24 21:50:29 - [] D -- C:\Program Files\Common Files\Skype
O43 - CFD: 2009/07/14 04:37:05 - [] D -- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2015/08/05 21:25:58 - [] D -- C:\Program Files\Common Files\System
O43 - CFD: 2015/03/09 20:24:47 - [] D -- C:\Program Files\Common Files\TeighaX 3.4
O43 - CFD: 2015/07/12 05:42:43 - [] D -- C:\Users\1\AppData\Roaming\016D6829-1436364048-CB11-862F-82A9C6BEBA93
O43 - CFD: 2015/07/12 03:21:54 - [] D -- C:\Users\1\AppData\Roaming\016D6829-1436364624-CB11-862F-82A9C6BEBA93
O43 - CFD: 2015/02/09 17:53:34 - [] D -- C:\Users\1\AppData\Roaming\Abyssmedia
O43 - CFD: 2014/11/26 23:04:13 - [] D -- C:\Users\1\AppData\Roaming\Adobe
O43 - CFD: 2015/02/09 22:15:13 - [] D -- C:\Users\1\AppData\Roaming\AnvSoft
O43 - CFD: 2015/06/09 15:18:07 - [] D -- C:\Users\1\AppData\Roaming\Apowersoft
O43 - CFD: 2015/01/26 21:16:38 - [] D -- C:\Users\1\AppData\Roaming\Appandora
O43 - CFD: 2015/06/08 16:14:25 - [] D -- C:\Users\1\AppData\Roaming\Apple Computer
O43 - CFD: 2015/02/09 18:44:31 - [] D -- C:\Users\1\AppData\Roaming\Audacity
O43 - CFD: 2015/07/12 03:21:54 - [] D -- C:\Users\1\AppData\Roaming\Auto Clicker
O43 - CFD: 2015/01/25 13:17:03 - [] D -- C:\Users\1\AppData\Roaming\com.binarybot.BinaryOptionRobot
O43 - CFD: 2015/07/06 11:13:35 - [] D -- C:\Users\1\AppData\Roaming\Dropbox
O43 - CFD: 2015/05/28 19:23:01 - [] D -- C:\Users\1\AppData\Roaming\DVDVideoSoft
O43 - CFD: 2015/01/26 21:20:47 - [] D -- C:\Users\1\AppData\Roaming\EASEUS
O43 - CFD: 2014/12/29 18:57:35 - [] D -- C:\Users\1\AppData\Roaming\eCyber  =>PUP.Optional.Elex
O43 - CFD: 2014/12/29 18:38:14 - [] D -- C:\Users\1\AppData\Roaming\Elex-tech  =>PUP.Optional.Elex
O43 - CFD: 2015/02/01 02:59:52 - [] D -- C:\Users\1\AppData\Roaming\eTeks
O43 - CFD: 2015/02/09 17:39:59 - [] D -- C:\Users\1\AppData\Roaming\FMZilla
O43 - CFD: 2014/12/29 18:40:20 - [] D -- C:\Users\1\AppData\Roaming\GetRightToGo
O43 - CFD: 2014/12/29 02:36:14 - [] D -- C:\Users\1\AppData\Roaming\HpUpdate
O43 - CFD: 2015/07/07 18:29:27 - [] D -- C:\Users\1\AppData\Roaming\hubiC
O43 - CFD: 2014/11/23 20:07:08 - [] D -- C:\Users\1\AppData\Roaming\Identities
O43 - CFD: 2015/08/04 02:37:51 - [0] D -- C:\Users\1\AppData\Roaming\idesktop
O43 - CFD: 2015/04/16 16:25:14 - [] D -- C:\Users\1\AppData\Roaming\InAppBrowser
O43 - CFD: 2015/06/09 20:15:37 - [] D -- C:\Users\1\AppData\Roaming\InAppBrowserInstaller
O43 - CFD: 2014/11/30 10:54:22 - [] D -- C:\Users\1\AppData\Roaming\InstallShield
O43 - CFD: 2014/11/30 11:09:18 - [] D -- C:\Users\1\AppData\Roaming\Intel
O43 - CFD: 2014/11/30 11:14:09 - [] D -- C:\Users\1\AppData\Roaming\Intel Corporation
O43 - CFD: 2015/06/16 15:31:15 - [] D -- C:\Users\1\AppData\Roaming\IsolatedStorage
O43 - CFD: 2015/01/26 21:20:45 - [] D -- C:\Users\1\AppData\Roaming\kiwipt
O43 - CFD: 2015/01/25 13:16:57 - [] D -- C:\Users\1\AppData\Roaming\Macromedia
O43 - CFD: 2011/04/12 04:24:18 - [0] D -- C:\Users\1\AppData\Roaming\Media Center Programs
O43 - CFD: 2015/07/12 05:42:42 - [] SD -- C:\Users\1\AppData\Roaming\Microsoft
O43 - CFD: 2015/06/09 14:12:17 - [] D -- C:\Users\1\AppData\Roaming\Mozilla
O43 - CFD: 2015/08/06 22:03:06 - [] D -- C:\Users\1\AppData\Roaming\mystartsearch  =>PUP.Optional.StartSearch
O43 - CFD: 2015/04/30 21:33:05 - [] D -- C:\Users\1\AppData\Roaming\NCH Software
O43 - CFD: 2015/04/06 15:57:16 - [] D -- C:\Users\1\AppData\Roaming\OpenOffice
O43 - CFD: 2014/12/26 04:11:20 - [0] D -- C:\Users\1\AppData\Roaming\Opera Software
O43 - CFD: 2015/06/09 01:57:05 - [] D -- C:\Users\1\AppData\Roaming\PopupProvider
O43 - CFD: 2015/06/09 17:40:59 - [] D -- C:\Users\1\AppData\Roaming\Rylstim Screen Recorder
O43 - CFD: 2015/07/23 10:55:53 - [] D -- C:\Users\1\AppData\Roaming\Skype
O43 - CFD: 2015/03/27 15:42:12 - [] D -- C:\Users\1\AppData\Roaming\Syncios
O43 - CFD: 2015/06/18 13:56:58 - [] D -- C:\Users\1\AppData\Roaming\TeamViewer
O43 - CFD: 2015/06/08 16:14:19 - [] D -- C:\Users\1\AppData\Roaming\Titanium
O43 - CFD: 2015/02/09 18:12:58 - [] D -- C:\Users\1\AppData\Roaming\TotalRecorder
O43 - CFD: 2014/12/26 03:28:26 - [] D -- C:\Users\1\AppData\Roaming\uTorrent
O43 - CFD: 2015/01/26 21:12:36 - [] D -- C:\Users\1\AppData\Roaming\WindSolutions
O43 - CFD: 2014/11/23 22:13:42 - [] D -- C:\Users\1\AppData\Roaming\WinRAR
O43 - CFD: 2015/07/01 14:46:30 - [] SHD -- C:\Users\1\AppData\Roaming\wyUpdate AU
O43 - CFD: 2015/02/10 00:58:51 - [] D -- C:\Users\1\AppData\Roaming\YouTubeByClick
O43 - CFD: 2015/08/06 22:25:08 - [] D -- C:\Users\1\AppData\Roaming\ZHP
O43 - CFD: 2015/07/12 05:42:51 - [] D -- C:\Users\1\AppData\Local\016D6829-1436364129-CB11-862F-82A9C6BEBA93
O43 - CFD: 2015/07/08 18:55:16 - [0] D -- C:\Users\1\AppData\Local\016D6829-1436364299-CB11-862F-82A9C6BEBA93
O43 - CFD: 2015/08/05 02:37:24 - [0] D -- C:\Users\1\AppData\Local\016D6829-1438740045-CB11-862F-82A9C6BEBA93
O43 - CFD: 2014/12/29 18:55:45 - [] D -- C:\Users\1\AppData\Local\26501
O43 - CFD: 2014/11/24 00:23:24 - [] D -- C:\Users\1\AppData\Local\Adobe
O43 - CFD: 2015/01/26 21:46:53 - [] D -- C:\Users\1\AppData\Local\Apple
O43 - CFD: 2015/06/08 16:14:25 - [] D -- C:\Users\1\AppData\Local\Apple Computer
O43 - CFD: 2014/11/23 20:06:56 - [0] SHD -- C:\Users\1\AppData\Local\Application Data
O43 - CFD: 2014/11/23 20:16:37 - [] D -- C:\Users\1\AppData\Local\Apps
O43 - CFD: 2015/03/13 15:41:23 - [] D -- C:\Users\1\AppData\Local\archifacile
O43 - CFD: 2015/07/12 15:52:23 - [] D -- C:\Users\1\AppData\Local\Citrix
O43 - CFD: 2015/03/05 04:24:48 - [] D -- C:\Users\1\AppData\Local\CrashRpt  =>.Legitimate.CrashReports
O43 - CFD: 2014/11/23 20:16:45 - [0] D -- C:\Users\1\AppData\Local\Deployment
O43 - CFD: 2015/06/09 17:16:12 - [] D -- C:\Users\1\AppData\Local\DeskShare Data
O43 - CFD: 2015/07/14 17:09:16 - [] D -- C:\Users\1\AppData\Local\Diagnostics
O43 - CFD: 2015/02/09 22:32:06 - [] D -- C:\Users\1\AppData\Local\Downloaded Installations
O43 - CFD: 2015/06/30 20:36:18 - [] D -- C:\Users\1\AppData\Local\Dropbox
O43 - CFD: 2015/08/03 22:18:51 - [] D -- C:\Users\1\AppData\Local\ElevatedDiagnostics
O43 - CFD: 2014/12/26 03:55:23 - [] SHD -- C:\Users\1\AppData\Local\EmieBrowserModeList
O43 - CFD: 2014/12/26 03:55:23 - [] SHD -- C:\Users\1\AppData\Local\EmieSiteList
O43 - CFD: 2014/12/26 03:55:23 - [] SHD -- C:\Users\1\AppData\Local\EmieUserList
O43 - CFD: 2015/08/05 18:14:35 - [] D -- C:\Users\1\AppData\Local\Extension Follow
O43 - CFD: 2015/06/14 17:27:09 - [] D -- C:\Users\1\AppData\Local\Geckofx
O43 - CFD: 2015/08/06 22:08:39 - [] D -- C:\Users\1\AppData\Local\gmsd_fr_005010053  =>PUP.Optional.CrossRider
O43 - CFD: 2015/08/06 22:08:39 - [] D -- C:\Users\1\AppData\Local\gmsd_fr_009010051  =>PUP.Optional.CrossRider
O43 - CFD: 2015/08/06 20:35:35 - [] D -- C:\Users\1\AppData\Local\gmsd_fr_009010053  =>PUP.Optional.CrossRider
O43 - CFD: 2015/07/12 04:19:27 - [] D -- C:\Users\1\AppData\Local\Google
O43 - CFD: 2014/11/23 20:06:56 - [0] SHD -- C:\Users\1\AppData\Local\History
O43 - CFD: 2014/11/30 03:19:53 - [] D -- C:\Users\1\AppData\Local\HP
O43 - CFD: 2015/02/02 15:33:20 - [] D -- C:\Users\1\AppData\Local\InstallAware Installation Information
O43 - CFD: 2015/08/05 02:21:53 - [] D -- C:\Users\1\AppData\Local\Installer  =>PUP.Optional.InstallPedia
O43 - CFD: 2015/01/26 21:20:28 - [] D -- C:\Users\1\AppData\Local\KiwiGeeker
O43 - CFD: 2015/01/27 16:51:17 - [] D -- C:\Users\1\AppData\Local\Mathex
O43 - CFD: 2015/07/12 03:21:55 - [] D -- C:\Users\1\AppData\Local\Microsoft
O43 - CFD: 2015/03/29 23:02:29 - [] D -- C:\Users\1\AppData\Local\Microsoft Games
O43 - CFD: 2015/03/03 02:01:10 - [] D -- C:\Users\1\AppData\Local\Microsoft Help
O43 - CFD: 2015/06/09 14:12:27 - [] D -- C:\Users\1\AppData\Local\Mozilla
O43 - CFD: 2014/12/26 04:11:20 - [0] D -- C:\Users\1\AppData\Local\Opera Software
O43 - CFD: 2014/12/26 03:07:04 - [] D -- C:\Users\1\AppData\Local\Programs
O43 - CFD: 2014/11/24 21:50:51 - [] D -- C:\Users\1\AppData\Local\Skype
O43 - CFD: 2015/08/06 22:00:51 - [] D -- C:\Users\1\AppData\Local\SmartWeb  =>PUP.Optional.SmartWebSearch
O43 - CFD: 2015/07/08 16:02:41 - [] D -- C:\Users\1\AppData\Local\Software  =>PUP.Optional.Boxore
O43 - CFD: 2015/06/09 17:15:49 - [] D -- C:\Users\1\AppData\Local\Spoon
O43 - CFD: 2015/07/12 05:42:45 - [] D -- C:\Users\1\AppData\Local\Storm_Warnings,_LLC
O43 - CFD: 2015/06/18 14:08:34 - [] D -- C:\Users\1\AppData\Local\TeamViewer
O43 - CFD: 2015/08/06 22:25:45 - [] D -- C:\Users\1\AppData\Local\Temp
O43 - CFD: 2014/11/23 20:06:56 - [0] SHD -- C:\Users\1\AppData\Local\Temporary Internet Files
O43 - CFD: 2015/02/01 02:34:52 - [] D -- C:\Users\1\AppData\Local\VirtualStore
O43 - CFD: 2015/07/12 05:42:51 - [] D -- C:\Users\1\AppData\Local\_
O43 - CFD: 2015/08/03 22:38:12 - [] RD -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2015/07/12 05:42:42 - [] RD -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2015/08/03 22:38:12 - [] D -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Binary.com Charts
O43 - CFD: 2015/08/03 22:38:12 - [] RD -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2015/08/03 22:38:12 - [] D -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
O43 - CFD: 2015/08/06 22:00:50 - [] RD -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2015/08/03 22:38:12 - [] D -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 2015/06/09 17:27:12 - [0] D -- C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD

---\\ Latest files created in Windows Prefetcher (O45) (20) - 9s
O45 - LFCP:[MD5.F126726F4356129EF6C32C338D93FD9A] 2015/08/06 21:06:41 A -- C:\Windows\Prefetch\62793.WINDAPP.MON001.NO.EXE-73E09185.pf  =>PUP.Optional.Nosibay
O45 - LFCP:[MD5.71866C08B00FF17AF211AE80C21377DF] 2015/08/06 20:39:53 A -- C:\Windows\Prefetch\BUBBLE DOCK BSETUP.EXE-74E937AE.pf  =>PUP.Optional.BubbleDock
O45 - LFCP:[MD5.895E27E5F789F17C796B1E757AEF033A] 2015/08/06 11:39:11 A -- C:\Windows\Prefetch\BUBBLE DOCK BSETUP.EXE-B0E4EFD4.pf  =>PUP.Optional.BubbleDock
O45 - LFCP:[MD5.30CCE5CC2C89A23E119346A7BDA9741A] 2015/08/06 21:04:28 A -- C:\Windows\Prefetch\BUBBLE DOCK.EXE-A6289561.pf  =>PUP.Optional.BubbleDock
O45 - LFCP:[MD5.CF4A645643842B83681C976359D7D538] 2015/08/06 22:08:49 A -- C:\Windows\Prefetch\GMSD_FR_005010053.EXE-3FD1020C.pf  =>PUP.Optional.CrossRider
O45 - LFCP:[MD5.0463977C2191907AF4E70CE5DDBBC7D9] 2015/08/06 20:35:45 A -- C:\Windows\Prefetch\GMSD_FR_009010053.EXE-EDD35374.pf  =>PUP.Optional.CrossRider
O45 - LFCP:[MD5.A0666508E37859DFD6BF65812D401EDA] 2015/08/06 21:04:21 A -- C:\Windows\Prefetch\LBUBBLE DOCK.EXE-702A17FD.pf  =>PUP.Optional.BubbleDock
O45 - LFCP:[MD5.A98C7E1DA6DD3170B7AEAC4B7D2B4745] 2015/08/06 11:38:09 A -- C:\Windows\Prefetch\OPTPROSETUP.EXE-09B7885F.pf  =>PUP.Optional.OptimizerPro
O45 - LFCP:[MD5.59ABF8E90F2C5041CFC646D8EAAF1F01] 2015/08/06 11:38:10 A -- C:\Windows\Prefetch\OPTPROSETUP.TMP-7E21A1B4.pf  =>PUP.Optional.OptimizerPro
O45 - LFCP:[MD5.B0CA30D768862EF5E02257379F9C9194] 2015/08/06 22:04:27 A -- C:\Windows\Prefetch\SELECTION TOOLS UNINSTALL.EXE-00FDB088.pf  =>PUP.Optional.Nosibay
O45 - LFCP:[MD5.89B9431A160738A99F606858DE513E65] 2015/08/06 22:04:17 A -- C:\Windows\Prefetch\SELECTION TOOLS UNINSTALL.EXE-78B32DAE.pf  =>PUP.Optional.Nosibay
O45 - LFCP:[MD5.EA5B464E1DF4E268FF1C66F3C37095EA] 2015/08/06 21:14:33 A -- C:\Windows\Prefetch\SELECTION TOOLS.EXE-9F9C2F0C.pf  =>PUP.Optional.Nosibay
O45 - LFCP:[MD5.8A58A00B7BBC609729831FDFB9DFB062] 2015/08/06 22:01:09 A -- C:\Windows\Prefetch\SMARTWEBAPP.EXE-3A4AA147.pf  =>PUP.Optional.SmartWebSearch
O45 - LFCP:[MD5.3F8A3ECD9B530311FEA4E98BE0B5E9B9] 2015/08/06 22:01:00 A -- C:\Windows\Prefetch\SMARTWEBHELPER.EXE-F729BC9A.pf  =>PUP.Optional.SmartWebSearch
O45 - LFCP:[MD5.2C1DFB59BB614724B56FFCBFB5532C48] 2015/08/06 22:08:49 A -- C:\Windows\Prefetch\UPGMSD_FR_005010053.EXE-46839317.pf  =>PUP.Optional.CrossRider
O45 - LFCP:[MD5.1F69018EBCBAA94524ED598ADB83FAA8] 2015/08/06 20:34:53 A -- C:\Windows\Prefetch\UPGMSD_FR_009010051.EXE-44B29D6B.pf  =>PUP.Optional.CrossRider
O45 - LFCP:[MD5.048C582E7E50BC3C3020D148EC9A5DDB] 2015/08/06 20:35:44 A -- C:\Windows\Prefetch\UPGMSD_FR_009010053.EXE-1B3DA73F.pf  =>PUP.Optional.CrossRider
O45 - LFCP:[MD5.BFB34D001AD94DFCCA22239309BACF77] 2015/08/06 22:18:41 A -- C:\Windows\Prefetch\WORDSHARKAUTOUPDATECLIENT.EXE-F8AA901B.pf  =>PUP.Optional.WordShark
O45 - LFCP:[MD5.D91CA45A6E457C7FADF725AE98BA2C76] 2015/08/06 11:29:37 A -- C:\Windows\Prefetch\WPM_V20.0.0.2294.EXE-6B509FFA.pf  =>PUP.Optional.WpManager
O45 - LFCP:[MD5.981E7BCA0F9177ED63B3A26808ECFDD8] 2015/08/06 22:07:16 A -- C:\Windows\Prefetch\WPM_V20.0.0.2294.EXE-B7F96DF9.pf  =>PUP.Optional.WpManager

---\\ ShareTools MSconfig StartupReg (SMSR) (O53) (1) - 0s
O53 - SMSR:HKLM\...\startupreg\YTDownloader  [Key] . (...) -- C:\Program Files\YTDownloader\YTDownloader.exe (.not file.)  =>PUP.Optional.YTDownloader

---\\ System Drivers List (SDL) (O58) (81) - 6s
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys   [422976]
O58 - SDL:2009/07/14 03:26:17 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys   [297552]
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys   [146512]
O58 - SDL:2009/07/14 03:26:15 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys   [14400]
O58 - SDL:2010/11/20 23:29:03 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys   [80256]
O58 - SDL:2009/07/14 03:26:15 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys   [159312]
O58 - SDL:2010/11/20 23:29:03 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys   [22400]
O58 - SDL:2012/07/18 07:48:50 A . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® + High.) -- C:\Windows\System32\drivers\AmpPal.sys   [143360]
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys   [76368]
O58 - SDL:2009/07/14 03:26:15 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys   [86608]
O58 - SDL:2009/07/14 00:02:49 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60x.sys   [229888]
O58 - SDL:2009/07/14 00:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys   [13568]
O58 - SDL:2009/07/14 00:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys   [5248]
O58 - SDL:2009/07/14 02:57:25 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys   [272128]
O58 - SDL:2009/07/14 00:53:32 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys   [62336]
O58 - SDL:2009/07/14 00:53:33 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys   [12160]
O58 - SDL:2009/07/14 00:53:33 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys   [11904]
O58 - SDL:2015/08/05 02:18:07 A . (.Copyright (c) 2012 - .) -- C:\Windows\System32\drivers\bsdriver.sys   [30104]
O58 - SDL:2009/07/14 00:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbdx.sys   [430080]
O58 - SDL:2015/06/18 12:10:14 A . (.Cherimoya Ltd - Cherimoya Ltd.) -- C:\Windows\System32\drivers\cherimoya.sys   [56344]  =>PUP.Optional.Shopper
O58 - SDL:2009/07/14 03:26:21 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys   [15952]
O58 - SDL:2009/07/14 03:20:28 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\drivers\djsvs.sys   [70720]
O58 - SDL:2009/07/14 00:02:50 A . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserializ.) -- C:\Windows\System32\drivers\e1e6032.sys   [211456]
O58 - SDL:2009/07/14 03:20:28 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys   [453712]
O58 - SDL:2009/07/14 00:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbdx.sys   [3100160]
O58 - SDL:2012/10/03 17:14:58 A . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys   [26840]
O58 - SDL:2009/07/14 00:54:14 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys   [26624]
O58 - SDL:2009/07/14 03:20:28 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys   [67152]
O58 - SDL:2010/11/06 06:39:18 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) -- C:\Windows\System32\drivers\iaStor.sys   [354840]
O58 - SDL:2010/11/20 23:29:03 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys   [332160]
O58 - SDL:2009/09/24 02:18:14 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys   [4808192]
O58 - SDL:2009/07/14 03:20:36 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys   [41040]
O58 - SDL:2015/08/03 09:34:05 A . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys   [50280]  =>PUP.Optional.YetAnotherCleaner
O58 - SDL:2015/06/30 04:50:17 A . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\drivers\iSafeNetFilter.sys   [44712]  =>PUP.Optional.YetAnotherCleaner
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys   [95824]
O58 - SDL:2009/07/14 03:20:37 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys   [89168]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys   [54864]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys   [96848]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys   [30800]
O58 - SDL:2009/07/14 03:20:36 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys   [235584]
O58 - SDL:2014/08/16 00:13:34 A . (.Apple Inc. - Apple Mobile Device Ethernet.) -- C:\Windows\System32\drivers\netaapl.sys   [18944]
O58 - SDL:2015/04/03 00:22:32 A . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\drivers\netfilter.sys   [31744]  =>PUP.Optional.AdPeak
O58 - SDL:2009/07/14 00:02:51 A . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\System32\drivers\netw5v32.sys   [4231168]
O58 - SDL:2010/10/07 11:11:38 A . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\System32\drivers\NETwLv32.sys   [6639616]
O58 - SDL:2009/07/14 03:20:44 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys   [44624]
O58 - SDL:2011/08/17 10:03:58 A . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\System32\drivers\nmwcdnsu.sys   [137472]
O58 - SDL:2010/11/20 23:29:03 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys   [117120]
O58 - SDL:2010/11/20 23:29:03 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys   [143744]
O58 - SDL:2009/07/14 03:19:04 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys   [1383488]
O58 - SDL:2009/07/14 03:19:04 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys   [106064]
O58 - SDL:2006/11/15 00:35:20 A . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\drivers\rixdptsk.sys   [37376]
O58 - SDL:2009/07/13 22:50:20 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys   [20480]
O58 - SDL:2009/07/14 01:45:33 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\serial.sys   [83456]
O58 - SDL:2009/07/14 03:19:04 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys   [40016]
O58 - SDL:2009/07/14 03:19:04 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys   [77888]
O58 - SDL:2009/07/14 03:19:04 A . (.Promise Technology - Promise  SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys   [21072]
O58 - SDL:2015/06/08 16:11:55 A . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\drivers\tap0901.sys   [26624]
O58 - SDL:2012/08/13 21:29:28 A . (.High Criteria inc. - Total Recorder WDM audio filter driver (Pro.) -- C:\Windows\System32\drivers\TotRec8.sys   [92432]
O58 - SDL:2014/08/16 00:35:00 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\drivers\usbaapl.sys   [45056]
O58 - SDL:2009/07/14 03:19:10 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys   [16976]
O58 - SDL:2009/07/14 03:19:11 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys   [141904]
O58 - SDL:2009/07/14 00:13:45 A . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\Windows\System32\drivers\VSTAZL3.SYS   [207360]
O58 - SDL:2009/07/14 00:13:45 A . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\Windows\System32\drivers\VSTCNXT3.SYS   [661504]
O58 - SDL:2009/07/14 00:13:46 A . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\Windows\System32\drivers\VSTDPV3.SYS   [980992]
O58 - SDL:2015/07/06 21:11:32 A . (.WS - WS TDI Driver x86.) -- C:\Windows\System32\drivers\wsfd_vt_1_10_0_20.sys   [56448]  =>PUP.Optional.Gen
O58 - SDL:2015/07/06 21:11:34 A . (.WS - WS WFP Driver x86.) -- C:\Windows\System32\drivers\wsfd_vw_1_10_0_20.sys   [48512]  =>PUP.Optional.Gen
O58 - SDL:2009/07/13 23:40:41 A . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:2009/07/13 23:40:44 A . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:2009/07/13 23:40:40 A . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:2009/07/13 23:40:43 A . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:2009/07/13 23:40:43 A . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:2009/07/13 23:40:23 A . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:2009/07/13 23:40:31 A . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:2009/07/13 23:40:35 A . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:2009/07/13 23:40:39 A . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:2009/07/13 23:40:27 A . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:2009/07/13 23:40:11 A . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:2009/07/13 23:40:15 A . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:2009/07/13 23:40:17 A . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:2009/07/13 23:40:19 A . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:2009/07/13 23:40:13 A . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]

---\\ Last modified or created user files (O61) (9) - 58s
O61 - LFC: 2015/08/06 22:00:51 A . (.SoftBrain Technologies Ltd..) -- C:\Users\1\AppData\Local\SmartWeb\__u.exe   [172673]  =>PUP.Optional.SmartWebSearch
O61 - LFC: 2015/08/05 02:21:50 A . (.Copyright (C) 2014.) -- C:\Users\1\AppData\Local\Installer\Install_16144\DCYTDownloader.exe   [1446912]  =>PUP.Optional.YTDownloader
O61 - LFC: 2015/08/06 22:07:48 A . (..) -- C:\Users\1\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin   [1113849]
O61 - LFC: 2015/08/06 16:09:36 A . (..) -- C:\Users\1\AppData\Local\gmsd_fr_009010053\upgmsd_fr_009010053.exe   [3354256]  =>PUP.Optional.CrossRider
O61 - LFC: 2015/08/04 14:06:00 A . (..) -- C:\Users\1\AppData\Local\gmsd_fr_009010051\upgmsd_fr_009010051.exe   [3299472]  =>PUP.Optional.CrossRider
O61 - LFC: 2015/08/06 20:40:30 A . (..) -- C:\Users\1\AppData\Local\gmsd_fr_009010051\Download\myoffergroup_fr.exe   [4269376]  =>PUP.Optional.CrossRider
O61 - LFC: 2015/08/06 15:11:09 A . (..) -- C:\Users\1\AppData\Local\gmsd_fr_005010053\upgmsd_fr_005010053.exe   [3352720]  =>PUP.Optional.CrossRider
O61 - LFC: 2015/08/05 08:25:11 A . (..) -- C:\Users\1\AppData\Local\Extension Follow\Bin\ExtensionFollow.dll   [44032]
O61 - LFC: 2015/08/05 08:25:11 A . (..) -- C:\Users\1\AppData\Local\Extension Follow\Bin\nzyt.dll   [11776]

---\\ File Associations Shell Spawning (O67) (1) - 1s
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe

---\\ Start Menu Internet (SMI) (O68) (8) - 0s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe 
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe 
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe

---\\ Search Browser Infection (SBI) (O69) (17) - 8s
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("browser.search.defaultenginename", "oursurfing");  =>PUP.Optional.OurSurfing
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("browser.search.searchengine.alias", "oursurfing");  =>PUP.Optional.OurSurfing
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");  =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("browser.search.searchengine.iconURL", "http://www.oursurfing.com/web/favicon.ico");  =>PUP.Optional.OurSurfing
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("browser.search.searchengine.name", "oursurfing");  =>PUP.Optional.OurSurfing
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("browser.search.searchengine.ptid", "amt");  =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("browser.search.searchengine.uid", "HITACHIXHTS545050B9A300_101229PBN403M7HGNZSEX");  =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("browser.search.searchengine.url", "http://www.oursurfing.com/web/?type=dspp&ts=1436363729&z=aa8d0431266d1138c5d0d6fgez8[...]  =>PUP.Optional.OurSurfing
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("iminent.enableToolbar", "false");  =>PUP.Optional.IMBooster
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("iminent.BirthDate", "1437328697");  =>PUP.Optional.IMBooster
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("iminent.searchindex", "1");  =>PUP.Optional.IMBooster
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("iminent.newtabredirect", "true");  =>PUP.Optional.IMBooster
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("iminent.enableToolbar", "true");  =>PUP.Optional.IMBooster
O69 - SBI: prefs.js [1 - zLmI6aj0.default] user_pref("iminent.cifs", "0");  =>PUP.Optional.IMBooster
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.mystartsearch.com/  =>PUP.Optional.StartSearch
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://www.mystartsearch.com/  =>PUP.Optional.StartSearch
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.mystartsearch.com/  =>PUP.Optional.StartSearch

---\\ Crack & Keygen Files (CKF) (O82) (4) - 38s
O82 - LFC: 2014/12/25 20:10:00 A . (...) -- C:\Users\1\Downloads\Windows Loader Daz.exe   [726921]  =>.Crack,Keygen
O82 - LFC: 2014/12/25 20:10:12 RA . (...) -- C:\Users\1\Desktop\sauvegarde cle usb\Windows Loader 2.2.2__8173_il61.exe   [576192]  =>.Crack,Keygen
O82 - LFC: 2014/12/25 20:10:50 A . (...) -- C:\Users\1\Desktop\sauvegarde cle usb\Windows Loader 2.3.0__8173_il711.exe   [576192]  =>.Crack,Keygen
O82 - LFC: 2013/01/29 21:33:00 A . (...) -- C:\Users\1\AppData\Local\Temp\Temp1_Windows Loader v2.2.1. DAZ crack 7 DeGun TPB.zip\Windows Loader\Windows Loader.exe   [3945501]  =>.Crack,Keygen

---\\ Search Svchost Services (SSS) (O83) (33) - 2s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll   [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll   [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll   [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll   [168960]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll   [593408]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL   [679424]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\audiosrv.dll   [475136]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll   [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll   [286208]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll   [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll   [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll   [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll   [242176]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll   [523776]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll   [1973728]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll   [585728]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll   [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll   [499712]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll   [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll   [47104]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll   [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll   [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll   [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll   [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll   [164352]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll   [750592]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL   [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll   [113664]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll   [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll   [102400]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll   [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll   [76800]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll   [149504]

---\\ Firewall Active Exception List (FirewallRules) (O87) (22) - 1s
O87 - FAEL: "{E271A6D7-6C8F-437D-B61F-641F617D92C6}" [In-None-P6-TRUE] .(...) -- C:\Users\1\AppData\Roaming\Dropbox\bin\Dropbox.exe (.not file.)
O87 - FAEL: "{27346B21-CD75-4581-AA24-A44FC57F5AE6}" [In-None-P17-TRUE] .(...) -- C:\Users\1\AppData\Roaming\Dropbox\bin\Dropbox.exe (.not file.)
O87 - FAEL: "{C4C6812F-2291-419B-86A8-B3765151794E}" [In-None-P6-TRUE] .(...) -- C:\Program Files\ma-config.com\MaConfigAgent.exe (.not file.)
O87 - FAEL: "{B2C10C11-0A54-4F09-ABDB-D3F8D85A694C}" [In-None-P17-TRUE] .(...) -- C:\Program Files\ma-config.com\MaConfigAgent.exe (.not file.)
O87 - FAEL: "TCP Query User{73B6666B-ACB5-437E-ABC4-B18C5B91B940}C:\program files\free music zilla\fmzilla.exe" [In-None-P6-TRUE] .(...) -- C:\program files\free music zilla\fmzilla.exe (.not file.)
O87 - FAEL: "UDP Query User{5D248113-BE23-4628-A89E-8A1DC1F9E661}C:\program files\free music zilla\fmzilla.exe" [In-None-P17-TRUE] .(...) -- C:\program files\free music zilla\fmzilla.exe (.not file.)
O87 - FAEL: "{01CBF40E-D44C-4411-BFA0-562A1D011309}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\Video Download Capture.exe (.not file.)
O87 - FAEL: "{A9B69C09-747F-403E-B605-067422D999D5}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\Video Download Capture.exe (.not file.)
O87 - FAEL: "{D9F68486-42F2-474B-BAE1-0C07D867C101}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftSrv.dll (.not file.)
O87 - FAEL: "{DC0A9E11-349D-49F0-A122-EF55D75496CF}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftSrv.dll (.not file.)
O87 - FAEL: "{AB741947-9B9D-4BC2-9432-07FE2AC9C31E}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDump.dll (.not file.)
O87 - FAEL: "{F0BA8B55-4CBD-4ADA-81CD-3DFEB17C57AA}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDump.dll (.not file.)
O87 - FAEL: "{BAF4E719-EC2F-4A6A-B47D-2596C2420511}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftAC.dll (.not file.)
O87 - FAEL: "{222D813D-A7FA-4C7F-BBA3-6766F90BB5F7}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftAC.dll (.not file.)
O87 - FAEL: "{B146E916-1BF1-47B0-81A0-E58AC05829AA}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftPlayer.dll (.not file.)
O87 - FAEL: "{A4698C30-3DF2-4182-A06B-24C0A4CF84F7}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftPlayer.dll (.not file.)
O87 - FAEL: "{290D1045-7AAF-43EE-9B3A-1C605773FD73}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll (.not file.)
O87 - FAEL: "{B584EE30-3E4D-4762-AF68-64B3D749684A}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll (.not file.)
O87 - FAEL: "{160C8BCE-6A2E-499F-B94A-F7097BAC8B34}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll (.not file.)
O87 - FAEL: "{7E728D63-7C72-4FE7-B285-2A25EBC97D95}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll (.not file.)
O87 - FAEL: "{F74EF881-3E84-40B8-A7C2-1F38073C8FB2}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (.not file.)
O87 - FAEL: "{0FCD6873-A782-4A2D-9A66-69E1BF1383C7}" [Out-None-P17-TRUE] .(...) -- C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (.not file.)

---\\ Search Tracing Registry Key (O100) (8) - 3s
HKLM\SOFTWARE\Microsoft\Tracing\DriverRestore_RASAPI32  =>PUP.Optional.DriverRestore
HKLM\SOFTWARE\Microsoft\Tracing\DriverRestore_RASMANCS  =>PUP.Optional.DriverRestore
HKLM\SOFTWARE\Microsoft\Tracing\StormWarnings_RASAPI32  =>PUP.Optional.StormWarnings
HKLM\SOFTWARE\Microsoft\Tracing\StormWarnings_RASMANCS  =>PUP.Optional.StormWarnings
HKLM\SOFTWARE\Microsoft\Tracing\WordSharkAutoUpdateClient_RASAPI32  =>PUP.Optional.WordShark
HKLM\SOFTWARE\Microsoft\Tracing\WordSharkAutoUpdateClient_RASMANCS  =>PUP.Optional.WordShark
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32  =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS  =>PUP.Optional.WordSurfer

---\\ Additional Scan (O88) (191) - 0s
C:\Program Files\Elex-tech\YAC\iSafeSvc.exe  =>PUP.Optional.Elex
C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe  =>PUP.Optional.Elex
C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93\hnsw400D.tmp  =>PUP.Optional.CrossRider
C:\Program Files\Elex-tech\YAC\iSafeTray.exe  =>PUP.Optional.Elex
C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93\jnsb250C.tmp  =>PUP.Optional.CrossRider
C:\Users\1\AppData\Local\gmsd_fr_009010051\upgmsd_fr_009010051.exe  =>PUP.Optional.CrossRider
C:\Program Files\Elex-tech\YAC\iDesk.exe  =>PUP.Optional.Elex
C:\Program Files\Elex-tech\YAC\iSafe.exe  =>PUP.Optional.Elex
C:\Users\1\AppData\Local\gmsd_fr_009010053\upgmsd_fr_009010053.exe  =>PUP.Optional.CrossRider
C:\Program Files\gmsd_fr_009010053\gmsd_fr_009010053.exe  =>PUP.Optional.CrossRider
C:\Program Files\WordShark_1.10.0.20\Service\wssvc.exe  =>PUP.Optional.WordShark
C:\Users\1\AppData\Local\SmartWeb\SmartWebHelper.exe  =>PUP.Optional.SmartWebSearch
C:\Users\1\AppData\Local\SmartWeb\SmartWebApp.exe  =>PUP.Optional.SmartWebSearch
C:\Program Files\MiuiTab\ProtectService.exe  =>PUP.Optional.MiuiTab
C:\Program Files\MiuiTab\CmdShell.exe  =>PUP.Optional.MiuiTab
C:\Program Files\MiuiTab\HPNotify.exe  =>PUP.Optional.MiuiTab
C:\Users\1\AppData\Local\gmsd_fr_005010053\upgmsd_fr_005010053.exe  =>PUP.Optional.CrossRider
C:\Program Files\gmsd_fr_005010053\gmsd_fr_005010053.exe  =>PUP.Optional.CrossRider
C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93\knst5BCA.tmp  =>PUP.Optional.CrossRider
C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\defsearchp@gmail.com.xpi  =>PUP.Optional.PriceFountain
C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\extensions\minibar@go.im.xpi  =>PUP.Optional.Minibar
C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\zLmI6aj0.default\searchplugins\oursurfing.xml  =>PUP.Optional.OurSurfing
C:\Program Files\MiuiTab\SupTab.dll  =>PUP.Optional.MiuiTab
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}  =>PUP.Optional.MiuiTab
C:\Windows\System32\Shjencueit.dll  =>Hijacker.Winsock
HKLM\SYSTEM\CurrentControlSet\Services\comyninu  =>PUP.Optional.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\fibiwugy  =>PUP.Optional.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\helecufu  =>PUP.Optional.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\hyverumu  =>PUP.Optional.CrossRider
HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service  =>PUP.Optional.AgentODR
C:\Program Files\MiuiTab\ProtectService.exe  =>PUP.Optional.AgentODR
HKLM\SYSTEM\CurrentControlSet\Services\iSafeService  =>PUP.Optional.YetAnotherCleaner
C:\Program Files\Elex-tech\YAC\iSafeSvc.exe  =>PUP.Optional.YetAnotherCleaner
HKLM\SYSTEM\CurrentControlSet\Services\qMcpsdJoip  =>PUP.Optional.Salus
HKLM\SYSTEM\CurrentControlSet\Services\WikiBrowserUpdateService  =>PUP.Optional.WikiBrowser
HKLM\SYSTEM\CurrentControlSet\Services\wssvc_1.10.0.20  =>PUP.Optional.WordShark
C:\Windows\Tasks\079140e8-b171-4010-a0e3-bd597cc31a82-5.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\079140e8-b171-4010-a0e3-bd597cc31a82-5_user.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\35c771a7-8118-43e2-b695-b0cc9c5b91e7-5.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\35c771a7-8118-43e2-b695-b0cc9c5b91e7-5_user.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-1.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-2.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-5.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-5_user.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-6.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-7.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\760ea730-8a3d-475c-81c6-c424212e406c-5.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\760ea730-8a3d-475c-81c6-c424212e406c-5_user.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-5.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-5_user.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\bca0778f-2663-4b49-a8bb-c8b1bb0592af-5.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\bca0778f-2663-4b49-a8bb-c8b1bb0592af-5_user.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job  =>PUP.Optional.BidailySync
C:\Windows\Tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5.job  =>PUP.Optional.CrossRider
C:\Windows\Tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5_user.job  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\079140e8-b171-4010-a0e3-bd597cc31a82-5  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\079140e8-b171-4010-a0e3-bd597cc31a82-5_user  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-1  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-2  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-5  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-5_user  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-6  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\37f4b516-338d-473b-85f5-9b1e3776b8ae-7  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\4431e93c-9d1d-44cf-a154-b905d01a83c8-5  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\4431e93c-9d1d-44cf-a154-b905d01a83c8-5_user  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\760ea730-8a3d-475c-81c6-c424212e406c-5  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\760ea730-8a3d-475c-81c6-c424212e406c-5_user  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\7968905b-190e-499d-81ad-f58daec54437-5  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\7968905b-190e-499d-81ad-f58daec54437-5_user  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-5  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\945dee8e-cdbf-4566-8737-7ca867199ad7-5_user  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\bca0778f-2663-4b49-a8bb-c8b1bb0592af-5  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\bca0778f-2663-4b49-a8bb-c8b1bb0592af-5_user  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]  =>PUP.Optional.BidailySync
C:\Windows\System32\Tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\dbdd489c-d928-4f1e-83ee-e633b95b7431-5_user  =>PUP.Optional.CrossRider
C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Core  =>PUP.Optional.WordShark
C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update  =>PUP.Optional.WordShark
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_fr_005010053_is1  =>PUP.Optional.GamesDesktop
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_fr_009010053_is1  =>PUP.Optional.GamesDesktop
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe  =>PUP.Optional.Elex
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall  =>PUP.Optional.StartSearch
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb  =>PUP.Optional.SmartWebSearch
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordShark_1.10.0.20  =>PUP.Optional.WordShark
HKLM\SOFTWARE\AskPartnerNetwork  =>Toolbar.Ask
HKLM\SOFTWARE\CinemaPlus-3.2cV12.07  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\Com NotificationV25.03  =>PUP.Optional.ComNotification
HKLM\SOFTWARE\Conduit  =>PUP.Optional.Conduit
HKLM\SOFTWARE\GAMESDESKTOP  =>PUP.Optional.GamesDesktop
HKLM\SOFTWARE\I - Cinema  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\IHProtect  =>PUP.Optional.AgentODR
HKLM\SOFTWARE\Iminent  =>PUP.Optional.IMBooster
HKLM\SOFTWARE\InstalledBrowserExtensions  =>PUP.Optional.BrowserExtensions
HKLM\SOFTWARE\Plus-HD.3.1nV06.07  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\SearchProtect  =>PUP.Optional.SearchProtect
HKLM\SOFTWARE\searchult  =>PUP.Optional.Gen
HKLM\SOFTWARE\shopperz02082015  =>PUP.Optional.Shopperz
HKLM\SOFTWARE\SupDp  =>PUP.Optional.SupTab
HKLM\SOFTWARE\supTab  =>PUP.Optional.SupTab
HKLM\SOFTWARE\supWindowsMangerProtect  =>PUP.Optional.Fuyu
HKLM\SOFTWARE\WajIntEnhance  =>PUP.Optional.Wajam
HKLM\SOFTWARE\WordShark_1.10.0.17  =>PUP.Optional.WordShark
HKLM\SOFTWARE\WordShark_1.10.0.20  =>PUP.Optional.WordShark
HKLM\SOFTWARE\WordSurfer_1.10.0.19  =>PUP.Optional.WordSurfer
HKCU\SOFTWARE\APN PIP  =>PUP.Optional.Conduit
HKCU\SOFTWARE\AskPartnerNetwork  =>Toolbar.Ask
HKCU\SOFTWARE\DailyPcClean  =>PUP.Optional.DailyPCClean
HKCU\SOFTWARE\HomeTab  =>PUP.Optional.CertifiedToolbar
HKCU\SOFTWARE\InstalledBrowserExtensions  =>PUP.Optional.BrowserExtensions
HKCU\SOFTWARE\Linkey  =>PUP.Optional.LinkeySearch
HKCU\SOFTWARE\SearchProtectWS  =>PUP.Optional.SearchProtect
HKCU\SOFTWARE\SimplyTech  =>PUP.Optional.SimplyTech
HKCU\SOFTWARE\StormWarningsApp  =>PUP.Optional.StormWarnings
HKCU\SOFTWARE\TNT2  =>PUP.Optional.TidyNetwork
HKCU\SOFTWARE\Tutorials  =>PUP.Optional.AgenceExclusive
HKCU\SOFTWARE\TutoTag  =>PUP.Optional.AgenceExclusive
HKCU\SOFTWARE\WajIEnhance  =>PUP.Optional.Wajam
HKCU\SOFTWARE\WajIntEnhance  =>PUP.Optional.Wajam
HKCU\SOFTWARE\AppDataLow\Software\SmartWeb  =>PUP.Optional.SmartWebSearch  =>PUP.Optional.SmartWebSearch
C:\Program Files\016D6829-1438732774-CB11-862F-82A9C6BEBA93  =>PUP.Optional.CrossRider
C:\Program Files\81acc394-582b-4b16-8a02-205d1e7a0987  =>PUP.Optional.CrossRider
C:\Program Files\8fba5ec7-385c-4140-a6c1-ffcc53be9361  =>PUP.Optional.CrossRider
C:\Program Files\Com NotificationV25.03  =>PUP.Optional.ComNotification
C:\Program Files\DigiCouponn  =>PUP.Optional.DiGiCoupon
C:\Program Files\Elex-tech  =>PUP.Optional.Elex
C:\Program Files\Exploremedia  =>PUP.Optional.Gen
C:\Program Files\f2cf1818-ec8b-4262-b345-e9201346d155  =>PUP.Optional.CrossRider
C:\Program Files\gmsd_fr_005010051  =>PUP.Optional.CrossRider
C:\Program Files\gmsd_fr_005010053  =>PUP.Optional.CrossRider
C:\Program Files\gmsd_fr_009010051  =>PUP.Optional.CrossRider
C:\Program Files\gmsd_fr_009010053  =>PUP.Optional.CrossRider
C:\Program Files\mbot_fr_014010025  =>PUP.Optional.CrossRider
C:\Program Files\MiuiTab  =>PUP.Optional.MiuiTab
C:\Program Files\Plus-HD.3.1nV06.07  =>PUP.Optional.CrossRider
C:\Program Files\shopperz02082015  =>PUP.Optional.Shopperz
C:\Program Files\Software  =>PUP.Optional.Boxore
C:\Program Files\uNIIsales  =>PUP.Optional.Multiplug
C:\Program Files\unisaLese  =>PUP.Optional.Multiplug
C:\Program Files\WordShark_1.10.0.20  =>PUP.Optional.WordShark
C:\Program Files\youtubeadblocker  =>PUP.Optional.YouTubeAdBlock
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP  =>PUP.Optional.GamesDesktop
C:\ProgramData\DigiCouponn  =>PUP.Optional.DiGiCoupon
C:\ProgramData\DiscOuntEEXteNsi  =>PUP.Optional.Multiplug
C:\ProgramData\IHProtectUpDate  =>PUP.Optional.AgentODR
C:\Users\1\AppData\Roaming\eCyber  =>PUP.Optional.Elex
C:\Users\1\AppData\Roaming\Elex-tech  =>PUP.Optional.Elex
C:\Users\1\AppData\Roaming\mystartsearch  =>PUP.Optional.StartSearch
C:\Users\1\AppData\Local\CrashRpt  =>.Legitimate.CrashReports
C:\Users\1\AppData\Local\gmsd_fr_005010053  =>PUP.Optional.CrossRider
C:\Users\1\AppData\Local\gmsd_fr_009010051  =>PUP.Optional.CrossRider
C:\Users\1\AppData\Local\gmsd_fr_009010053  =>PUP.Optional.CrossRider
C:\Users\1\AppData\Local\Installer  =>PUP.Optional.InstallPedia
C:\Users\1\AppData\Local\SmartWeb  =>PUP.Optional.SmartWebSearch
C:\Users\1\AppData\Local\Software  =>PUP.Optional.Boxore
C:\Windows\Prefetch\62793.WINDAPP.MON001.NO.EXE-73E09185.pf  =>PUP.Optional.Nosibay
C:\Windows\Prefetch\BUBBLE DOCK BSETUP.EXE-74E937AE.pf  =>PUP.Optional.BubbleDock
C:\Windows\Prefetch\BUBBLE DOCK BSETUP.EXE-B0E4EFD4.pf  =>PUP.Optional.BubbleDock
C:\Windows\Prefetch\BUBBLE DOCK.EXE-A6289561.pf  =>PUP.Optional.BubbleDock
C:\Windows\Prefetch\GMSD_FR_005010053.EXE-3FD1020C.pf  =>PUP.Optional.CrossRider
C:\Windows\Prefetch\GMSD_FR_009010053.EXE-EDD35374.pf  =>PUP.Optional.CrossRider
C:\Windows\Prefetch\LBUBBLE DOCK.EXE-702A17FD.pf  =>PUP.Optional.BubbleDock
C:\Windows\Prefetch\OPTPROSETUP.EXE-09B7885F.pf  =>PUP.Optional.OptimizerPro
C:\Windows\Prefetch\OPTPROSETUP.TMP-7E21A1B4.pf  =>PUP.Optional.OptimizerPro
C:\Windows\Prefetch\SELECTION TOOLS UNINSTALL.EXE-00FDB088.pf  =>PUP.Optional.Nosibay
C:\Windows\Prefetch\SELECTION TOOLS UNINSTALL.EXE-78B32DAE.pf  =>PUP.Optional.Nosibay
C:\Windows\Prefetch\SELECTION TOOLS.EXE-9F9C2F0C.pf  =>PUP.Optional.Nosibay
C:\Windows\Prefetch\SMARTWEBAPP.EXE-3A4AA147.pf  =>PUP.Optional.SmartWebSearch
C:\Windows\Prefetch\SMARTWEBHELPER.EXE-F729BC9A.pf  =>PUP.Optional.SmartWebSearch
C:\Windows\Prefetch\UPGMSD_FR_005010053.EXE-46839317.pf  =>PUP.Optional.CrossRider
C:\Windows\Prefetch\UPGMSD_FR_009010051.EXE-44B29D6B.pf  =>PUP.Optional.CrossRider
C:\Windows\Prefetch\UPGMSD_FR_009010053.EXE-1B3DA73F.pf  =>PUP.Optional.CrossRider
C:\Windows\Prefetch\WORDSHARKAUTOUPDATECLIENT.EXE-F8AA901B.pf  =>PUP.Optional.WordShark
C:\Windows\Prefetch\WPM_V20.0.0.2294.EXE-6B509FFA.pf  =>PUP.Optional.WpManager
C:\Windows\Prefetch\WPM_V20.0.0.2294.EXE-B7F96DF9.pf  =>PUP.Optional.WpManager
C:\Windows\System32\drivers\cherimoya.sys  =>PUP.Optional.Shopper
C:\Windows\System32\drivers\iSafeKrnlBoot.sys  =>PUP.Optional.YetAnotherCleaner
C:\Windows\System32\drivers\iSafeNetFilter.sys  =>PUP.Optional.YetAnotherCleaner
C:\Windows\System32\drivers\netfilter.sys  =>PUP.Optional.AdPeak
C:\Windows\System32\drivers\wsfd_vt_1_10_0_20.sys  =>PUP.Optional.Gen
C:\Windows\System32\drivers\wsfd_vw_1_10_0_20.sys  =>PUP.Optional.Gen
C:\Users\1\AppData\Local\SmartWeb\__u.exe  =>PUP.Optional.SmartWebSearch
C:\Users\1\AppData\Local\Installer\Install_16144\DCYTDownloader.exe  =>PUP.Optional.YTDownloader
C:\Users\1\AppData\Local\gmsd_fr_009010051\Download\myoffergroup_fr.exe  =>PUP.Optional.CrossRider
HKLM\SOFTWARE\Microsoft\Tracing\DriverRestore_RASAPI32  =>PUP.Optional.DriverRestore
HKLM\SOFTWARE\Microsoft\Tracing\DriverRestore_RASMANCS  =>PUP.Optional.DriverRestore
HKLM\SOFTWARE\Microsoft\Tracing\StormWarnings_RASAPI32  =>PUP.Optional.StormWarnings
HKLM\SOFTWARE\Microsoft\Tracing\StormWarnings_RASMANCS  =>PUP.Optional.StormWarnings
HKLM\SOFTWARE\Microsoft\Tracing\WordSharkAutoUpdateClient_RASAPI32  =>PUP.Optional.WordShark
HKLM\SOFTWARE\Microsoft\Tracing\WordSharkAutoUpdateClient_RASMANCS  =>PUP.Optional.WordShark
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32  =>PUP.Optional.WordSurfer
HKLM\SOFTWARE\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS  =>PUP.Optional.WordSurfer

---\\ Summary of the elements found on your workstation (51) - 0s
http://www.nicolascoolman.fr/pup-elex/  =>PUP.Optional.Elex
http://www.nicolascoolman.fr/pup-crossrider/  =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/pup-wordshark/  =>PUP.Optional.WordShark
http://www.nicolascoolman.fr/pup-smartwebsearch/  =>PUP.Optional.SmartWebSearch
http://www.nicolascoolman.fr/blog  =>PUP.Optional.MiuiTab
http://www.nicolascoolman.fr/blog  =>PUP.Optional.PriceFountain
http://www.nicolascoolman.fr/pup-minibar/  =>PUP.Optional.Minibar
http://www.nicolascoolman.fr/blog  =>PUP.Optional.OurSurfing
http://www.nicolascoolman.fr/pup-optional-startsearch/  =>PUP.Optional.StartSearch
http://www.nicolascoolman.fr/blog  =>PUP.Optional.ASPackage
http://www.nicolascoolman.fr/blog  =>PUP.Optional.TomorrowGames
http://www.nicolascoolman.fr/blog  =>PUP.Optional.AgentODR
http://www.nicolascoolman.fr/blog  =>PUP.Optional.YetAnotherCleaner
http://www.nicolascoolman.fr/pup-salus/  =>PUP.Optional.Salus
http://www.nicolascoolman.fr/blog  =>PUP.Optional.WikiBrowser
http://www.nicolascoolman.fr/blog  =>PUP.Optional.BidailySync
http://www.nicolascoolman.fr/blog  =>PUP.Optional.GamesDesktop
http://www.nicolascoolman.fr/toolbar-ask/  =>Toolbar.Ask
http://www.nicolascoolman.fr/blog  =>PUP.Optional.ComNotification
http://www.nicolascoolman.fr/toolbar-conduit/  =>PUP.Optional.Conduit
http://www.nicolascoolman.fr/adware-imbooster/  =>PUP.Optional.IMBooster
http://www.nicolascoolman.fr/blog  =>PUP.Optional.BrowserExtensions
http://www.nicolascoolman.fr/pup-searchprotect/  =>PUP.Optional.SearchProtect
http://www.nicolascoolman.fr/blog  =>PUP.Optional.Gen
http://www.nicolascoolman.fr/blog  =>PUP.Optional.Shopperz
http://www.nicolascoolman.fr/pup-suptab/  =>PUP.Optional.SupTab
http://www.nicolascoolman.fr/trojan-fuyu/  =>PUP.Optional.Fuyu
http://www.nicolascoolman.fr/pup-wajam/  =>PUP.Optional.Wajam
http://www.nicolascoolman.fr/blog  =>PUP.Optional.WordSurfer
http://www.nicolascoolman.fr/pup-optional-dailypcclean/  =>PUP.Optional.DailyPCClean
http://www.nicolascoolman.fr/pup-certifiedtoolbar/  =>PUP.Optional.CertifiedToolbar
http://www.nicolascoolman.fr/pup-linkeysearch/  =>PUP.Optional.LinkeySearch
http://www.nicolascoolman.fr/blog  =>PUP.Optional.SimplyTech
http://www.nicolascoolman.fr/blog  =>PUP.Optional.StormWarnings
http://www.nicolascoolman.fr/adware-tidynetwork/  =>PUP.Optional.TidyNetwork
http://www.nicolascoolman.fr/spyware-agenceexclusive/  =>PUP.Optional.AgenceExclusive
http://www.nicolascoolman.fr/blog  =>PUP.Optional.DiGiCoupon
http://www.nicolascoolman.fr/adware-boxore/  =>PUP.Optional.Boxore
http://www.nicolascoolman.fr/pup-mutiplug/  =>PUP.Optional.Multiplug
http://www.nicolascoolman.fr/blog  =>PUP.Optional.YouTubeAdBlock
http://www.nicolascoolman.fr/blog  =>.Legitimate.CrashReports
http://www.nicolascoolman.fr/adware-installpedia/  =>PUP.Optional.InstallPedia
http://www.nicolascoolman.fr/blog  =>PUP.Optional.Nosibay
http://www.nicolascoolman.fr/pup-bubbledock/  =>PUP.Optional.BubbleDock
http://www.nicolascoolman.fr/pup-optimizerpro/  =>PUP.Optional.OptimizerPro
http://www.nicolascoolman.fr/pup-wpmanager/  =>PUP.Optional.WpManager
http://www.nicolascoolman.fr/pup-ytdownloader/  =>PUP.Optional.YTDownloader
http://www.nicolascoolman.fr/42115162-adware-shopper/  =>PUP.Optional.Shopper
http://www.nicolascoolman.fr/pup-adpeak/  =>PUP.Optional.AdPeak
http://www.nicolascoolman.fr/blog  =>PUP.Optional.SearchEngine
http://www.nicolascoolman.fr/blog  =>PUP.Optional.DriverRestore

~ End of the scan, 16662 items in 197 seconds (1220)(4)()