~ ZHPDiag v2015.10.25.155 By Nicolas Coolman (2015/10/25) ~ Run by cp (Administrator) (2015/10/28 17:19:38) ~ Web: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Users\cp\Desktop\ZHPDiag.txt ~ Report: C:\Users\cp\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Activate ~ System startup: Normal (Normal boot) Windows 8.1 Pro, 32-bit (Build 9600) ---\\ Internet Browsers (2) - 0s GCIE: Google Chrome v46.0.2490.80 MSIE: Internet Explorer v11.0.9600.17031 ---\\ Windows Product Information (3) - 3s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK Windows Automatic Updates : OK ---\\ System protection software (2) - 5s ESET Smart Security v5.0.95.0 Windows Defender (Deactivate) ---\\ System optimization software (1) - 6s CCleaner v5.06 ---\\ Surveillance software (2) - 6s Adobe Flash Player 19 PPAPI Adobe Reader 6.0 CE ---\\ Information on the system (6) - 0s ~ Operating System: x86 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) Total RAM: 3315.592 MB (50% free) ~ System Restore: Activé (Enable) ~ System drive C: has 88 GB free of 145 GB ---\\ Connection to the system mode (3) - 0s ~ Computer Name: DELL ~ User Name: cp ~ Logged in as Administrator ---\\ Enumeration of the disk units (2) - 0s ~ Drive C: has 88 GB free of 145 GB (System) ~ Drive D: has 105 GB free of 159 GB ---\\ State of the Windows Security Center (11) - 0s [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ---\\ Search Generic System Files (24) - 1s [MD5.91E24273FCA076EA9E65DAFA98901225] - (.Microsoft Corporation - مستكشف Windows.) () -- C:\Windows\Explorer.exe [2207488] © [MD5.BE1DAE43DFBCA94FB6B4157C1B16923E] - (.Microsoft Corporation - Windows host process (Rundll32).) () -- C:\Windows\System32\rundll32.exe [49664] © [MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - ‎‎تطبيق بدء تشغيل Windows.) () -- C:\Windows\System32\Wininit.exe [112640] © [MD5.F89C2BDB6E385ED6CA2AC0085BB6643A] - (.Microsoft Corporation - ملحقات الإنترنت لـ Win32.) () -- C:\Windows\System32\wininet.dll [1789440] © [MD5.70C57DC69D4A7D92D2CAC90C3AD16E6F] - (.Microsoft Corporation - تطبيق تسجيل دخول Windows.) () -- C:\Windows\System32\Winlogon.exe [459264] © [MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - مكتبة تراخيص البرامج.) () -- C:\Windows\System32\sppcomapi.dll [438272] © [MD5.2B9EED6835D269F35B310DC03D0F5768] - (.Microsoft Corporation - DNS Client API DLL.) () -- C:\Windows\System32\dnsapi.dll [492544] © [MD5.E37F897ED7B5AFF79B1398258DB96BD9] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows m.) () -- C:\Windows\System32\fr-FR\user32.dll.mui [19456] © [MD5.D75FB05E8DBF21FA0EF313C7503243F1] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [461312] © [MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [23392] © [MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [73728] © [MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [124928] © [MD5.CD6A836DE4F4CC39D7BD8B19AEA93065] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [101376] © [MD5.A31901DE6A22EA67AB83AAF7036F98CC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [69632] © [MD5.7A708934CC652100A94944EC808C3916] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\Windows\System32\drivers\i8042prt.sys [83456] © [MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [126976] © [MD5.49EDA7967848465645E2D809384D0EBA] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [328704] © [MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [218624] © [MD5.9595B28CE24351C201A51A5019966862] - (.Microsoft Corporation - NT File System Driver.) () -- C:\Windows\System32\drivers\ntfs.sys [1679704] © [MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\Windows\System32\drivers\Parport.sys [81408] © [MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [81920] © [MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [143872] © [MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [87040] © [MD5.085918BF459BCB835CFC535BE7138539] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\Windows\System32\drivers\volsnap.sys [265048] © ---\\ Process running (33) - 3s [MD5.64710E6C92C0D3893EDBDA84FBCD3188] - (.AMD - AMD External Events Service Module.) -- C:\Windows\System32\atiesrxx.exe [212992] [PID.868] © [MD5.A996B2A3EE06DCAE4798D0A4542B8F45] - (...) -- C:\Program Files\Realtek\Realtek Bluetooth\BTDevMgr.exe [20480] [PID.1692] [MD5.01E0FC08C2ACEFC2E3B0E75B8016BE5C] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [518696] [PID.1732] © [MD5.C7BB95CF9631AA401E4ADED1648F6AF7] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944] [PID.1820] © [MD5.EC06329C063CEC96EEF1A57593D0141F] - (.Realtek Semiconductor Corporation - Realtek Bluetooth 4.0 Service Application.) -- C:\Program Files\Realtek\Realtek Bluetooth\RtkBleServ.exe [30720] [PID.1968] © [MD5.150C1970816E7B0668F7459109A2AE23] - (.@ByELDI - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe [966336] [PID.356] =>HackTool.KMSpico [MD5.B214711806863B629B001948E5FB5420] - (.Baidu Inc. - spark.) -- C:\Program Files\baidu\Baidu Browser\sparkservice.exe [97080] [PID.620] [MD5.9DA3B55B17B54789AFB8C657D4ACE4D7] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) -- C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688] [PID.724] © [MD5.A72BB48D9014A7D7C05F02F595F52D60] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe [245576] [PID.2604] © [MD5.6D3DF793AFF79B47FF6DB51F5C43195A] - (.AMD - AMD External Events Client Module.) -- C:\Windows\System32\atieclxx.exe [626688] [PID.1780] © [MD5.3B822FF5FBDEFFFDFC92ECC526C77165] - (.Realtek Semiconductor Corporation - Realtek Bluetooth BTServer Application.) -- C:\Program Files\Realtek\Realtek Bluetooth\BTServer.exe [153088] [PID.2640] © [MD5.03EC8CDA9C65C5F6288C8685B2E2CA90] - (.Realtek Semiconductor Corporation - Realtek Bluetooth Plugin Helper Application.) -- C:\Program Files\Realtek\Realtek Bluetooth\PluginHelper.exe [46592] [PID.4448] © [MD5.00A9DFC5EF873004F0851D3C234E4801] - (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\quickset.exe [3405168] [PID.5304] © [MD5.C3ED032AF1C30F92546A698CC7173605] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264] [PID.5800] © [MD5.2756739DBE5D471705581D87B0616676] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [658632] [PID.2424] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.5832] © [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.4924] © [MD5.9B956EFD216FCF03B20C1646005E750E] - (.JustRemotePhone - CallCenter.) -- C:\Program Files\JustPhone\CallCenter\CallCenter.exe [830976] [PID.3072] [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5640] © [MD5.EE526B0428581B57FFC571FF57309E28] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [6369048] [PID.2272] © [MD5.B75F4DD04893B592A5301B24FB9B9025] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3532224] [PID.592] © [MD5.F5D58C7E65AA7462C643AB6B2433DE9A] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [752168] [PID.428] © [MD5.9759D9027E8CC1260967A1D7B22C82AE] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [1804840] [PID.5372] © [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5136] © [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.1436] © [MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [263600] [PID.2592] © [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.1568] © [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5884] © [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5300] © [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5436] © [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.3332] © [MD5.0BE64FAB577BFA54443C680343AEC85F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.5144] © [MD5.E39F4186EC180D23F1CE16C683253B99] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\cp\Downloads\Programs\ZHPDiag3.exe [1959936] [PID.3468] © ---\\ Google Chrome, Start,Search,Extensions (14) - 0s G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.search.ask.com/ =>Toolbar.Ask G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [boadgeojelhgndaghljhdicfkmllpafd] Google Cast G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [lkemddiljapcmhicklfpcbpfffahfbja] Web Navigation G2 - GCE: Preference [User Data\Default] [mppnoffgpafgpgbaigljliadgbnhljfl] Ask Search G2 - GCE: Preference [User Data\Default] [nafaimnnclfjfedmmabolbppcngeolgf] iLivid =>PUP.Optional.Bandoo G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [ooiklbnjmhbcgemelgfhaeaocllobloj] Mosh G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc. ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (1) - 1s P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_19_0_0_226.dll © ---\\ Internet Explorer Extensions, Start, Search (10) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0 ---\\ Internet Explorer, Proxy Management (4) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) © F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) © F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.) © ---\\ Hosts file redirection (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (21) ---\\ Browser Helper Object (BHO) (7) - 0s O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files\Internet Download Manager\IDMIECC.dll © O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 6.0 for Act.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll © O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\OCHelper.dll © O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll © O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL © O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL © O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll © ---\\ Auto loading programs from Registry and folders (17) - 1s O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\quickset.exe © O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe © O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe O4 - HKLM\..\Run: [BtServer] . (.Realtek Semiconductor Corporation - Realtek Bluetooth BTServer Application.) -- C:\Program Files\Realtek\Realtek Bluetooth\BTServer.exe © O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe © O4 - HKCU\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe © O4 - HKCU\..\Run: [WebcamMaxAutoRun] . (.CoolwareMax - WebcamMax.) -- C:\Program Files\WebcamMax\WebcamMax.exe O4 - HKCU\..\Run: [CallCenter JustPhone] . (.JustRemotePhone - CallCenter.) -- C:\Program Files\JustPhone\CallCenter\CallCenter.exe O4 - HKCU\..\Run: [download.ninja] C:\Program Files\Ninja Download Manager\download.ninja.exe (.not file.) O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe © O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe © O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [WebcamMaxAutoRun] . (.CoolwareMax - WebcamMax.) -- C:\Program Files\WebcamMax\WebcamMax.exe O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [CallCenter JustPhone] . (.JustRemotePhone - CallCenter.) -- C:\Program Files\JustPhone\CallCenter\CallCenter.exe O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [download.ninja] C:\Program Files\Ninja Download Manager\download.ninja.exe (.not file.) O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © O4 - HKUS\S-1-5-21-1871248767-1838261220-2687343998-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe © ---\\ Lop.com/Domain Hijackers (4) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4 =>.Google Public DNS O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.240.32.5 62.68.42.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4 =>.Google Public DNS O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 62.240.32.5 62.68.42.2 ---\\ Extra protocols (20) - 0s O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll © O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll © O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll © O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - ملحقات OLE32 لـ Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll © O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll © O18 - Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) -- C:\Program Files\Microsoft Office\Office15\MSOSB.DLL © O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll © O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - عارض Microsoft (R) HTML.) -- C:\Windows\System32\mshtml.dll © O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL © ---\\ Non Microsoft non disabled Windows Services (10) - 1s O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe © O23 - Service: @oem38.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Man (BcmBtRSupport) . (.Broadcom Corporation. - Bluetooth Radio Management Support.) - C:\Windows\System32\BtwRSupportService.exe © O23 - Service: BTDevManager (BTDevManager) . (...) - C:\Program Files\Realtek\Realtek Bluetooth\BTDevMgr.exe O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe © O23 - Service: ESET Service (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe © O23 - Service: خدمة Google Update (gupdate) (gupdate) . (.Google Inc. - مثبِّت Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe © O23 - Service: RtkBleServ (RtkBleServ) . (.Realtek Semiconductor Corporation - Realtek Bluetooth 4.0 Service Application.) - C:\Program Files\Realtek\Realtek Bluetooth\RtkBleServ.exe © O23 - Service: Service KMSELDI (Service KMSELDI) . (.@ByELDI - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Baidu Browser\sparkservice.exe O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe © ---\\ Task Planned Automatically (26) - 6s [MD5.E190FDABCC7E823BA40931FD955D0C2B] [APT] [Adobe Flash Player PPAPI Notifier] (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe [1157320] © [MD5.8C194A201698B4B4F77D974549819D1F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [269000] © [MD5.CCB2387238BC39C056DF01F3C9124BB6] [APT] [AutoPico Daily Restart] (.@ByELDI.) -- C:\Program Files\KMSpico\AutoPico.exe [966848] =>HackTool.KMSpico [MD5.EE526B0428581B57FFC571FF57309E28] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [6369048] © [MD5.00000000000000000000000000000000] [APT] [DriverToolkit Autorun] (...) -- C:\Program Files\DriverToolkit\DriverToolkit.exe (.not file.) [0] =>PUP.Optional.DriverToolkit [MD5.053EEEE1ABAE53F044F1E386E22AE525] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] © [MD5.053EEEE1ABAE53F044F1E386E22AE525] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] © [MD5.8CC97EA9C34E2543A2B979626EFC782E] [APT] [KMS Server Daily Activate] (.MDL.) -- C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [670289] =>HackTool.AutoKMS [MD5.8CC97EA9C34E2543A2B979626EFC782E] [APT] [KMS Server OnLogon Activate] (.MDL.) -- C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [670289] =>HackTool.AutoKMS [MD5.7DBA1F4E48C3FEAA34F6648A469F210D] [APT] [SparkUpdater] (.Baidu.com, Inc..) -- C:\Program Files\baidu\Baidu Browser\SparkUpdate.exe [1372472] [MD5.56E52535F4CF96E42DB1140E2B18731F] [APT] [{465BEE42-D0E1-41D8-8A9B-4AFA03B149C9}] (.Copyright (C) 2011.) -- c:\program files\baidu\baidu browser\spark.exe [983352] O39 - APT: Adobe Flash Player PPAPI Notifier - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job [892] © O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830] © O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\Tasks\DriverToolkit Autorun.job [350] =>PUP.Optional.DriverToolkit O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [828] © O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [832] © O39 - APT: Adobe Flash Player PPAPI Notifier - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier [3842] © O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3718] © O39 - APT: AutoPico Daily Restart - (.@ByELDI.) -- C:\Windows\System32\Tasks\AutoPico Daily Restart [3358] =>HackTool.KMSpico O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2776] © O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\System32\Tasks\DriverToolkit Autorun [2672] =>PUP.Optional.DriverToolkit O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3568] © O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [3804] © O39 - APT: KMS Server Daily Activate - (.MDL.) -- C:\Windows\System32\Tasks\KMS Server Daily Activate [3300] =>HackTool.AutoKMS O39 - APT: KMS Server OnLogon Activate - (.MDL.) -- C:\Windows\System32\Tasks\KMS Server OnLogon Activate [3114] =>HackTool.AutoKMS O39 - APT: SparkUpdater - (.Baidu.com, Inc..) -- C:\Windows\System32\Tasks\SparkUpdater [4048] ---\\ Software installed (59) - 19s O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth - (.Realtek Semiconductor Corp..) [HKLM] -- 0EEF89A62BB41DDA034BDB47ED6F44F78B008CBD © O42 - Logiciel: Adobe Flash Player 19 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI © O42 - Logiciel: Adobe Flash Player 19 PPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player PPAPI © O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner © O42 - Logiciel: Daniusoft Video Studio Express(Build 1.0.0.6) - (.Daniusoft Software.) [HKLM] -- Daniusoft Video Studio Express_is1 O42 - Logiciel: FormatFactory 3.7.0.0 - (.Format Factory.) [HKLM] -- FormatFactory © O42 - Logiciel: Google Chrome - (.Google Inc‎.‎.) [HKLM] -- Google Chrome © O42 - Logiciel: Hard Disk Low Level Format Tool 4.40 - (.HDDGURU.) [HKLM] -- Hard Disk Low Level Format Tool_is1 © O42 - Logiciel: Smart Switch - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7} © O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM] -- Internet Download Manager © O42 - Logiciel: PicosmosTools 1.0.1.0 - (.Free Time.) [HKLM] -- PicosmosTools © O42 - Logiciel: Baidu Browser - (.Baidu Inc..) [HKLM] -- Spark O42 - Logiciel: USB Disk Security - (.Zbshareware Lab.) [HKLM] -- USB Disk Security_is1 O42 - Logiciel: USB/PS2 Vibration Pad - (...) [HKLM] -- USB/PS2 Vibration Pad O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM] -- VLC media player © O42 - Logiciel: WebcamMax - (...) [HKLM] -- WebcamMax O42 - Logiciel: WinRAR archiver - (...) [HKLM] -- WinRAR archiver O42 - Logiciel: Yahoo! Messenger - (.Yahoo! Inc..) [HKLM] -- Yahoo! Messenger © O42 - Logiciel: Your Software Deals 1.0.0 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- Your Software Deals_is1 O42 - Logiciel: YouWave for Android - (.YouWave Inc..) [HKLM] -- YouWave O42 - Logiciel: Your Uninstaller! 7 - (.URSoft, Inc..) [HKLM] -- YU2010_is1 O42 - Logiciel: Moborobo 2.0.2.290 - (.Moborobo Inc..) [HKLM] -- {02B934E4-C574-4605-842B-01CD16295185}_is1 O42 - Logiciel: WIDCOMM Bluetooth Software 6.1.0.4502 - (.Dell.) [HKLM] -- {03D1988F-469F-4843-8E6E-E5FE9D17889D} © O42 - Logiciel: Wondershare Dr.Fone for Android(Build 5.4.0.48) - (.Wondershare Software Co.,Ltd..) [HKLM] -- {1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1 © O42 - Logiciel: Java 7 Update 13 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217013FF} © O42 - Logiciel: Twin USB Network Gamepad (BM) - (...) [HKLM] -- {2D8DCCA2-2339-4155-A29B-F6041362DFDD} O42 - Logiciel: Java SE Development Kit 7 Update 13 - (.Oracle.) [HKLM] -- {32A3A4F4-B792-11D6-A78A-00B0D0170130} © O42 - Logiciel: Canon MF4400 Series - (.Canon Inc..) [HKLM] -- {4129CA8E-7E75-4eee-BAE5-AA7707AA7708} © O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} © O42 - Logiciel: Canon MF Toolbox 4.9.1.1.mf11 - (.Canon Inc..) [HKLM] -- {6767DFEE-8909-453A-B553-C7693912B2EB} © O42 - Logiciel: Smart Switch - (.Samsung Electronics Co., Ltd..) [HKLM] -- {74FA5314-85C8-4E2A-907D-D9ECCCB770A7} © O42 - Logiciel: champion - (.syriangames.) [HKLM] -- {7F74CA5D-04F1-4DA4-B8CA-8E5C3E7274F2} O42 - Logiciel: CallCenter - (.justRemotePhone.) [HKLM] -- {8734B9D7-3C0D-4C79-9B2D-CCFBEAAB0100} O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} © O42 - Logiciel: KMSpico - (...) [HKLM] -- {8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 =>HackTool.KMSpico O42 - Logiciel: Microsoft Access MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0015-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Excel MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0016-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft PowerPoint MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0018-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Publisher MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0019-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Outlook MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001A-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Word MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001B-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft InfoPath MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0044-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft DCF MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0090-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft OneNote MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00A1-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Groove MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00BA-0401-0000-0000000FF1CE} © O42 - Logiciel: Microsoft Lync MUI (Arabic) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-012B-0401-0000-0000000FF1CE} © O42 - Logiciel: Update for Skype for Business 2015 (KB2889853) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-012B-0401-0000-0000000FF1CE}_Office15.PROPLUS_{033E4C59-F05D-4F71-98AA-2605BB4776AB} © O42 - Logiciel: Ashampoo Slideshow Studio HD 3 v.3.0.5 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- {91B33C97-0CE8-6ABD-1CF4-0DAF2CCF492A}_is1 O42 - Logiciel: REALTEK Bluetooth Driver - (.REALTEK Semiconductor Corp..) [HKLM] -- {9D3D8C60-A5EF-4123-B2B9-172095903AB} © O42 - Logiciel: Adobe Reader 6.0 CE - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1029-7646-CE0000000001} © O42 - Logiciel: Kingo ROOT version 1.4.0.2390 - (.Kingosoft Technology Ltd..) [HKLM] -- {AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1 © O42 - Logiciel: Adobe Shockwave Player 12.0 - (.Adobe Systems, Inc.) [HKLM] -- {BCFB58FF-181E-472F-A9DB-827B75C1EDF7} © O42 - Logiciel: Pro Evolution Soccer 2013 - (.KONAMI.) [HKLM] -- {C2523AE6-F335-4D0B-BC15-1C07E4ACE629} © O42 - Logiciel: QuickSet32 - (.Dell Inc..) [HKLM] -- {C4972073-2BFE-475D-8441-564EA97DA161} © O42 - Logiciel: Samsung USB Driver for Mobile Phones - (.Samsung Electronics Co., Ltd..) [HKLM] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44} © O42 - Logiciel: USB Game Controller - (...) [HKLM] -- {D3DF3D05-DE2A-476A-A384-08FCD58D9FE7} O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {DC24971E-1946-445D-8A82-CE685433FA7D} © O42 - Logiciel: Auslogics DiskDefrag - (.Auslogics Labs Pty Ltd.) [HKLM] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 © O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} © ---\\ HKCU & HKLM Software Keys (113) - 19s HKLM\SOFTWARE\12BD_E001 HKLM\SOFTWARE\12BD_E002 HKLM\SOFTWARE\Adobe HKLM\SOFTWARE\AMD HKLM\SOFTWARE\AppDataLow HKLM\SOFTWARE\Ashampoo HKLM\SOFTWARE\ATI HKLM\SOFTWARE\ATI Technologies HKLM\SOFTWARE\Auslogics HKLM\SOFTWARE\AviSynth HKLM\SOFTWARE\Baidu HKLM\SOFTWARE\Broadcom HKLM\SOFTWARE\Canon HKLM\SOFTWARE\CloudOPTInfo HKLM\SOFTWARE\Daniusoft HKLM\SOFTWARE\Debug HKLM\SOFTWARE\Dell HKLM\SOFTWARE\Dell Computer Corporation HKLM\SOFTWARE\ESET HKLM\SOFTWARE\GN2 HKLM\SOFTWARE\GNU HKLM\SOFTWARE\Google HKLM\SOFTWARE\HaaliMkx HKLM\SOFTWARE\IM Providers HKLM\SOFTWARE\Intel HKLM\SOFTWARE\Internet Download Manager HKLM\SOFTWARE\JavaSoft HKLM\SOFTWARE\JreMetrics HKLM\SOFTWARE\JustRemotePhone HKLM\SOFTWARE\Khronos HKLM\SOFTWARE\KONAMI HKLM\SOFTWARE\KONAMIPES6 HKLM\SOFTWARE\Licenses HKLM\SOFTWARE\Macromedia HKLM\SOFTWARE\Mozilla HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\MozillaPlugins HKLM\SOFTWARE\ND HKLM\SOFTWARE\ODBC HKLM\SOFTWARE\PC-Doctor HKLM\SOFTWARE\PicosmosShows HKLM\SOFTWARE\Piriform HKLM\SOFTWARE\Realtek HKLM\SOFTWARE\Realtek Semiconductor Corp. HKLM\SOFTWARE\RegisteredApplications HKLM\SOFTWARE\RTLSetup HKLM\SOFTWARE\SAMSUNG HKLM\SOFTWARE\Skype HKLM\SOFTWARE\Twin USB Network Gamepad (BM) HKLM\SOFTWARE\VideoLAN HKLM\SOFTWARE\Voice HKLM\SOFTWARE\Volatile HKLM\SOFTWARE\WafCX HKLM\SOFTWARE\WebcamMax HKLM\SOFTWARE\Widcomm HKLM\SOFTWARE\WinRAR HKLM\SOFTWARE\Wondershare HKLM\SOFTWARE\yahoo HKLM\SOFTWARE\zbshareware HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\Ashampoo HKCU\SOFTWARE\ATI HKCU\SOFTWARE\Baidu HKCU\SOFTWARE\Camfrog HKCU\SOFTWARE\Canon HKCU\SOFTWARE\DELL HKCU\SOFTWARE\DownloadManager HKCU\SOFTWARE\DriverToolkit =>PUP.Optional.DriverToolkit HKCU\SOFTWARE\drpsu HKCU\SOFTWARE\ESET HKCU\SOFTWARE\FreeTime HKCU\SOFTWARE\Gabest HKCU\SOFTWARE\GN2 HKCU\SOFTWARE\GNU HKCU\SOFTWARE\Google HKCU\SOFTWARE\Haali HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\Intel HKCU\SOFTWARE\iolo HKCU\SOFTWARE\JavaSoft HKCU\SOFTWARE\JustRemotePhone HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\MediaChance HKCU\SOFTWARE\Mine HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\Octoshape HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\Picosmos HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\Realtek HKCU\SOFTWARE\Redemption HKCU\SOFTWARE\RegisteredApplications HKCU\SOFTWARE\Samsung HKCU\SOFTWARE\Sysinternals HKCU\SOFTWARE\TempCleaner HKCU\SOFTWARE\Trolltech HKCU\SOFTWARE\URSoft HKCU\SOFTWARE\VB and VBA Program Settings HKCU\SOFTWARE\Widcomm HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\Wondershare HKCU\SOFTWARE\WPI HKCU\SOFTWARE\yahoo HKCU\SOFTWARE\YouWave Android HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\AppDataLow\Software HKCU\SOFTWARE\AppDataLow\Software\Adobe HKCU\SOFTWARE\AppDataLow\Software\JavaSoft HKCU\SOFTWARE\AppDataLow\Software\Macromedia ---\\ Contents of the Common Files folders (201) - 17s O43 - CFD: 2015/10/20 08:11:37 - [] D -- C:\Program Files\Adobe O43 - CFD: 2015/08/09 23:40:09 - [] D -- C:\Program Files\AMD O43 - CFD: 2015/08/10 13:09:04 - [] D -- C:\Program Files\Ashampoo O43 - CFD: 2015/08/10 12:56:32 - [] D -- C:\Program Files\Auslogics O43 - CFD: 2015/08/10 03:08:12 - [] D -- C:\Program Files\baidu O43 - CFD: 2015/09/11 21:00:38 - [] D -- C:\Program Files\Canon O43 - CFD: 2015/09/03 00:27:28 - [] D -- C:\Program Files\CCleaner O43 - CFD: 2015/10/20 08:11:39 - [] D -- C:\Program Files\Common Files O43 - CFD: 2015/08/10 10:53:04 - [] D -- C:\Program Files\Daniusoft O43 - CFD: 2015/08/09 23:57:55 - [] D -- C:\Program Files\Dell O43 - CFD: 2015/08/10 21:06:46 - [0] D -- C:\Program Files\Dell Remote Access O43 - CFD: 2015/08/10 16:19:01 - [] D -- C:\Program Files\DIFX O43 - CFD: 2015/08/22 16:19:10 - [] HD -- C:\Program Files\DrFoneAndroid_Temp O43 - CFD: 2015/10/02 13:56:53 - [0] D -- C:\Program Files\DriverToolkit =>PUP.Optional.DriverToolkit O43 - CFD: 2015/08/10 00:17:56 - [] D -- C:\Program Files\ESET O43 - CFD: 2015/08/10 10:12:56 - [] D -- C:\Program Files\FormatFactory O43 - CFD: 2015/09/15 06:05:54 - [] D -- C:\Program Files\Google O43 - CFD: 2015/10/20 08:41:31 - [] D -- C:\Program Files\HDDGURU LLF Tool O43 - CFD: 2015/08/22 17:17:20 - [] D -- C:\Program Files\Hyper-V O43 - CFD: 2015/10/16 18:05:52 - [] HD -- C:\Program Files\InstallShield Installation Information O43 - CFD: 2015/08/09 23:42:50 - [] D -- C:\Program Files\Intel O43 - CFD: 2015/10/16 23:30:52 - [] D -- C:\Program Files\Internet Download Manager O43 - CFD: 2014/04/16 17:11:36 - [] D -- C:\Program Files\Internet Explorer O43 - CFD: 2015/10/16 10:40:32 - [] D -- C:\Program Files\Java O43 - CFD: 2015/08/15 16:14:55 - [] D -- C:\Program Files\JustPhone O43 - CFD: 2015/09/26 14:55:53 - [] D -- C:\Program Files\Kingo ROOT O43 - CFD: 2015/08/10 01:58:37 - [] D -- C:\Program Files\KMSpico =>HackTool.KMSpico O43 - CFD: 2015/10/16 14:23:13 - [] D -- C:\Program Files\KONAMI O43 - CFD: 2015/08/10 01:25:07 - [] D -- C:\Program Files\Microsoft Analysis Services O43 - CFD: 2015/08/10 01:26:55 - [] D -- C:\Program Files\Microsoft Office O43 - CFD: 2015/08/10 01:27:31 - [] D -- C:\Program Files\Microsoft SQL Server O43 - CFD: 2015/08/10 01:27:31 - [] D -- C:\Program Files\Microsoft.NET O43 - CFD: 2015/09/26 11:30:31 - [] D -- C:\Program Files\Moborobo O43 - CFD: 2015/08/27 16:31:11 - [] D -- C:\Program Files\Mozilla Firefox O43 - CFD: 2015/08/10 13:03:31 - [] D -- C:\Program Files\Netscape O43 - CFD: 2015/09/04 23:06:23 - [0] D -- C:\Program Files\Ninja Download Manager O43 - CFD: 2015/08/10 14:07:44 - [] D -- C:\Program Files\PicosmosTools O43 - CFD: 2015/08/10 19:14:27 - [] D -- C:\Program Files\Realtek O43 - CFD: 2015/09/26 19:25:37 - [] D -- C:\Program Files\SAMSUNG O43 - CFD: 2015/10/16 18:05:52 - [] D -- C:\Program Files\ShanWan O43 - CFD: 2013/08/22 09:24:44 - [0] HD -- C:\Program Files\Uninstall Information O43 - CFD: 2015/08/10 02:14:30 - [] D -- C:\Program Files\USB Disk Security O43 - CFD: 2015/10/16 17:20:41 - [] D -- C:\Program Files\USB Vibration O43 - CFD: 2015/10/16 17:57:00 - [] D -- C:\Program Files\USB_PS2 Vibration Pad O43 - CFD: 2015/08/10 12:59:08 - [] D -- C:\Program Files\VideoLAN O43 - CFD: 2015/08/10 12:42:50 - [] D -- C:\Program Files\WebcamMax O43 - CFD: 2015/08/10 17:01:36 - [] D -- C:\Program Files\WIDCOMM O43 - CFD: 2015/08/27 16:45:53 - [] D -- C:\Program Files\Windows Defender O43 - CFD: 2015/09/26 10:04:26 - [] D -- C:\Program Files\Windows Journal O43 - CFD: 2014/04/16 17:11:36 - [] D -- C:\Program Files\Windows Mail O43 - CFD: 2014/04/16 17:11:36 - [] D -- C:\Program Files\Windows Media Player O43 - CFD: 2014/03/18 10:13:41 - [] D -- C:\Program Files\Windows Multimedia Platform O43 - CFD: 2013/08/22 10:17:26 - [] D -- C:\Program Files\Windows NT O43 - CFD: 2014/04/16 17:11:36 - [] D -- C:\Program Files\Windows Photo Viewer O43 - CFD: 2014/03/18 10:13:41 - [] D -- C:\Program Files\Windows Portable Devices O43 - CFD: 2013/08/22 10:17:26 - [] SHD -- C:\Program Files\Windows Sidebar O43 - CFD: 2015/10/25 01:03:42 - [] HD -- C:\Program Files\WindowsApps O43 - CFD: 2013/08/22 10:17:26 - [] D -- C:\Program Files\WindowsPowerShell O43 - CFD: 2015/08/10 01:50:13 - [] D -- C:\Program Files\WinRAR O43 - CFD: 2015/08/22 16:18:41 - [] D -- C:\Program Files\Wondershare O43 - CFD: 2015/08/10 04:55:37 - [] D -- C:\Program Files\Yahoo! O43 - CFD: 2015/08/10 17:31:29 - [] D -- C:\Program Files\Your Uninstaller! 7 O43 - CFD: 2015/09/20 15:23:47 - [] D -- C:\Program Files\YouWave Android O43 - CFD: 2013/08/22 10:17:27 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 2015/08/18 23:44:53 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2015/08/22 17:17:20 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/08/10 13:09:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo O43 - CFD: 2015/08/10 12:56:35 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics O43 - CFD: 2015/08/10 03:08:00 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser O43 - CFD: 2015/09/11 21:00:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon O43 - CFD: 2015/08/31 03:05:25 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 2015/08/10 10:53:12 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daniusoft O43 - CFD: 2015/08/10 00:17:57 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET O43 - CFD: 2015/09/15 06:06:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 2015/10/20 08:41:31 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool O43 - CFD: 2015/08/22 17:17:19 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools O43 - CFD: 2015/10/16 23:21:16 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 2015/08/15 16:14:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\justRemotePhone O43 - CFD: 2015/09/26 14:56:05 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT O43 - CFD: 2015/08/10 01:58:32 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico O43 - CFD: 2013/08/22 10:17:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/10/28 16:58:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 O43 - CFD: 2015/09/26 11:29:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo O43 - CFD: 2015/10/20 08:12:47 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintMe Internet Printing O43 - CFD: 2015/09/26 19:34:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung O43 - CFD: 2015/08/10 21:09:53 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp O43 - CFD: 2015/08/10 22:35:26 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\syriangames O43 - CFD: 2014/03/18 10:13:45 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 2014/03/18 09:39:00 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 2015/08/10 02:14:30 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security O43 - CFD: 2015/08/10 12:59:37 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN O43 - CFD: 2015/08/10 12:42:44 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebcamMax O43 - CFD: 2015/08/10 01:50:13 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 2015/08/22 16:19:18 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare O43 - CFD: 2015/08/10 04:55:38 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger O43 - CFD: 2015/08/10 02:19:35 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7 O43 - CFD: 2015/09/20 15:22:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouWave Android O43 - CFD: 2015/10/20 08:11:39 - [] D -- C:\ProgramData\Adobe O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Application Data O43 - CFD: 2015/08/10 13:09:47 - [] D -- C:\ProgramData\Ashampoo O43 - CFD: 2015/08/10 12:56:45 - [] D -- C:\ProgramData\Auslogics O43 - CFD: 2015/08/10 02:19:15 - [0] D -- C:\ProgramData\Babylon =>PUP.Optional.Babylon O43 - CFD: 2015/08/10 03:08:06 - [] D -- C:\ProgramData\Baidu O43 - CFD: 2015/08/10 21:06:57 - [] D -- C:\ProgramData\Dell O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Desktop O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Documents O43 - CFD: 2015/08/10 00:17:56 - [] D -- C:\ProgramData\ESET O43 - CFD: 2015/08/10 19:09:23 - [] D -- C:\ProgramData\iolo O43 - CFD: 2015/08/10 04:04:29 - [] D -- C:\ProgramData\KONAMI O43 - CFD: 2015/08/10 05:20:16 - [] D -- C:\ProgramData\McAfee O43 - CFD: 2015/08/22 17:24:23 - [] SD -- C:\ProgramData\Microsoft O43 - CFD: 2015/10/28 16:59:53 - [] D -- C:\ProgramData\Microsoft Help O43 - CFD: 2015/08/10 19:07:50 - [] D -- C:\ProgramData\PC-Doctor O43 - CFD: 2015/08/10 19:07:50 - [0] D -- C:\ProgramData\PCDr O43 - CFD: 2015/08/10 01:27:21 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 2015/09/26 19:37:06 - [] D -- C:\ProgramData\Samsung O43 - CFD: 2015/08/10 17:36:31 - [] D -- C:\ProgramData\Skype O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Start Menu O43 - CFD: 2015/10/16 10:41:47 - [] D -- C:\ProgramData\Sun O43 - CFD: 2015/10/22 21:17:33 - [0] AD -- C:\ProgramData\TEMP O43 - CFD: 2013/08/22 09:23:42 - [0] SHD -- C:\ProgramData\Templates O43 - CFD: 2015/08/10 12:44:29 - [] D -- C:\ProgramData\WebcamMax O43 - CFD: 2015/08/22 16:27:09 - [] D -- C:\ProgramData\Wondershare O43 - CFD: 2015/08/10 04:55:39 - [] D -- C:\ProgramData\Yahoo! O43 - CFD: 2015/08/10 02:15:15 - [] D -- C:\ProgramData\Zbshareware Lab O43 - CFD: 2015/10/20 08:11:39 - [] D -- C:\Program Files\Common Files\Adobe O43 - CFD: 2015/08/09 23:40:09 - [] D -- C:\Program Files\Common Files\ATI Technologies O43 - CFD: 2015/08/10 02:34:34 - [] D -- C:\Program Files\Common Files\AV O43 - CFD: 2015/08/10 01:27:45 - [] D -- C:\Program Files\Common Files\DESIGNER O43 - CFD: 2015/08/10 18:59:42 - [] D -- C:\Program Files\Common Files\InstallShield O43 - CFD: 2015/10/16 10:41:46 - [] D -- C:\Program Files\Common Files\Java O43 - CFD: 2015/08/27 16:45:51 - [] D -- C:\Program Files\Common Files\microsoft shared O43 - CFD: 2013/08/22 10:17:35 - [] D -- C:\Program Files\Common Files\Services O43 - CFD: 2015/08/10 01:25:57 - [] D -- C:\Program Files\Common Files\System O43 - CFD: 2015/08/22 16:19:25 - [] D -- C:\Program Files\Common Files\Wondershare O43 - CFD: 2015/10/20 08:12:41 - [] D -- C:\Users\cp\AppData\Roaming\Adobe O43 - CFD: 2015/10/20 08:12:45 - [0] D -- C:\Users\cp\AppData\Roaming\AdobeUM O43 - CFD: 2015/08/10 13:12:25 - [] D -- C:\Users\cp\AppData\Roaming\Ashampoo Slideshow Studio HD 3 O43 - CFD: 2015/08/10 02:19:15 - [] D -- C:\Users\cp\AppData\Roaming\Babylon =>PUP.Optional.Babylon O43 - CFD: 2015/08/10 03:09:24 - [] D -- C:\Users\cp\AppData\Roaming\Baidu O43 - CFD: 2015/10/22 01:00:27 - [0] D -- C:\Users\cp\AppData\Roaming\BitTorrent O43 - CFD: 2015/10/05 18:40:12 - [] D -- C:\Users\cp\AppData\Roaming\Canon O43 - CFD: 2015/10/28 09:23:46 - [] D -- C:\Users\cp\AppData\Roaming\DMCache O43 - CFD: 2015/09/04 23:04:25 - [] D -- C:\Users\cp\AppData\Roaming\DownloadNinja O43 - CFD: 2015/08/10 00:19:46 - [] D -- C:\Users\cp\AppData\Roaming\ESET O43 - CFD: 2015/08/10 17:39:32 - [] D -- C:\Users\cp\AppData\Roaming\EurekaLog O43 - CFD: 2015/10/10 13:55:58 - [] D -- C:\Users\cp\AppData\Roaming\gtk-2.0 O43 - CFD: 2015/08/22 16:27:00 - [0] D -- C:\Users\cp\AppData\Roaming\HMYGSetting O43 - CFD: 2015/10/24 09:13:30 - [] D -- C:\Users\cp\AppData\Roaming\IDM O43 - CFD: 2015/08/10 19:07:16 - [] D -- C:\Users\cp\AppData\Roaming\InstallShield O43 - CFD: 2015/08/10 19:09:17 - [0] D -- C:\Users\cp\AppData\Roaming\iolo O43 - CFD: 2015/08/10 04:27:18 - [] D -- C:\Users\cp\AppData\Roaming\Macromedia O43 - CFD: 2015/08/10 22:30:01 - [] SD -- C:\Users\cp\AppData\Roaming\Microsoft O43 - CFD: 2015/08/15 00:36:13 - [] D -- C:\Users\cp\AppData\Roaming\Mozilla O43 - CFD: 2015/08/10 13:03:51 - [] D -- C:\Users\cp\AppData\Roaming\Netscape O43 - CFD: 2015/08/22 17:01:37 - [0] D -- C:\Users\cp\AppData\Roaming\Octoshape O43 - CFD: 2015/08/10 10:32:14 - [] D -- C:\Users\cp\AppData\Roaming\Roxio Log Files O43 - CFD: 2015/09/26 19:34:41 - [] D -- C:\Users\cp\AppData\Roaming\Samsung O43 - CFD: 2015/08/10 02:19:36 - [] D -- C:\Users\cp\AppData\Roaming\URSoft O43 - CFD: 2015/10/23 18:08:52 - [] D -- C:\Users\cp\AppData\Roaming\vlc O43 - CFD: 2015/08/10 12:44:20 - [] D -- C:\Users\cp\AppData\Roaming\WebcamMax O43 - CFD: 2015/08/10 01:50:45 - [] D -- C:\Users\cp\AppData\Roaming\WinRAR O43 - CFD: 2015/08/22 16:18:41 - [] D -- C:\Users\cp\AppData\Roaming\Wondershare O43 - CFD: 2015/08/10 09:10:15 - [] D -- C:\Users\cp\AppData\Roaming\Yahoo! O43 - CFD: 2015/10/16 10:27:19 - [] D -- C:\Users\cp\AppData\Roaming\Youtube Downloader HD O43 - CFD: 2015/08/10 02:15:15 - [] D -- C:\Users\cp\AppData\Roaming\Zbshareware Lab O43 - CFD: 2015/10/28 17:20:00 - [] D -- C:\Users\cp\AppData\Roaming\ZHP O43 - CFD: 2015/08/10 05:20:22 - [0] D -- C:\Users\cp\AppData\Local\Adobe O43 - CFD: 2015/08/10 13:09:47 - [] D -- C:\Users\cp\AppData\Local\ashampoo O43 - CFD: 2015/08/10 02:19:21 - [] D -- C:\Users\cp\AppData\Local\Babylon =>PUP.Optional.Babylon O43 - CFD: 2015/10/16 13:52:27 - [] D -- C:\Users\cp\AppData\Local\Diagnostics O43 - CFD: 2015/09/24 22:05:04 - [0] D -- C:\Users\cp\AppData\Local\DriverToolkit =>PUP.Optional.DriverToolkit O43 - CFD: 2015/10/15 02:05:09 - [0] D -- C:\Users\cp\AppData\Local\ElevatedDiagnostics O43 - CFD: 2015/08/09 23:48:50 - [] SHD -- C:\Users\cp\AppData\Local\EmieSiteList O43 - CFD: 2015/08/09 23:48:50 - [] SHD -- C:\Users\cp\AppData\Local\EmieUserList O43 - CFD: 2015/08/10 00:19:46 - [] D -- C:\Users\cp\AppData\Local\ESET O43 - CFD: 2015/09/16 15:31:49 - [] D -- C:\Users\cp\AppData\Local\Google O43 - CFD: 2015/10/02 13:53:30 - [] D -- C:\Users\cp\AppData\Local\GWX O43 - CFD: 2015/08/15 16:15:15 - [] D -- C:\Users\cp\AppData\Local\JustRemotePhone O43 - CFD: 2015/09/26 14:56:06 - [] D -- C:\Users\cp\AppData\Local\Kingosoft O43 - CFD: 2015/08/16 00:16:47 - [0] D -- C:\Users\cp\AppData\Local\MEGAsync O43 - CFD: 2015/08/10 18:52:01 - [] D -- C:\Users\cp\AppData\Local\Microsoft O43 - CFD: 2015/08/10 01:25:02 - [0] D -- C:\Users\cp\AppData\Local\Microsoft Help O43 - CFD: 2015/08/10 02:22:53 - [] D -- C:\Users\cp\AppData\Local\MiniService O43 - CFD: 2015/08/10 13:03:51 - [] D -- C:\Users\cp\AppData\Local\Netscape O43 - CFD: 2015/10/25 01:04:53 - [] D -- C:\Users\cp\AppData\Local\Packages O43 - CFD: 2015/08/10 01:58:20 - [] D -- C:\Users\cp\AppData\Local\Programs O43 - CFD: 2015/10/28 17:20:28 - [] D -- C:\Users\cp\AppData\Local\Temp O43 - CFD: 2015/08/10 04:55:48 - [] D -- C:\Users\cp\AppData\Local\VirtualStore O43 - CFD: 2015/08/22 16:19:27 - [] D -- C:\Users\cp\AppData\Local\Wondershare O43 - CFD: 2014/03/18 10:13:45 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 2013/08/22 10:17:27 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2015/08/19 00:49:53 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/08/10 10:12:55 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory O43 - CFD: 2015/10/16 23:21:16 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 2013/08/22 10:17:27 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/08/10 14:07:44 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PicosmosTools O43 - CFD: 2015/08/19 00:49:53 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 2014/03/18 10:13:45 - [] RD -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 2015/08/10 01:50:13 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 2015/09/16 14:44:35 - [] D -- C:\Users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\‏تطبيقات Chrome ---\\ Latest files created in Prefetcher (1) - 23s O45 - LFCP:[MD5.A97F0BEC373E8CFA61C9BEC7A9CAFAEE] 2015/10/16 23:17:42 A -- C:\Windows\Prefetch\VDOWNLOADER4OC.EXE-976BEE55.pf =>PUP.Optional.OpenCandy ---\\ ShellIconOverlayIdentifiers (SIOI) (6) - 0s O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL © O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL © O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL © O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - مكتبة DLL الخاصة بملحق Shell للتخزين المحسّ.) -- C:\Windows\System32\EhStorShell.dll © O106 - SIOI: IDM Shell Extension [IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D}. (.Tonec Inc. - Internet Download Manager module.) -- C:\Program Files\Internet Download Manager\IDMShellExt.dll © O106 - SIOI: [Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81}. (.Microsoft Corporation - واجهة مستخدم ذاكرة التخزين المؤقت من جانب ا.) -- C:\Windows\System32\cscui.dll © ---\\ System Drivers List (74) - 10s O58 - SDL:2013/08/22 07:33:26 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\drivers\3ware.sys [86368] © O58 - SDL:2013/08/22 07:33:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\Windows\System32\drivers\adp80xx.sys [773472] © O58 - SDL:2014/11/21 04:41:34 A . (.Advanced Micro Devices - AMD ACP Binaries.) -- C:\Windows\System32\drivers\amdacpksd.sys [265416] © O58 - SDL:2014/10/28 01:46:14 A . (.Advanced Micro Devices, Inc. - AMD PCI Root Bus Lower Filter.) -- C:\Windows\System32\drivers\amdkmpfd.sys [40136] © O58 - SDL:2013/08/22 07:33:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [72544] © O58 - SDL:2013/08/22 07:33:26 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [215392] © O58 - SDL:2013/08/22 07:33:24 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22880] © O58 - SDL:2013/08/22 07:33:26 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [101728] © O58 - SDL:2014/11/21 04:38:32 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\drivers\atikmdag.sys [16955392] © O58 - SDL:2014/11/21 04:08:48 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\System32\drivers\atikmpag.sys [472576] © O58 - SDL:2013/09/04 18:12:22 A . (.Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) -- C:\Windows\System32\drivers\bcbtums.sys [174936] © O58 - SDL:2013/08/13 01:25:32 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\drivers\bcmfn2.sys [16088] © O58 - SDL:2014/10/02 13:41:41 A . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless dr.) -- C:\Windows\System32\drivers\BCMWL63.SYS [6795992] © O58 - SDL:2012/09/01 15:09:10 A . (.ShenZhen ShanWan Technology Co., Ltd. - Filter Driver.) -- C:\Windows\System32\drivers\BM0555.sys [24048] O58 - SDL:2013/09/04 18:12:36 A . (.Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter for Windo.) -- C:\Windows\System32\drivers\btwampfl.sys [144600] © O58 - SDL:2011/01/14 17:07:46 A . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\Windows\System32\drivers\btwaudio.sys [93224] © O58 - SDL:2011/01/14 17:07:46 A . (.Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) -- C:\Windows\System32\drivers\btwavdt.sys [114728] © O58 - SDL:2011/01/14 17:07:48 A . (.Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) -- C:\Windows\System32\drivers\btwl2cap.sys [33832] © O58 - SDL:2011/01/14 17:07:48 A . (.Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) -- C:\Windows\System32\drivers\btwrchid.sys [18728] © O58 - SDL:2011/08/09 14:24:52 A . (.ESET - Amon monitor.) -- C:\Windows\System32\drivers\eamonm.sys [163424] © O58 - SDL:2011/08/04 09:20:36 A . (.ESET - ESET Helper driver.) -- C:\Windows\System32\drivers\ehdrv.sys [118104] © O58 - SDL:2011/08/04 09:20:38 A . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\System32\drivers\epfw.sys [147480] © O58 - SDL:2011/08/04 09:20:38 A . (.ESET - Epfw NDIS LightWeight Filter.) -- C:\Windows\System32\drivers\EpfwLWF.sys [33656] © O58 - SDL:2011/08/04 09:20:38 A . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\System32\drivers\epfwwfp.sys [50624] © O58 - SDL:2013/08/22 07:33:29 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [56672] © O58 - SDL:2013/07/23 23:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor GPIO Controller.) -- C:\Windows\System32\drivers\iaiogpio.sys [22016] © O58 - SDL:2013/07/23 23:18:30 AC . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller.) -- C:\Windows\System32\drivers\iaioi2c.sys [61936] © O58 - SDL:2014/04/24 16:34:12 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) -- C:\Windows\System32\drivers\iaStorA.sys [490856] © O58 - SDL:2013/08/10 02:39:44 A . (.Intel Corporation - Intel Rapid Storage Technology driver (inbo.) -- C:\Windows\System32\drivers\iaStorAV.sys [524784] © O58 - SDL:2013/08/22 07:33:29 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [333664] © O58 - SDL:2012/08/02 02:23:14 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys [97632] © O58 - SDL:2015/06/01 21:00:00 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys [3788752] © O58 - SDL:2014/09/26 16:23:30 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\drivers\IntcDAud.sys [368912] © O58 - SDL:2013/08/22 07:33:29 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [94048] © O58 - SDL:2013/08/22 07:33:30 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [79712] © O58 - SDL:2013/08/22 07:33:30 A . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas3.sys [68960] © O58 - SDL:2013/08/22 07:33:29 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sss.sys [69472] © O58 - SDL:2013/08/22 07:33:30 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [51552] © O58 - SDL:2013/08/22 07:33:29 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\megasr.sys [464736] © O58 - SDL:2013/08/22 07:33:32 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\drivers\mvumis.sys [58208] © O58 - SDL:2013/08/22 07:33:32 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [120160] © O58 - SDL:2013/08/22 07:33:33 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [141664] © O58 - SDL:2008/06/17 12:01:06 A . (.SingleClick Systems - SCS NDIS 5.0 Auto IP Protocol Driver.) -- C:\Windows\System32\drivers\packet.sys [22016] O58 - SDL:2014/08/26 13:31:52 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.30 32-bit Dr.) -- C:\Windows\System32\drivers\Rt630x86.sys [732888] © O58 - SDL:2011/05/16 22:55:28 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) -- C:\Windows\System32\drivers\Rt86win7.sys [391272] © O58 - SDL:2012/06/25 17:41:02 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth Filter Driver.) -- C:\Windows\System32\drivers\RtkBtfilter.sys [572048] © O58 - SDL:2009/02/23 16:20:12 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for Vista.) -- C:\Windows\System32\drivers\RTSTOR.sys [62976] © O58 - SDL:2014/08/29 15:44:14 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) -- C:\Windows\System32\drivers\RtsUStor.sys [217304] © O58 - SDL:2013/08/22 10:16:47 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480] © O58 - SDL:2013/08/22 07:32:56 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [41312] © O58 - SDL:2013/08/22 07:32:57 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [79200] © O58 - SDL:2015/05/21 08:02:42 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudbus.sys [89984] © O58 - SDL:2015/05/21 08:02:42 A . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ve.) -- C:\Windows\System32\drivers\ssudmdm.sys [184192] © O58 - SDL:2013/08/22 07:32:57 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\Windows\System32\drivers\stexstor.sys [26976] © O58 - SDL:2013/08/22 14:40:22 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\drivers\tap0901.sys [35288] © O58 - SDL:2014/10/10 10:37:16 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\drivers\TeeDriver.sys [111904] © O58 - SDL:2013/08/22 07:33:00 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [18272] © O58 - SDL:2013/08/22 07:33:01 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\drivers\vsmraid.sys [148832] © O58 - SDL:2013/08/22 07:33:01 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\drivers\VSTXRAID.SYS [276832] © O58 - SDL:2015/09/07 16:12:35 A . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:2015/09/07 16:12:35 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:2015/09/07 16:12:37 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:2015/09/07 16:12:37 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:2015/09/07 16:12:37 A . (...) -- C:\Windows\System32\NTIO.SYS [33968] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTIO404.SYS [34688] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTIO412.SYS [35552] O58 - SDL:2015/09/07 16:12:36 A . (...) -- C:\Windows\System32\NTIO804.SYS [34688] ---\\ Last modified or created user files (25) - 20s O61 - LFC: 2015/10/24 09:29:25 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Priority.bin [5914] O61 - LFC: 2015/10/24 09:29:21 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Sessions.bin [111] O61 - LFC: 2015/10/24 09:28:37 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Stream.bin [2598] O61 - LFC: 2015/10/24 09:29:38 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Timer.bin [155] O61 - LFC: 2015/10/24 09:29:22 A . (..) -- C:\Users\cp\AppData\Local\Packages\GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj\LocalState\gv3\Token.bin [111] O61 - LFC: 2015/10/26 14:03:46 A . (.Copyright © 2012-2014.) -- C:\Users\cp\AppData\Local\Packages\E03E4889.RealPlayerCloud_ntp9rbjg1j5m8\AC\Microsoft\CLR_v4.0_32\NativeImages\Mercury\954390c0710b9088c5e9cf003e83ca04\Mercury.ni.exe [2501120] O61 - LFC: 2015/10/26 14:03:22 A . (.Copyright © 2011-2012.) -- C:\Users\cp\AppData\Local\Packages\ATrillionGamesLtd.3DChessMaster_2cw2yhd8jafk0\AC\Microsoft\CLR_v4.0_32\NativeImages\MonoGame.Frb8b89373#\f61f88b4aa5c6377cfe48c90e4309006\MonoGame.Framework.Windows8.ni.dll [2010624] O61 - LFC: 2015/10/26 14:03:14 A . (..) -- C:\Users\cp\AppData\Local\Packages\ATrillionGamesLtd.3DChessMaster_2cw2yhd8jafk0\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.A51f62115#\fb7a30b7dc84a940b4e1f432dd83d192\Microsoft.Advertising.ni.dll [213504] O61 - LFC: 2015/10/26 14:03:12 A . (.Copyright ©, A Trillion Games Ltd.) -- C:\Users\cp\AppData\Local\Packages\ATrillionGamesLtd.3DChessMaster_2cw2yhd8jafk0\AC\Microsoft\CLR_v4.0_32\NativeImages\3DChessGame\093ce2c1a0e57b03feb190c165175869\3DChessGame.ni.exe [848384] O61 - LFC: 2015/10/26 14:03:03 A . (..) -- C:\Users\cp\AppData\Local\Packages\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga\AC\Microsoft\CLR_v4.0_32\NativeImages\PSXEditor\7a54bfabd1c279159c368234a13a9fb3\PSXEditor.ni.dll [59904] O61 - LFC: 2015/10/26 14:02:53 A . (.Copyright © 2012.) -- C:\Users\cp\AppData\Local\Packages\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga\AC\Microsoft\CLR_v4.0_32\NativeImages\PSExpressUtf6b179d3#\7cd86f6300aa03c463c82efb82b2d9f7\PSExpressUtilityComponent.ni.dll [152064] O61 - LFC: 2015/10/26 14:02:51 A . (.Copyright © 2012.) -- C:\Users\cp\AppData\Local\Packages\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga\AC\Microsoft\CLR_v4.0_32\NativeImages\PSExpress\20acaec90140860fa178e2ccc88581a5\PSExpress.ni.exe [1430016] O61 - LFC: 2015/10/26 14:02:58 A . (.Copyright © 2013.) -- C:\Users\cp\AppData\Local\Packages\AdobeSystemsIncorporated.AdobePhotoshopExpress_ynb6jyjzte8ga\AC\Microsoft\CLR_v4.0_32\NativeImages\OzComponent\239f3acf6c1d48eaaea4ec0d967c83ec\OzComponent.ni.dll [1015296] O61 - LFC: 2015/10/26 14:02:44 A . (.Copyright © 2013.) -- C:\Users\cp\AppData\Local\Packages\63253Carocha.BackgroundsWallpapersHD_n0fz1mdwq0eq0\AC\Microsoft\CLR_v4.0_32\NativeImages\GoogleAnalytics\82deee8041dce7d6e7301258a6de9300\GoogleAnalytics.ni.dll [334336] O61 - LFC: 2015/10/26 14:02:29 A . (.iZi Labs.) -- C:\Users\cp\AppData\Local\Packages\63253Carocha.BackgroundsWallpapersHD_n0fz1mdwq0eq0\AC\Microsoft\CLR_v4.0_32\NativeImages\Backgroundsdd9243e7#\2a3e83118cece8baffe80df6be9221ac\BackgroundsWallpapersHD.ni.exe [4876800] O61 - LFC: 2015/10/26 14:01:51 A . (.Copyright © 2012.) -- C:\Users\cp\AppData\Local\Packages\46759IlmasoftFZE.MyFirstBookofArabic_71p4a8j8rt9d2\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.W64cef312#\42367fc977827cd345731b99748da399\Microsoft.WindowsAzure.Messaging.Managed.ni.dll [644608] O61 - LFC: 2015/10/26 14:01:45 A . (.Ilmasoft FZE.) -- C:\Users\cp\AppData\Local\Packages\46759IlmasoftFZE.MyFirstBookofArabic_71p4a8j8rt9d2\AC\Microsoft\CLR_v4.0_32\NativeImages\MFB-AR\086761503b82d192f165cc97b5611125\MFB-AR.ni.exe [535040] O61 - LFC: 2015/10/26 14:00:26 A . (.Copyright © 2012.) -- C:\Users\cp\AppData\Local\Packages\46759IlmasoftFZE.KidsIQArabic_71p4a8j8rt9d2\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.W64cef312#\42367fc977827cd345731b99748da399\Microsoft.WindowsAzure.Messaging.Managed.ni.dll [644608] O61 - LFC: 2015/10/26 14:00:22 A . (.Ilmasoft FZE.) -- C:\Users\cp\AppData\Local\Packages\46759IlmasoftFZE.KidsIQArabic_71p4a8j8rt9d2\AC\Microsoft\CLR_v4.0_32\NativeImages\KIQ_AR\b7741a543d1ab1c3e934163b2396f53c\KIQ_AR.ni.exe [309248] O61 - LFC: 2015/10/26 14:00:20 A . (.Copyright © 2014.) -- C:\Users\cp\AppData\Local\Packages\40380AlgeriaEducation.CorpsHumain_4fh4j95cjnty4\AC\Microsoft\CLR_v4.0_32\NativeImages\HumanBody\400cc4e584417e3e672f2dad3a7b194f\HumanBody.ni.exe [324096] O61 - LFC: 2015/10/26 14:00:18 A . (.Copyright © 2014.) -- C:\Users\cp\AppData\Local\Packages\40380AlgeriaEducation.5210792FA969E_4fh4j95cjnty4\AC\Microsoft\CLR_v4.0_32\NativeImages\LearnAlpha\3f0433031f980faacca9ea6e6196d4ea\LearnAlpha.ni.exe [520704] O61 - LFC: 2015/10/26 14:00:15 A . (.Copyright © 2014.) -- C:\Users\cp\AppData\Local\Packages\12106AlaaElhady.63250B1CC0E6D_16a5jx4zbjxp0\AC\Microsoft\CLR_v4.0_32\NativeImages\AdDuplex.Unb1b08295#\c4d9873609e1b12081e0b3191060122e\AdDuplex.Universal.Win.WinRT.ni.dll [673792] O61 - LFC: 2015/10/26 13:59:57 A . (.Copyright © 2014.) -- C:\Users\cp\AppData\Local\Packages\12106AlaaElhady.63250B1CC0E6D_16a5jx4zbjxp0\AC\Microsoft\CLR_v4.0_32\NativeImages\AdDuplex.Un1b2e3881#\5409dd6feac5bd41ae8142775bd69b64\AdDuplex.Universal.Controls.Win.XAML.ni.dll [258560] O61 - LFC: 2015/10/26 13:59:55 A . (.Copyright © 2015.) -- C:\Users\cp\AppData\Local\Packages\12106AlaaElhady.63250B1CC0E6D_16a5jx4zbjxp0\AC\Microsoft\CLR_v4.0_32\NativeImages\A.Windows\0311f04834f013f01f61b2593fab38c5\A.Windows.ni.exe [247296] O61 - LFC: 2015/10/28 16:42:56 A . (..) -- C:\Users\cp\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [674082] ---\\ File Associations Shell Spawning (11) - 0s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe © O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe © O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe © O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe © O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe ---\\ Start Menu Internet (12) - 1s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\Spark.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Copyright (C) 2011 - spark.) -- C:\Program Files\baidu\Baidu Browser\spark.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - ‎‎الأداة المساعدة للتهيئة لكل مستخدم لـ IE.) -- C:\Windows\System32\ie4uinit.exe © ---\\ Search Browser Infection (1) - 1s O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ ---\\ Search Svchost Services (36) - 1s O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [160768] © O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [128512] © O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - خدمة نشر شهادة البطاقة الذكية لـ Microsoft.) -- C:\Windows\System32\certprop.dll [128512] © O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [244224] © O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - عميل نهج المجموعة.) -- C:\Windows\System32\gpsvc.dll [1165312] © O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [730112] © O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [795648] © O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي الخاصة بخدمة تسجي.) -- C:\Windows\System32\seclogon.dll [23040] © O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [89600] © O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [116224] © O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [91136] © O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - خدمة جدولة المهام.) -- C:\Windows\System32\schedsvc.dll [1015808] © O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [174592] © O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [73728] © O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [105472] © O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [191488] © O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [280576] © O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - تقارير المشاكل وحلولها.) -- C:\Windows\System32\wercplsupport.dll [59392] © O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [75776] © O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [37376] © O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\Windows\System32\wlidsvc.dll [1203200] © O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Windows Location Framework Service.) -- C:\Windows\System32\GeofenceMonitorService.dll [367104] © O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [299008] © O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\Windows\System32\DeviceSetupManager.dll [165376] © O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\Windows\System32\NcaSvc.dll [141312] © O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [93696] © O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [457216] © O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [177664] © O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [54784] © O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [380928] © O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [248320] © O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - عامل Windows Update.) -- C:\Windows\System32\wuaueng.dll [3066368] © O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [801792] © O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - مكتبة الارتباط الديناميكي لخدمات Windows Sh.) -- C:\Windows\System32\shsvcs.dll [564736] © O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - خدمة تثبت البرامج.) -- C:\Windows\System32\appmgmts.dll [151040] © O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filt.) -- C:\Windows\System32\KeyboardFilterSvc.dll [75104] © ---\\ Firewall Active Exception List (14) - 4s O87 - FAEL: "TCP Query User{EBC4FA83-2704-4B8F-BF2D-7422E7396D29}C:\program files\formatfactory\ffmodules\package\pfinstonline.exe" [In-None-P6-TRUE] .(.Picosmos - App P2P Installer.) -- C:\program files\formatfactory\ffmodules\package\pfinstonline.exe O87 - FAEL: "UDP Query User{DB346245-A287-40A9-A4FF-A19032C16914}C:\program files\formatfactory\ffmodules\package\pfinstonline.exe" [In-None-P17-TRUE] .(.Picosmos - App P2P Installer.) -- C:\program files\formatfactory\ffmodules\package\pfinstonline.exe O87 - FAEL: "{893AB9D9-02DE-4756-B0D9-5EB8B50C90F3}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Dell Remote Access\ezi_ra.exe (.not file.) O87 - FAEL: "{156929FF-986D-45E7-A8CD-FD64D0DA5F27}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Dell Remote Access\ezi_ra.exe (.not file.) O87 - FAEL: "{D143C0EF-20A5-4E1C-824F-C068A49519C6}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (.not file.) O87 - FAEL: "{4C032907-4051-4FFE-BD3E-4DD3F281ABA0}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (.not file.) O87 - FAEL: "{0926AEC6-41D8-48BC-B1F9-3DBA963E1AA8}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Moborobo\Moborobo.exe O87 - FAEL: "{A8C5F39E-B015-49F7-A9AE-73B06736DAB7}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Moborobo\Moborobo.exe O87 - FAEL: "{A72057C3-11C0-44FF-BA21-0C3C20A8DB83}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Moborobo\Moborobo.exe O87 - FAEL: "{858A2360-2A28-4C71-AE15-3A81B0BE0BF9}" [In-None-P17-TRUE] .(...) -- C:\Program Files\Moborobo\Moborobo.exe O87 - FAEL: "{1EC1C717-4ED5-4A73-AE92-BB6EB5ECE640}" [In-None-P6-TRUE] .(...) -- F:\Appso\BitTorrent 7.9 Build 30659.exe (.not file.) O87 - FAEL: "{1BC37FDC-177D-4CA7-88F9-42ACD4DA8388}" [In-None-P17-TRUE] .(...) -- F:\Appso\BitTorrent 7.9 Build 30659.exe (.not file.) O87 - FAEL: "{35E9F2FA-EF3D-4B1E-BB9E-0829AE26695B}" [In-None-P6-TRUE] .(.@ByELDI - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico O87 - FAEL: "{0B7EF42F-D784-4308-AFFE-2F4C7423F911}" [In-None-P17-TRUE] .(.@ByELDI - Service_KMS.) -- C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico ---\\ Services not Microsoft (SR=Run, SS=Stop) (16) - 39s SS - Demand [2015/10/21 03:56:59] [ 269000] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe © SR - Auto [2014/11/21 04:12:38] [ 212992] (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe © SS - Auto [2013/09/04 18:12:38] [ 1678040] @oem38.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Man (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe © SR - Auto [2012/02/16 10:37:08] [ 20480] BTDevManager (BTDevManager) . (...) - C:\Program Files\Realtek\Realtek Bluetooth\BTDevMgr.exe SR - Auto [2008/06/05 19:07:00] [ 518696] Bluetooth Service (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe © SS - Demand [2015/06/01 21:00:10] [ 290224] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe © SR - Auto [2011/09/22 12:03:30] [ 974944] ESET Service (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe © SS - Auto [2015/09/15 05:57:28] [ 144200] خدمة Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe © SS - Demand [2015/09/15 05:57:28] [ 144200] خدمة Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe © SR - Auto [2012/05/11 14:37:30] [ 30720] RtkBleServ (RtkBleServ) . (.Realtek Semiconductor Corporation.) - C:\Program Files\Realtek\Realtek Bluetooth\RtkBleServ.exe © SR - Auto [2014/12/04 21:07:20] [ 966336] Service KMSELDI (Service KMSELDI) . (.@ByELDI.) - C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico SR - Auto [2015/10/28 08:27:52] [ 97080] Baidu Spark Service (SparkSvc) . (.Baidu Inc..) - C:\Program Files\baidu\Baidu Browser\sparkservice.exe SS - Demand [2015/07/02 16:01:47] [ 1371960] Baidu Spark Updater (SparkUpdater) . (.Baidu.com, Inc..) - C:\Program Files\baidu\SparkUpdate\Sparkupdate.exe SR - Auto [2015/05/21 08:02:42] [ 743688] SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe © SS - Demand [2015/08/17 17:02:14] [ 103824] Wondershare Driver Install Service (WsDrvInst) . (.Wondershare.) - C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe © ---\\ Additional Scan (O88) (20) - 0s C:\Program Files\KMSpico\Service_KMS.exe =>HackTool.KMSpico C:\Users\cp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI =>HackTool.KMSpico C:\Program Files\KMSpico\AutoPico.exe =>HackTool.KMSpico C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe =>HackTool.AutoKMS C:\Windows\Tasks\DriverToolkit Autorun.job =>PUP.Optional.DriverToolkit C:\Windows\System32\Tasks\AutoPico Daily Restart =>HackTool.KMSpico C:\Windows\System32\Tasks\DriverToolkit Autorun =>PUP.Optional.DriverToolkit C:\Windows\System32\Tasks\KMS Server Daily Activate =>HackTool.AutoKMS C:\Windows\System32\Tasks\KMS Server OnLogon Activate =>HackTool.AutoKMS HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 =>HackTool.KMSpico HKCU\SOFTWARE\DriverToolkit =>PUP.Optional.DriverToolkit C:\Program Files\DriverToolkit =>PUP.Optional.DriverToolkit C:\Program Files\KMSpico =>HackTool.KMSpico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico C:\ProgramData\Babylon =>PUP.Optional.Babylon C:\Users\cp\AppData\Roaming\Babylon =>PUP.Optional.Babylon C:\Users\cp\AppData\Local\Babylon =>PUP.Optional.Babylon C:\Users\cp\AppData\Local\DriverToolkit =>PUP.Optional.DriverToolkit C:\Windows\Prefetch\VDOWNLOADER4OC.EXE-976BEE55.pf =>PUP.Optional.OpenCandy ---\\ Summary of the elements found (7) - 0s http://www.nicolascoolman.fr/pup-kmspico/ =>HackTool.KMSpico http://www.nicolascoolman.fr/toolbar-ask/ =>Toolbar.Ask http://www.nicolascoolman.fr/adware-bandoo/ =>PUP.Optional.Bandoo http://www.nicolascoolman.fr/blog =>PUP.Optional.DriverToolkit http://www.nicolascoolman.fr/trojan-autokms/ =>HackTool.AutoKMS http://www.nicolascoolman.fr/pup-babylon/ =>PUP.Optional.Babylon http://www.nicolascoolman.fr/adware-opencandy/ =>PUP.Optional.OpenCandy ~ End of the scan, 24939 items in 179 seconds (840)(0)()