~ ZHPDiag v2015.10.2.147 By Nicolas Coolman (2015/10/02) ~ Run by RA (Administrator) (2015/10/08 04:04:20) ~ Web: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Users\RA\Desktop\ZHPDiag.txt ~ Report: C:\Users\RA\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Activate ~ System startup: Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Internet Browsers (2) - 0s MFIE: Mozilla Firefox 40.0.3 (x86 en-US) v40.0.3 MSIE: Internet Explorer v9.0.8112.16421 ---\\ Windows Product Information (4) - 3s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK Windows Automatic Updates : OK Windows Activation Technologies : KO ---\\ System protection software (2) - 3s Avira Antivirus v15.0.12.420 Windows Defender W7 (Deactivate) ---\\ Information on the system (6) - 0s ~ Operating System: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64-bit ~ Boot mode: Normal (Normal boot) Total RAM: 4140.912 MB (35% free) ~ System Restore: Activé (Enable) ~ System drive C: has 85 GB free of 199 GB ---\\ Connection to the system mode (3) - 0s ~ Computer Name: RA-PC ~ User Name: RA ~ Logged in as Administrator ---\\ Enumeration of the disk units (3) - 0s ~ Drive C: has 85 GB free of 199 GB (System) ~ Drive D: has 54 GB free of 199 GB ~ Drive E: has 14 GB free of 210 GB ---\\ State of the Windows Security Center (10) - 0s [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK ---\\ Search Generic System Files (25) - 1s [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2871808] © [MD5.DD81D91FF3B0763C392422865C9AC12E] - (.Microsoft Corporation - Windows host process (Rundll32).) () -- C:\Windows\System32\rundll32.exe [45568] © [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) () -- C:\Windows\System32\Wininit.exe [129024] © [MD5.5121DB613E10A46A3C5085B479026AA7] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\Windows\System32\wininet.dll [1392128] © [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) () -- C:\Windows\System32\Winlogon.exe [390656] © [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) () -- C:\Windows\System32\sppcomapi.dll [232448] © [MD5.492D07D79E7024CA310867B526D9636D] - (.Microsoft Corporation - DNS Client API DLL.) () -- C:\Windows\System32\dnsapi.dll [357888] © [MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - (.Microsoft Corporation - DNS Client API DLL.) () -- C:\Windows\Syswow64\dnsapi.dll [270336] © [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [498688] © [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [24128] © [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [92160] © [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [147456] © [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [102400] © [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [122368] © [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) () -- C:\Windows\System32\drivers\i8042prt.sys [105472] © [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [116224] © [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [158208] © [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [261632] © [MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - NT File System Driver.) () -- C:\Windows\System32\drivers\ntfs.sys [1659760] © [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) () -- C:\Windows\System32\drivers\Parport.sys [97280] © [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [129536] © [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [165888] © [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) () -- C:\Windows\System32\drivers\smb.sys [93184] © [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [119296] © [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) () -- C:\Windows\System32\drivers\volsnap.sys [295808] © ---\\ Process running (39) - 3s [MD5.2870CE9BFD6BA66FB0FFC6D11C9E41A7] - (.Arcai.com - Arp Intelligent Protection Service.) -- C:\Program Files (x86)\netcut\services\aips.exe [262144] [PID.1100] © [MD5.E20B4F23EB153635D67944F63454EC84] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672] [PID.1464] © [MD5.61BA8BD94B0BCD2A138446FB49A441A3] - (.Copyright (C) 2015 - .) -- C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [415608] [PID.1792] [MD5.7736CDCCA38519FD637C82638A06B4FF] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1143720] [PID.2016] © [MD5.051B0369593D350A0610FC2E3F1F8AFD] - (.Acronis - File Level CDP Manager Service.) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3783672] [PID.1096] © [MD5.C5D79C8D3C010A083C21A9612B4D906E] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [173672] [PID.1472] © [MD5.A0B03897D4A8DA274467C4B9FC292ACE] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [401512] [PID.1624] © [MD5.1F963E569AD9764CACB397452F72608C] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [444008] [PID.1820] © [MD5.547E975DC8F8EDEBE832009EC04A37B9] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152] [PID.1956] © [MD5.4E19C3F4919A8ED4A5F955B100472AED] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe [1821536] [PID.1948] [MD5.E20B4F23EB153635D67944F63454EC84] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672] [PID.1744] © [MD5.27F8A7A78773427E5D931628F89D6839] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008] [PID.2144] © [MD5.6EB87FDB59AABF6D19C927492DEA0D36] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128] [PID.2456] © [MD5.1778EBA872274C1226D869CD9486847E] - (.InterVideo Inc. - Capture Device Service.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168] [PID.2680] © [MD5.8A9919DAE95708B073827EA3C88DFF03] - (.Copyright 2015. All rights reserved. - Service.) -- C:\Program Files (x86)\RayDld\ihpmServer.exe [268520] [PID.2776] =>PUP.Optional.CrossRider [MD5.732ED03303FEE8003E2922D87ABF9903] - (...) -- C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe [585728] [PID.2892] =>PUP.Optional.LuckyBrowse [MD5.BD73B430A25D9B1F3257D5157B82D3BC] - (.(C) 广州铁人网络科技有限公司。保留所有权利。 - PP助手辅助模块.) -- C:\Program Files (x86)\PP助手2.0\adevicehelpersvr.exe [118496] [PID.2936] [MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760] [PID.2972] [MD5.24680B56D862F1DE30C13FC64B80F568] - (.Avira Operations GmbH & Co. KG - Avira.ServiceHost.) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104] [PID.2124] © [MD5.C33C818E4893BCB27C67B04D8ED8222A] - (.广州铁人网络科技有限公司 - PP助手连接模块.) -- C:\Program Files (x86)\PP助手2.0\adevicehelpermon.exe [247008] [PID.2360] [MD5.40E63A7B9993496620D503AF6DDC92C3] - (.BitTorrent Inc. - WebHelper.) -- C:\Users\RA\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe [336896] [PID.540] [MD5.40E63A7B9993496620D503AF6DDC92C3] - (.BitTorrent Inc. - WebHelper.) -- C:\Users\RA\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe [336896] [PID.2840] [MD5.E9C6EF9437ECB30911488F9313AD821A] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.1256] © [MD5.094F3AC18AF083D542D96EBEF1F28161] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files (x86)\Avira\Antivirus\avshadow.exe [632152] [PID.3340] © [MD5.6E51006C8447A701B237156F1805BE6D] - (.Avira Operations GmbH & Co. KG - Avira Launcher.) -- C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [132808] [PID.3384] © [MD5.83FF82FE209E7997067B375DAD6CF23D] - (.Intel Corporation - Intel(R) Integrated Clock Controller Servic.) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752] [PID.3800] © [MD5.70042E6C2B695E2978B2E13654EF276E] - (.Acronis - TrueImage Sync Agent Service.) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7084672] [PID.2656] © [MD5.2565447320BCC0A5EDE86267A2B27A18] - (.Alexander Roshal - WinRAR archiver.) -- C:\Program Files\WinRAR\WinRAR.exe [1502808] [PID.3992] [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.884] © [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.3976] © [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.3060] © [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.2404] © [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.2792] © [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.3244] © [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.2152] © [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.4308] © [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.616] © [MD5.584EA08688C7945523D81BF25B63C89C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240] [PID.4632] © [MD5.DD7DAC8A6913EB893372091E96871F95] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\RA\Desktop\ZHPDiag3.exe [1940992] [PID.416] © ---\\ Google Chrome, Start,Search,Extensions (11) - 1s G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [egnjhciaieeiiohknchakcodbpgjnchh] Tab Wrangler G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module G2 - GCE: Preference [User Data\Default] [mpkahncaehjddplfiimflhkghancgldb] __MSG_application_title__ G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc. ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (6) - 1s M0 - MFSP: prefs.js [RA - ktrv81ik.default] http://www.oursurfing.com/?type=hp&ts=1442316437&z=62b27fb71459e23e1804b09cb4cff176gzzocgqzcm&from=exp1&uid=hitachixhts547564a9e384_j21a0053gb4ggngb4ggnx =>PUP.Optional.OurSurfing P2 - EXT FILE: (...) -- C:\Users\RA\AppData\Roaming\Mozilla\Firefox\Profiles\ktrv81ik.default\extensions\{08af550f-210b-44e5-9075-359e26d7bd75}.xpi P2 - EXT: (.Mozilla - Default.) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} © P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) -- C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll © P2 - FPN: [HKLM] [@itools.hk/npiTools, version=1.0.0] - (.itools.hk Copyright (C) 2012.) -- C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll P2 - FPN: [HKLM] [@photodex.com/PhotodexPresenter] - (.Photodex Corporation.) -- C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll © ---\\ Internet Explorer Extensions, Start, Search (17) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearch.avira.com/ R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearch.avira.com/ R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://safesearch.avira.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://safesearch.avira.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://safesearch.avira.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://safesearch.avira.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://safesearch.avira.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://safesearch.avira.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://safesearch.avira.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://safesearch.avira.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://safesearch.avira.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://safesearch.avira.com/ R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer ---\\ Internet Explorer, Proxy Management (4) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\Windows\System32\Userinit.exe (.Microsoft Corporation.) © F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) © F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.) © ---\\ Hosts file redirection (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (21) ---\\ Browser Helper Object (BHO) (4) - 0s O2 - BHO: IDM Helper [64Bits] - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll © O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll © O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll © O2 - BHO: iToolsBHO [64Bits] - {E1499FE7-129D-4B6E-B681-DDF21E14172C} . (.iTools.hk - .) -- C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll ---\\ Auto loading programs from Registry and folders (15) - 1s O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe © O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe © O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe © O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe © O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe © O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe © O4 - HKLM\..\Wow6432Node\Run: [Avira SystrayStartTrigger] . (.Avira Operations GmbH & Co. KG - Avira.SystrayStartTrigger.) -- C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe © O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe © O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe © O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe © O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe © O4 - HKUS\S-1-5-21-1809513873-1977357641-2703349812-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe © O4 - HKUS\S-1-5-21-1809513873-1977357641-2703349812-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe O4 - HKUS\S-1-5-21-1809513873-1977357641-2703349812-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe © ---\\ Lop.com/Domain Hijackers (3) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Extra protocols (22) - 0s O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll © O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll © O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll © O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll © O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll © O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll © O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll © O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll © O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll © O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll © O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll © O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll © O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll © O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll © O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll © O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll © O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll © O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll © O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll © O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll © O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll © O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL © ---\\ Non Microsoft non disabled Windows Services (15) - 1s O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) . (.Acronis - Acronis Scheduler 2.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe © O23 - Service: Arp Intelligent Protection Service (AIPS) . (.Arcai.com - Arp Intelligent Protection Service.) - C:\Program Files (x86)\netcut\services\aips.exe © O23 - Service: Avira Mail Protection (AntiVirMailService) . (.Avira Operations GmbH & Co. KG - Antivirus MailScanner WFP Service.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe © O23 - Service: Avira Scheduler (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe © O23 - Service: Avira Real-Time Protection (AntiVirService) . (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe © O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe © O23 - Service: Avira Service Host (Avira.ServiceHost) . (.Avira Operations GmbH & Co. KG - Avira.ServiceHost.) - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe © O23 - Service: Capture Device Service (Capture Device Service) . (.InterVideo Inc. - Capture Device Service.) - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe © O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe © O23 - Service: ihpmServer (ihpmServer) . (.Copyright 2015. All rights reserved. - Service.) - C:\Program Files (x86)\RayDld\ihpmServer.exe =>PUP.Optional.CrossRider O23 - Service: LuckyBrowse (LuckyBrowse) . (. - ServiceStarter.) - C:\Program Files (x86)\LuckyBrowse\app\luckyBrowseStarter.exe =>PUP.Optional.LuckyBrowse O23 - Service: PP Assistant Service (PP Assistant Service) . (.(C) 广州铁人网络科技有限公司。保留所有权利。 - PP助手辅助模块.) - C:\Program Files (x86)\PP助手2.0\adevicehelpersvr.exe O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe © O23 - Service: Acronis Sync Agent Service (syncagentsrv) . (.Acronis - TrueImage Sync Agent Service.) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe © ---\\ Task Planned Automatically (11) - 3s [MD5.E1B44A75947137F4143308D566889837] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848] © [MD5.E1B44A75947137F4143308D566889837] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848] © [MD5.61BA8BD94B0BCD2A138446FB49A441A3] [APT] [iToolsDaemon] (.Copyright (C) 2015.) -- C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [415608] [MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984] © [MD5.00000000000000000000000000000000] [APT] [Lenovo\Lenovo Customer Feedback Program 64 35] (...) -- C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (.not file.) [0] O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [894] © O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [898] © O39 - APT: iToolsDaemon - (.Copyright (C) 2015.) -- C:\Windows\Tasks\iToolsDaemon.job [312] O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3642] © O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [3894] © O39 - APT: iToolsDaemon - (.Copyright (C) 2015.) -- C:\Windows\System32\Tasks\iToolsDaemon [3274] ---\\ Software installed (59) - 7s O42 - Logiciel: NET Render Client 13.016 - (.MAXON Computer GmbH.) [HKLM][64Bits] -- MAXON8C66D661 O42 - Logiciel: Recuva - (.Piriform.) [HKLM][64Bits] -- Recuva © O42 - Logiciel: Ski Search - (.Ski Search.) [HKLM][64Bits] -- Ski Search =>PUP.Optional.SkiSearch O42 - Logiciel: TeraCopy 2.3 - (.Code Sector.) [HKLM][64Bits] -- TeraCopy_is1 O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player © O42 - Logiciel: WinRAR 5.21 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver © O42 - Logiciel: PDFCreator - (.pdfforge.) [HKLM][64Bits] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} © O42 - Logiciel: Java 8 Update 60 (64-bit) - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F86418060F0} © O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {5D61F006-168C-4B8B-B7FD-F113C10AE0E4} © O42 - Logiciel: Apple Application Support (64-bit) - (.Apple Inc..) [HKLM][64Bits] -- {B255D495-4734-4E9B-B4F5-96702FD4A7B9} © O42 - Logiciel: Adobe Photoshop Lightroom 5.7.1 64-bit - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {BC86B82C-8C0E-4408-9AC1-6B0F2D636963} © O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {BFEAB774-C7DC-4032-B05A-DA5F7CB7B365} © O42 - Logiciel: 3D-Album-CS - (...) [HKLM][64Bits] -- 3D-Album-CS O42 - Logiciel: Adobe Photoshop 7.0 ME - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Photoshop 7.0 ME © O42 - Logiciel: AIMP3 - (.AIMP DevTeam.) [HKLM][64Bits] -- AIMP3 © O42 - Logiciel: Audacity 2.0 - (.Audacity Team.) [HKLM][64Bits] -- Audacity_is1 © O42 - Logiciel: Avira Antivirus v15.0.12.420 - (.Avira Operations GmbH & Co. KG.) [HKLM][64Bits] -- Avira Antivirus © O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM][64Bits] -- DAEMON Tools Lite © O42 - Logiciel: Easy GIF Animator 6.0 - (.Karlis Blumentals.) [HKLM][64Bits] -- Easy GIF Animator_is1 © O42 - Logiciel: Foxit Reader - (.Foxit Software Inc..) [HKLM][64Bits] -- Foxit Reader_is1 © O42 - Logiciel: Freemake Video Converter version 4.1.5 - (.Ellora Assets Corporation.) [HKLM][64Bits] -- Freemake Video Converter_is1 © O42 - Logiciel: GI-Arabic Now - (.Global Integrated Solutions.) [HKLM][64Bits] -- GI-Arabic Now O42 - Logiciel: GOM Player - (.Gretech Corporation.) [HKLM][64Bits] -- GOM Player O42 - Logiciel: IcoFX 2.12 - (...) [HKLM][64Bits] -- IcoFX 2_is1 O42 - Logiciel: Ulead VideoStudio 11 - (.InterVideo Digital Technology Corporation.) [HKLM][64Bits] -- InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9} O42 - Logiciel: Internet Download Manager - (.Tonec Inc..) [HKLM][64Bits] -- Internet Download Manager © O42 - Logiciel: KPT(R) effects(TM) - (...) [HKLM][64Bits] -- KPT effects O42 - Logiciel: Mozilla Firefox 40.0.3 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 40.0.3 (x86 en-US) © O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService © O42 - Logiciel: Nero 11 - (...) [HKLM][64Bits] -- Nero 11 O42 - Logiciel: Photodex Presenter - (.Photodex Corporation.) [HKLM][64Bits] -- Photodex Presenter © O42 - Logiciel: PP助手2.0 - (.广州铁人网络科技有限公司.) [HKLM][64Bits] -- PP助手2.0 Win版 O42 - Logiciel: ProShow Gold - (.Photodex Corporation.) [HKLM][64Bits] -- ProShow Gold © O42 - Logiciel: RealFlow 5 - (...) [HKLM][64Bits] -- RealFlow 5 O42 - Logiciel: iTools 3 - (.Shenzhen Thinksky Technology Co., Ltd..) [HKLM][64Bits] -- ThinkSky O42 - Logiciel: Pro Evolution Soccer 2015 - (...) [HKLM][64Bits] -- UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1 O42 - Logiciel: Visviva Animation Capture - (...) [HKLM][64Bits] -- VAC O42 - Logiciel: Visviva Animation Player - (...) [HKLM][64Bits] -- Visviva Animation Player O42 - Logiciel: Xilisoft Transfert iPhone - (.Xilisoft.) [HKLM][64Bits] -- Xilisoft Transfert iPhone O42 - Logiciel: Your Uninstaller! 7 - (.URSoft, Inc..) [HKLM][64Bits] -- YU2010_is1 O42 - Logiciel: Google Chrome - (.Google, Inc..) [HKLM][64Bits] -- {0FA69F39-D0BF-3023-BAD8-9AA90EA79ED3} © O42 - Logiciel: Java 8 Update 60 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83218060F0} © O42 - Logiciel: Adobe After Effects CC 2014 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {2B22C750-5C3B-4738-B621-BA786AC7A494} © O42 - Logiciel: Avira Launcher v1.1.45.11819 - (.Avira Operations GmbH & Co. KG.) [HKLM][64Bits] -- {315dd168-0794-4cf1-8355-f195cde642fc} © O42 - Logiciel: InterVideo DeviceService - (.InterVideo.) [HKLM][64Bits] -- {521AAD14-5030-44BB-8B0E-5CE65FCE57E0} © O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} © O42 - Logiciel: Skype™ 7.10 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {6A0549A9-1B96-498C-ACBC-3943001FEB19} © O42 - Logiciel: True Image 2013 - (.Acronis.) [HKLM][64Bits] -- {75BC2136-B6A1-4F3B-8A69-55E39C647B1F} © O42 - Logiciel: True Image 2013 - (.Acronis.) [HKLM][64Bits] -- {75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible © O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} © O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM][64Bits] -- {7FE25256-B7C1-480D-B736-10A67A833AEA} © O42 - Logiciel: Intel(R) C++ Redistributables on Intel(R) 64 - (.Intel Corporation.) [HKLM][64Bits] -- {AA67D612-0BE5-44D6-9A91-592958F754A1} © O42 - Logiciel: Camtasia Studio 8 - (.TechSmith Corporation.) [HKLM][64Bits] -- {BFA04EE0-8240-4667-8D53-45496A901C33} © O42 - Logiciel: Metric Collection SDK 35 - (.Lenovo Group Limited.) [HKLM][64Bits] -- {C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} © O42 - Logiciel: VSO ConvertXToDVD - (.VSO Software.) [HKLM][64Bits] -- {CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1 © O42 - Logiciel: Avira Launcher v1.1.45.11819 - (.Avira Operations GmbH & Co. KG.) [HKLM][64Bits] -- {EA226E08-91E7-4F05-B61E-3EDBBBEB15BB} © O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} © O42 - Logiciel: Intel(R) SDK for OpenCL - CPU Only Runtime Package - (.Intel Corporation.) [HKLM][64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573} © O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent ---\\ HKCU & HKLM Software Keys (96) - 7s HKLM\SOFTWARE\Wow6432Node\Acronis HKLM\SOFTWARE\Wow6432Node\Adobe HKLM\SOFTWARE\Wow6432Node\Apple Inc. HKLM\SOFTWARE\Wow6432Node\Arcai HKLM\SOFTWARE\Wow6432Node\Avira HKLM\SOFTWARE\Wow6432Node\Babylon =>PUP.Optional.Babylon HKLM\SOFTWARE\Wow6432Node\BabylonToolbar =>PUP.Optional.Babylon HKLM\SOFTWARE\Wow6432Node\Corel HKLM\SOFTWARE\Wow6432Node\DT Soft HKLM\SOFTWARE\Wow6432Node\Foxit Software HKLM\SOFTWARE\Wow6432Node\Freemake HKLM\SOFTWARE\Wow6432Node\Google HKLM\SOFTWARE\Wow6432Node\GRETECH HKLM\SOFTWARE\Wow6432Node\ihpmserver HKLM\SOFTWARE\Wow6432Node\IM Providers HKLM\SOFTWARE\Wow6432Node\Intel HKLM\SOFTWARE\Wow6432Node\Internet Download Manager HKLM\SOFTWARE\Wow6432Node\InterVideo HKLM\SOFTWARE\Wow6432Node\JavaSoft HKLM\SOFTWARE\Wow6432Node\JreMetrics HKLM\SOFTWARE\Wow6432Node\Khronos HKLM\SOFTWARE\Wow6432Node\KPT effects HKLM\SOFTWARE\Wow6432Node\Lenovo HKLM\SOFTWARE\Wow6432Node\Licenses HKLM\SOFTWARE\Wow6432Node\LuckyBrowse =>PUP.Optional.LuckyBrowse HKLM\SOFTWARE\Wow6432Node\Mozilla HKLM\SOFTWARE\Wow6432Node\mozilla.org HKLM\SOFTWARE\Wow6432Node\MozillaPlugins HKLM\SOFTWARE\Wow6432Node\Nero HKLM\SOFTWARE\Wow6432Node\Next Limit HKLM\SOFTWARE\Wow6432Node\ODBC HKLM\SOFTWARE\Wow6432Node\Photodex Media Sources HKLM\SOFTWARE\Wow6432Node\Photodex Presenter HKLM\SOFTWARE\Wow6432Node\RayDld =>PUP.Optional.CrossRider HKLM\SOFTWARE\Wow6432Node\Ski Search =>PUP.Optional.SkiSearch HKLM\SOFTWARE\Wow6432Node\Skype HKLM\SOFTWARE\Wow6432Node\SoftVTU HKLM\SOFTWARE\Wow6432Node\TechSmith HKLM\SOFTWARE\Wow6432Node\Ulead Systems HKLM\SOFTWARE\Wow6432Node\Visviva HKLM\SOFTWARE\Wow6432Node\VSO HKLM\SOFTWARE\Wow6432Node\Wise Solutions HKLM\SOFTWARE\Wow6432Node\X-AVCSD HKLM\SOFTWARE\Wow6432Node\Xilisoft HKLM\SOFTWARE\Wow6432Node\RegisteredApplications HKCU\SOFTWARE\Acronis HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\Apple Computer, Inc. HKCU\SOFTWARE\Apple Inc. HKCU\SOFTWARE\Audacity HKCU\SOFTWARE\Avira HKCU\SOFTWARE\BitTorrent HKCU\SOFTWARE\Code Sector HKCU\SOFTWARE\DownloadManager HKCU\SOFTWARE\DT Soft HKCU\SOFTWARE\Foxit Software HKCU\SOFTWARE\Freemake HKCU\SOFTWARE\Google HKCU\SOFTWARE\GRETECH HKCU\SOFTWARE\IcoFX2 HKCU\SOFTWARE\ihelper HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\Imobie HKCU\SOFTWARE\Intel HKCU\SOFTWARE\Karlis Blumentals HKCU\SOFTWARE\LeaderTech HKCU\SOFTWARE\Lenovo HKCU\SOFTWARE\MainConcept HKCU\SOFTWARE\MC4D HKCU\SOFTWARE\Mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\Nero HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\Next Limit Technologies HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\PDFCreator.net HKCU\SOFTWARE\Photodex HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\Ski Search =>PUP.Optional.SkiSearch HKCU\SOFTWARE\Skype HKCU\SOFTWARE\TechSmith HKCU\SOFTWARE\Teiron HKCU\SOFTWARE\Trolltech HKCU\SOFTWARE\Ulead HKCU\SOFTWARE\Ulead Systems HKCU\SOFTWARE\URSoft HKCU\SOFTWARE\Visviva HKCU\SOFTWARE\VSO HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\Wow6432Node HKCU\SOFTWARE\Xilisoft HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\AppDataLow\Software HKCU\SOFTWARE\AppDataLow\Software\JavaSoft ---\\ Contents of the Common Files folders (232) - 10s O43 - CFD: 2015/09/15 08:30:19 - [] D -- C:\Program Files (x86)\3D-Album-CS O43 - CFD: 2015/09/15 03:03:31 - [] D -- C:\Program Files (x86)\Acronis O43 - CFD: 2015/09/15 16:03:00 - [] D -- C:\Program Files (x86)\Adobe O43 - CFD: 2015/09/15 04:39:13 - [] D -- C:\Program Files (x86)\AIMP3 O43 - CFD: 2015/09/15 06:27:16 - [] D -- C:\Program Files (x86)\Apple Software Update O43 - CFD: 2015/09/26 14:36:41 - [] D -- C:\Program Files (x86)\Audacity O43 - CFD: 2015/09/15 07:57:24 - [] D -- C:\Program Files (x86)\Avira O43 - CFD: 2015/09/15 08:13:23 - [0] D -- C:\Program Files (x86)\Bonjour O43 - CFD: 2015/10/01 10:42:30 - [] D -- C:\Program Files (x86)\Common Files O43 - CFD: 2015/09/15 08:04:47 - [] D -- C:\Program Files (x86)\DAEMON Tools Lite O43 - CFD: 2015/09/17 06:10:37 - [] D -- C:\Program Files (x86)\Easy GIF Animator O43 - CFD: 2015/09/15 05:11:38 - [] D -- C:\Program Files (x86)\Foxit Software O43 - CFD: 2015/09/25 20:26:07 - [] D -- C:\Program Files (x86)\Freemake O43 - CFD: 2015/09/16 08:36:30 - [] D -- C:\Program Files (x86)\GIArabic O43 - CFD: 2015/09/16 08:21:14 - [] D -- C:\Program Files (x86)\GISolution O43 - CFD: 2015/09/15 04:24:14 - [] D -- C:\Program Files (x86)\Google O43 - CFD: 2015/10/02 10:50:12 - [] D -- C:\Program Files (x86)\GRETECH O43 - CFD: 2015/10/01 04:02:55 - [] D -- C:\Program Files (x86)\IcoFX 2 O43 - CFD: 2015/09/21 13:27:03 - [] D -- C:\Program Files (x86)\iMobie O43 - CFD: 2015/09/15 11:16:35 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 2015/09/15 04:06:33 - [] D -- C:\Program Files (x86)\Intel O43 - CFD: 2015/09/15 04:36:05 - [] D -- C:\Program Files (x86)\Internet Download Manager O43 - CFD: 2015/09/15 02:40:08 - [] D -- C:\Program Files (x86)\Internet Explorer O43 - CFD: 2015/09/15 06:27:57 - [] D -- C:\Program Files (x86)\iTunes O43 - CFD: 2015/09/15 04:32:52 - [] D -- C:\Program Files (x86)\Java O43 - CFD: 2015/09/15 10:22:11 - [0] D -- C:\Program Files (x86)\Lenovo O43 - CFD: 2015/09/15 04:27:36 - [] D -- C:\Program Files (x86)\LuckyBrowse =>PUP.Optional.LuckyBrowse O43 - CFD: 2015/09/20 05:32:57 - [] D -- C:\Program Files (x86)\Microsoft Office O43 - CFD: 2015/09/20 05:32:52 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio O43 - CFD: 2015/09/20 05:29:38 - [] D -- C:\Program Files (x86)\Microsoft Visual Studio 8 O43 - CFD: 2015/09/20 05:33:24 - [] D -- C:\Program Files (x86)\Microsoft Works O43 - CFD: 2015/09/20 05:32:15 - [] D -- C:\Program Files (x86)\Microsoft.NET O43 - CFD: 2015/10/05 12:43:32 - [] D -- C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 2015/10/05 12:43:21 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service O43 - CFD: 2015/09/20 05:33:11 - [] D -- C:\Program Files (x86)\MSBuild O43 - CFD: 2015/09/18 03:27:54 - [] D -- C:\Program Files (x86)\Nero O43 - CFD: 2015/09/20 12:03:48 - [] D -- C:\Program Files (x86)\netcut O43 - CFD: 2015/09/16 07:57:30 - [] D -- C:\Program Files (x86)\Photodex O43 - CFD: 2015/09/16 07:57:49 - [] D -- C:\Program Files (x86)\Photodex Presenter O43 - CFD: 2015/09/20 05:35:32 - [] D -- C:\Program Files (x86)\PP助手2.0 O43 - CFD: 2015/09/15 11:32:16 - [] D -- C:\Program Files (x86)\Pro Evolution Soccer 2015 O43 - CFD: 2015/09/16 04:58:38 - [] D -- C:\Program Files (x86)\QuickTime O43 - CFD: 2015/09/15 04:28:06 - [] D -- C:\Program Files (x86)\RayDld =>PUP.Optional.CrossRider O43 - CFD: 2009/07/13 22:32:38 - [] D -- C:\Program Files (x86)\Reference Assemblies O43 - CFD: 2015/09/27 08:51:39 - [] D -- C:\Program Files (x86)\Ski Search =>PUP.Optional.SkiSearch O43 - CFD: 2015/09/15 04:42:01 - [] RD -- C:\Program Files (x86)\Skype O43 - CFD: 2015/09/16 04:58:18 - [] D -- C:\Program Files (x86)\TechSmith O43 - CFD: 2015/09/16 08:44:33 - [0] D -- C:\Program Files (x86)\th3professional O43 - CFD: 2015/09/20 12:07:03 - [] D -- C:\Program Files (x86)\ThinkSky O43 - CFD: 2015/09/15 11:14:34 - [] D -- C:\Program Files (x86)\Ulead Systems O43 - CFD: 2009/07/13 21:57:06 - [0] HD -- C:\Program Files (x86)\Uninstall Information O43 - CFD: 2015/09/15 11:05:13 - [] D -- C:\Program Files (x86)\VSO O43 - CFD: 2015/09/16 08:28:02 - [] D -- C:\Program Files (x86)\Waseet303 O43 - CFD: 2011/04/12 01:17:53 - [] D -- C:\Program Files (x86)\Windows Defender O43 - CFD: 2011/04/12 01:17:53 - [] D -- C:\Program Files (x86)\Windows Mail O43 - CFD: 2015/09/15 11:15:33 - [] D -- C:\Program Files (x86)\Windows Media Components O43 - CFD: 2011/04/12 01:17:53 - [] D -- C:\Program Files (x86)\Windows Media Player O43 - CFD: 2009/07/13 22:32:38 - [] D -- C:\Program Files (x86)\Windows NT O43 - CFD: 2011/04/12 01:17:53 - [] D -- C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 2010/11/20 20:31:38 - [] D -- C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 2011/04/12 01:17:53 - [] D -- C:\Program Files (x86)\Windows Sidebar O43 - CFD: 2015/09/15 08:15:35 - [0] D -- C:\Program Files (x86)\Winrar O43 - CFD: 2015/09/20 05:40:14 - [0] D -- C:\Program Files (x86)\WOLFCODERS SecurityCam O43 - CFD: 2015/09/20 12:52:13 - [] D -- C:\Program Files (x86)\Xilisoft O43 - CFD: 2015/09/15 08:07:51 - [] D -- C:\Program Files (x86)\Your Uninstaller! 7 O43 - CFD: 2015/09/15 02:33:33 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2015/09/15 03:03:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis O43 - CFD: 2015/09/15 02:33:47 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/09/15 04:39:20 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 O43 - CFD: 2015/09/16 14:05:25 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira O43 - CFD: 2015/09/15 08:06:11 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite O43 - CFD: 2015/09/17 06:09:51 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy GIF Animator O43 - CFD: 2015/09/15 05:11:52 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader O43 - CFD: 2015/09/25 20:26:08 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake O43 - CFD: 2015/09/15 02:33:45 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 2015/09/16 14:07:13 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GISolution O43 - CFD: 2015/10/02 10:50:28 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player O43 - CFD: 2015/09/15 04:24:29 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 2015/09/15 04:34:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 2015/09/15 06:28:24 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes O43 - CFD: 2015/09/15 04:38:43 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java O43 - CFD: 2015/09/15 16:10:54 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KPT effects O43 - CFD: 2009/07/13 21:57:09 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/10/01 06:58:22 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON O43 - CFD: 2015/09/20 05:35:02 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O43 - CFD: 2015/09/18 03:28:15 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 11 O43 - CFD: 2015/10/01 12:08:13 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Next Limit O43 - CFD: 2015/09/15 06:45:56 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator O43 - CFD: 2015/09/20 05:28:13 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PP助手2.0 O43 - CFD: 2015/09/16 07:57:51 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold O43 - CFD: 2015/09/30 17:45:51 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva O43 - CFD: 2015/09/15 04:42:05 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 2015/09/16 07:14:05 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 2011/04/12 01:28:08 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 2015/09/16 04:58:41 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith O43 - CFD: 2015/09/15 04:39:03 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy O43 - CFD: 2015/09/15 11:16:06 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 11 O43 - CFD: 2015/09/15 04:40:19 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN O43 - CFD: 2015/09/15 11:05:18 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO O43 - CFD: 2015/09/16 08:28:02 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WASEET303 O43 - CFD: 2015/09/15 04:39:01 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 2015/09/21 13:28:20 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft O43 - CFD: 2015/09/15 08:07:51 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7 O43 - CFD: 2015/09/20 06:19:40 - [] D -- C:\ProgramData\Acronis O43 - CFD: 2015/09/15 17:14:37 - [] D -- C:\ProgramData\Adobe O43 - CFD: 2015/09/15 06:27:39 - [] D -- C:\ProgramData\Apple O43 - CFD: 2015/09/15 06:27:55 - [] D -- C:\ProgramData\Apple Computer O43 - CFD: 2009/07/13 22:08:56 - [0] SHD -- C:\ProgramData\Application Data O43 - CFD: 2015/09/15 07:57:24 - [] D -- C:\ProgramData\Avira O43 - CFD: 2015/09/15 08:07:23 - [0] D -- C:\ProgramData\Babylon =>PUP.Optional.Babylon O43 - CFD: 2015/09/15 08:06:57 - [] D -- C:\ProgramData\DAEMON Tools Lite O43 - CFD: 2009/07/13 22:08:56 - [0] SHD -- C:\ProgramData\Desktop O43 - CFD: 2009/07/13 22:08:56 - [0] SHD -- C:\ProgramData\Documents O43 - CFD: 2009/07/13 22:08:56 - [0] SHD -- C:\ProgramData\Favorites O43 - CFD: 2015/09/25 20:26:26 - [] D -- C:\ProgramData\Freemake O43 - CFD: 2015/10/02 10:51:24 - [] D -- C:\ProgramData\GRETECH O43 - CFD: 2015/10/01 04:02:55 - [] D -- C:\ProgramData\IcoFX2X O43 - CFD: 2015/09/15 04:35:02 - [0] D -- C:\ProgramData\IDM O43 - CFD: 2015/09/15 04:06:36 - [] D -- C:\ProgramData\Intel O43 - CFD: 2015/09/15 11:16:49 - [] D -- C:\ProgramData\InterVideo O43 - CFD: 2015/09/16 16:40:32 - [] D -- C:\ProgramData\KONAMI O43 - CFD: 2015/09/15 04:27:36 - [] D -- C:\ProgramData\LuckyBrowse =>PUP.Optional.LuckyBrowse O43 - CFD: 2015/09/20 05:32:15 - [] SD -- C:\ProgramData\Microsoft O43 - CFD: 2015/09/20 05:35:07 - [] D -- C:\ProgramData\Microsoft Help O43 - CFD: 2015/09/15 04:32:48 - [] D -- C:\ProgramData\Oracle O43 - CFD: 2015/09/16 14:05:27 - [] D -- C:\ProgramData\Package Cache O43 - CFD: 2015/09/16 07:57:35 - [] D -- C:\ProgramData\Photodex O43 - CFD: 2015/09/15 11:42:13 - [] D -- C:\ProgramData\regid.1986-12.com.adobe O43 - CFD: 2015/09/16 04:58:39 - [] D -- C:\ProgramData\regid.1995-08.com.techsmith O43 - CFD: 2015/09/15 04:42:12 - [] D -- C:\ProgramData\Skype O43 - CFD: 2009/07/13 22:08:56 - [0] SHD -- C:\ProgramData\Start Menu O43 - CFD: 2015/09/15 17:13:46 - [] D -- C:\ProgramData\Steam O43 - CFD: 2015/09/16 04:58:18 - [] D -- C:\ProgramData\TechSmith O43 - CFD: 2015/10/01 10:40:09 - [0] AD -- C:\ProgramData\TEMP O43 - CFD: 2009/07/13 22:08:56 - [0] SHD -- C:\ProgramData\Templates O43 - CFD: 2015/09/20 12:07:12 - [] D -- C:\ProgramData\ThinkSky O43 - CFD: 2015/09/15 16:13:27 - [] D -- C:\ProgramData\Ulead Systems O43 - CFD: 2015/09/15 17:06:39 - [] D -- C:\ProgramData\VSO O43 - CFD: 2015/09/21 13:27:45 - [] D -- C:\ProgramData\Xilisoft O43 - CFD: 2015/09/15 03:04:11 - [] D -- C:\Program Files (x86)\Common Files\Acronis O43 - CFD: 2015/09/15 16:03:00 - [] D -- C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 2015/09/15 06:27:28 - [] D -- C:\Program Files (x86)\Common Files\Apple O43 - CFD: 2015/09/20 05:32:52 - [] D -- C:\Program Files (x86)\Common Files\DESIGNER O43 - CFD: 2015/09/15 11:16:32 - [] D -- C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 2015/10/01 10:42:30 - [] D -- C:\Program Files (x86)\Common Files\Intel O43 - CFD: 2015/09/15 11:17:22 - [] D -- C:\Program Files (x86)\Common Files\InterVideo O43 - CFD: 2015/09/15 04:33:51 - [] D -- C:\Program Files (x86)\Common Files\Java O43 - CFD: 2015/09/20 05:33:20 - [] D -- C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 2015/09/18 03:29:11 - [] D -- C:\Program Files (x86)\Common Files\Nero O43 - CFD: 2009/07/13 20:20:08 - [] D -- C:\Program Files (x86)\Common Files\Services O43 - CFD: 2015/09/15 04:42:01 - [] D -- C:\Program Files (x86)\Common Files\Skype O43 - CFD: 2009/07/13 20:20:08 - [] D -- C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 2015/09/20 05:29:26 - [] D -- C:\Program Files (x86)\Common Files\System O43 - CFD: 2015/09/16 04:58:31 - [] D -- C:\Program Files (x86)\Common Files\TechSmith Shared O43 - CFD: 2015/09/15 11:15:29 - [] D -- C:\Program Files (x86)\Common Files\Ulead Systems O43 - CFD: 2015/09/15 08:34:12 - [] D -- C:\Users\RA\AppData\Roaming\3D-Album O43 - CFD: 2015/09/15 03:05:37 - [] D -- C:\Users\RA\AppData\Roaming\Acronis O43 - CFD: 2015/09/15 17:50:58 - [] D -- C:\Users\RA\AppData\Roaming\Adobe O43 - CFD: 2015/09/20 05:28:14 - [] D -- C:\Users\RA\AppData\Roaming\ahelper O43 - CFD: 2015/10/01 06:50:03 - [] D -- C:\Users\RA\AppData\Roaming\AIMP3 O43 - CFD: 2015/09/20 05:37:07 - [] D -- C:\Users\RA\AppData\Roaming\Apple Computer O43 - CFD: 2015/10/04 06:13:23 - [] D -- C:\Users\RA\AppData\Roaming\Audacity O43 - CFD: 2015/09/15 06:55:48 - [] D -- C:\Users\RA\AppData\Roaming\Avira O43 - CFD: 2015/09/15 08:07:23 - [] D -- C:\Users\RA\AppData\Roaming\Babylon =>PUP.Optional.Babylon O43 - CFD: 2015/09/15 08:06:55 - [] D -- C:\Users\RA\AppData\Roaming\DAEMON Tools Lite O43 - CFD: 2015/10/07 04:18:32 - [] D -- C:\Users\RA\AppData\Roaming\DMCache O43 - CFD: 2015/09/26 01:50:37 - [] D -- C:\Users\RA\AppData\Roaming\Foxit Software O43 - CFD: 2015/10/02 10:50:21 - [] D -- C:\Users\RA\AppData\Roaming\GRETECH O43 - CFD: 2015/10/01 07:35:01 - [] D -- C:\Users\RA\AppData\Roaming\IcoFX2X O43 - CFD: 2015/09/15 02:44:15 - [] D -- C:\Users\RA\AppData\Roaming\Identities O43 - CFD: 2015/09/27 05:32:09 - [] D -- C:\Users\RA\AppData\Roaming\IDM O43 - CFD: 2015/09/22 05:17:34 - [] D -- C:\Users\RA\AppData\Roaming\iMobie O43 - CFD: 2015/09/15 11:32:37 - [] D -- C:\Users\RA\AppData\Roaming\Macromedia O43 - CFD: 2015/10/02 12:11:55 - [] D -- C:\Users\RA\AppData\Roaming\MAXON O43 - CFD: 2011/04/12 01:28:08 - [0] D -- C:\Users\RA\AppData\Roaming\Media Center Programs O43 - CFD: 2015/09/29 04:50:44 - [] SD -- C:\Users\RA\AppData\Roaming\Microsoft O43 - CFD: 2015/09/16 07:57:47 - [] D -- C:\Users\RA\AppData\Roaming\Mozilla O43 - CFD: 2015/09/18 03:29:06 - [] D -- C:\Users\RA\AppData\Roaming\Nero O43 - CFD: 2015/09/16 07:57:47 - [] D -- C:\Users\RA\AppData\Roaming\Netscape O43 - CFD: 2015/09/15 06:45:54 - [] D -- C:\Users\RA\AppData\Roaming\pdfforge O43 - CFD: 2015/09/16 07:57:21 - [] D -- C:\Users\RA\AppData\Roaming\Photodex O43 - CFD: 2015/09/15 04:11:30 - [] D -- C:\Users\RA\AppData\Roaming\RPEng O43 - CFD: 2015/09/16 07:11:36 - [] D -- C:\Users\RA\AppData\Roaming\Skype O43 - CFD: 2015/09/15 04:33:39 - [] D -- C:\Users\RA\AppData\Roaming\Sun O43 - CFD: 2015/09/16 05:07:52 - [] D -- C:\Users\RA\AppData\Roaming\TechSmith O43 - CFD: 2015/09/20 05:28:24 - [] D -- C:\Users\RA\AppData\Roaming\Teiron O43 - CFD: 2015/09/15 10:49:29 - [] D -- C:\Users\RA\AppData\Roaming\TeraCopy O43 - CFD: 2015/09/15 16:26:24 - [] D -- C:\Users\RA\AppData\Roaming\Ulead Systems O43 - CFD: 2015/09/15 08:07:53 - [] D -- C:\Users\RA\AppData\Roaming\URSoft O43 - CFD: 2015/10/08 04:03:09 - [] D -- C:\Users\RA\AppData\Roaming\uTorrent O43 - CFD: 2015/09/15 10:50:08 - [] D -- C:\Users\RA\AppData\Roaming\visviva O43 - CFD: 2015/10/02 15:12:32 - [] D -- C:\Users\RA\AppData\Roaming\vlc O43 - CFD: 2015/09/15 17:06:39 - [] D -- C:\Users\RA\AppData\Roaming\Vso O43 - CFD: 2015/09/15 02:54:50 - [] D -- C:\Users\RA\AppData\Roaming\WinRAR O43 - CFD: 2015/09/20 12:54:00 - [] D -- C:\Users\RA\AppData\Roaming\Xilisoft O43 - CFD: 2015/10/08 04:04:43 - [] D -- C:\Users\RA\AppData\Roaming\ZHP O43 - CFD: 2015/09/15 11:56:06 - [] D -- C:\Users\RA\AppData\Local\Adobe O43 - CFD: 2015/09/15 06:27:20 - [] D -- C:\Users\RA\AppData\Local\Apple O43 - CFD: 2015/09/15 06:28:33 - [] D -- C:\Users\RA\AppData\Local\Apple Computer O43 - CFD: 2015/09/15 02:44:00 - [0] SHD -- C:\Users\RA\AppData\Local\Application Data O43 - CFD: 2015/09/15 08:07:26 - [] D -- C:\Users\RA\AppData\Local\Babylon =>PUP.Optional.Babylon O43 - CFD: 2015/10/05 11:03:33 - [] D -- C:\Users\RA\AppData\Local\CrashDumps O43 - CFD: 2015/09/15 05:26:17 - [] D -- C:\Users\RA\AppData\Local\Diagnostics O43 - CFD: 2015/09/15 05:21:01 - [] D -- C:\Users\RA\AppData\Local\Google O43 - CFD: 2015/09/15 02:44:00 - [0] SHD -- C:\Users\RA\AppData\Local\History O43 - CFD: 2015/09/21 13:27:12 - [] D -- C:\Users\RA\AppData\Local\iMobie_Inc O43 - CFD: 2015/09/20 05:35:31 - [] D -- C:\Users\RA\AppData\Local\Microsoft O43 - CFD: 2015/09/20 05:29:08 - [0] D -- C:\Users\RA\AppData\Local\Microsoft Help O43 - CFD: 2015/09/15 04:23:09 - [] D -- C:\Users\RA\AppData\Local\Mozilla O43 - CFD: 2015/10/02 15:52:30 - [] D -- C:\Users\RA\AppData\Local\Next Limit O43 - CFD: 2015/09/27 05:05:41 - [0] D -- C:\Users\RA\AppData\Local\PDFCreator O43 - CFD: 2015/09/15 04:14:00 - [] D -- C:\Users\RA\AppData\Local\Programs O43 - CFD: 2015/09/15 07:55:43 - [] D -- C:\Users\RA\AppData\Local\Skype O43 - CFD: 2015/09/22 09:12:19 - [] D -- C:\Users\RA\AppData\Local\TechSmith O43 - CFD: 2015/10/08 04:04:46 - [] D -- C:\Users\RA\AppData\Local\Temp O43 - CFD: 2015/09/15 02:44:00 - [0] SHD -- C:\Users\RA\AppData\Local\Temporary Internet Files O43 - CFD: 2015/10/06 17:22:09 - [] D -- C:\Users\RA\AppData\Local\VirtualStore O43 - CFD: 2015/09/15 08:26:22 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3D-Album-CS O43 - CFD: 2009/07/13 21:54:32 - [] RD -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 2015/09/15 02:44:33 - [] RD -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 2015/09/15 05:59:15 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps O43 - CFD: 2015/09/25 20:26:09 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake O43 - CFD: 2015/09/16 14:07:13 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GISolution O43 - CFD: 2015/09/15 05:59:05 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 2015/09/15 04:34:56 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager O43 - CFD: 2015/09/20 12:07:07 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iTools 3 O43 - CFD: 2009/07/13 21:49:38 - [] RD -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 2015/10/01 12:08:13 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Next Limit O43 - CFD: 2015/09/15 02:44:33 - [] RD -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 2015/09/15 08:27:51 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visviva O43 - CFD: 2015/09/16 08:28:02 - [0] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WASEET303 O43 - CFD: 2015/09/15 04:39:01 - [] D -- C:\Users\RA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ---\\ Latest files created in Prefetcher (2) - 7s O45 - LFCP:[MD5.218465ACE0174C58936865D1BF882BCF] 2015/10/01 06:24:18 A -- C:\Windows\Prefetch\LUCKYBROWSE.EXE-B2199B63.pf =>PUP.Optional.LuckyBrowse O45 - LFCP:[MD5.5E299404A2CCF8D8EFBBBA3F2D3A9C3D] 2015/10/01 06:24:18 A -- C:\Windows\Prefetch\LUCKYBROWSESTARTER.EXE-7F3CB22C.pf =>PUP.Optional.LuckyBrowse ---\\ ShellIconOverlayIdentifiers (SIOI) (5) - 0s O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll © O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll © O106 - SIOI: Acronis True Image Shell Sync Error Icon Overlay Extension [AcronisSyncError] - {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}. (.Acronis - Acronis True Image Shell Extensions.) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll © O106 - SIOI: Acronis True Image Shell Sync In Progress Icon Overlay Extension [AcronisSyncInProgress] - {00F848DC-B1D4-4892-9C25-CAADC86A215D}. (.Acronis - Acronis True Image Shell Extensions.) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll © O106 - SIOI: Acronis True Image Shell Sync Ok Icon Overlay Extension [AcronisSyncOk] - {71573297-552E-46fc-BE3D-3DFAF88D47B7}. (.Acronis - Acronis True Image Shell Extensions.) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll © ---\\ ShareTools MSconfig StartupReg (12) - 2s O53 - SMSR:HKLM\...\startupreg\Acronis Scheduler2 Service [Key] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe © O53 - SMSR:HKLM\...\startupreg\AcronisTibMounterMonitor [Key] . (.Acronis - Acronis TIB Monitor.) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe © O53 - SMSR:HKLM\...\startupreg\AdobeAAMUpdater-1.0 [Key] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe © O53 - SMSR:HKLM\...\startupreg\avgnt [Key] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe © O53 - SMSR:HKLM\...\startupreg\Avira Systray [Key] . (.Avira Operations GmbH & Co. KG - Avira Launcher.) -- C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe © O53 - SMSR:HKLM\...\startupreg\DAEMON Tools Lite [Key] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe © O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe © O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe © O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe © O53 - SMSR:HKLM\...\startupreg\TrueImageMonitor.exe [Key] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe © O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe O53 - SMSR:HKLM\...\startupreg\UVS11 Preload [Key] . (.InterVideo Digital Technology Corporation - Ulead VideoStudio.) -- C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe ---\\ System Drivers List (61) - 5s O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [491088] © O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [339536] © O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\System32\drivers\adpu320.sys [182864] © O58 - SDL:2015/09/15 03:04:12 A . (.Acronis - File Level CDP Kernel Helper.) -- C:\Windows\System32\drivers\afcdp.sys [367200] © O58 - SDL:2009/07/13 18:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [15440] © O58 - SDL:2013/01/09 22:31:51 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [107904] © O58 - SDL:2009/07/13 18:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [194128] © O58 - SDL:2013/01/09 22:31:51 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [27008] © O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [87632] © O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [97856] © O58 - SDL:2009/06/19 19:09:57 A . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driv.) -- C:\Windows\System32\drivers\athrx.sys [1394688] © O58 - SDL:2015/08/06 20:58:22 A . (.Avira Operations GmbH & Co. KG - Avira Minifilter Driver.) -- C:\Windows\System32\drivers\avgntflt.sys [162528] © O58 - SDL:2015/08/06 20:58:22 A . (.Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement.) -- C:\Windows\System32\drivers\avipbb.sys [141416] © O58 - SDL:2015/08/06 20:58:22 A . (.Avira Operations GmbH & Co. KG - Avira Manager Driver.) -- C:\Windows\System32\drivers\avkmgr.sys [28600] © O58 - SDL:2015/08/06 20:58:22 A . (.Avira Operations GmbH & Co. KG - Avira WFP Network Driver.) -- C:\Windows\System32\drivers\avnetflt.sys [44088] © O58 - SDL:2009/06/10 13:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60a.sys [270848] © O58 - SDL:2009/06/10 13:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [18432] © O58 - SDL:2009/06/10 13:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [8704] © O58 - SDL:2009/07/13 18:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [286720] © O58 - SDL:2009/06/10 13:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [47104] © O58 - SDL:2009/06/10 13:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [14976] © O58 - SDL:2009/06/10 13:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [14720] © O58 - SDL:2009/06/10 13:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbda.sys [468480] © O58 - SDL:2009/07/13 18:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [17488] © O58 - SDL:2015/09/15 08:04:47 A . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\drivers\dtsoftbus01.sys [283200] © O58 - SDL:2009/07/13 18:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [530496] © O58 - SDL:2009/06/10 13:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbda.sys [3286016] © O58 - SDL:2015/09/15 03:03:50 A . (.Acronis International GmbH - Acronis Storage Filter Management Driver.) -- C:\Windows\System32\drivers\fltsrv.sys [108832] © O58 - SDL:2009/06/10 13:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [31232] © O58 - SDL:2010/11/20 20:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [78720] © O58 - SDL:2013/01/09 22:31:51 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\System32\drivers\iaStorV.sys [410496] © O58 - SDL:2015/06/11 19:00:58 A . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\drivers\idmwfp.sys [197616] © O58 - SDL:2015/05/26 21:02:50 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd64.sys [5375448] © O58 - SDL:2009/07/13 18:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [44112] © O58 - SDL:2012/10/02 09:34:28 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\drivers\IntcDAud.sys [342528] © O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [114752] © O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [106560] © O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [65600] © O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [115776] © O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [35392] © O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [284736] © O58 - SDL:2009/07/13 18:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [51264] © O58 - SDL:2013/01/09 22:31:51 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [148352] © O58 - SDL:2013/01/09 22:31:51 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [166272] © O58 - SDL:2009/07/13 18:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1524816] © O58 - SDL:2009/07/13 18:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [128592] © O58 - SDL:2009/06/10 13:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [23040] © O58 - SDL:2009/07/13 17:00:40 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\serial.sys [94208] © O58 - SDL:2009/07/13 18:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [43584] © O58 - SDL:2009/07/13 18:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [80464] © O58 - SDL:2015/09/15 03:03:50 A . (.Acronis - Acronis Snapshot API.) -- C:\Windows\System32\drivers\snapman.sys [233760] © O58 - SDL:2009/07/13 18:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [24656] © O58 - SDL:2015/09/15 03:04:10 A . (.Acronis International GmbH - Acronis Try&Decide Volume Filter Driver.) -- C:\Windows\System32\drivers\tdrpman.sys [1462560] © O58 - SDL:2015/09/15 03:04:08 A . (.Acronis International GmbH - Acronis Backup Archive Explorer.) -- C:\Windows\System32\drivers\tib.sys [1120032] © O58 - SDL:2015/09/15 03:04:08 A . (.Acronis - Acronis Backup Archive Mounter.) -- C:\Windows\System32\drivers\tib_mounter.sys [183224] © O58 - SDL:2015/06/10 23:08:36 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\drivers\usbaapl64.sys [54784] © O58 - SDL:2009/07/13 18:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [17488] © O58 - SDL:2015/09/15 03:03:59 A . (.Acronis International GmbH - Acronis Virtual Disk Driver.) -- C:\Windows\System32\drivers\vididr.sys [161568] © O58 - SDL:2015/09/15 03:03:54 A . (.Acronis International GmbH - Acronis Virtual Disk Storage Filter.) -- C:\Windows\System32\drivers\vidsflt.sys [117024] © O58 - SDL:2009/07/13 18:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [161872] © O58 - SDL:2015/09/15 02:04:00 A . (.StdLib - StdLib.) -- C:\Windows\System32\drivers\{08af550f-210b-44e5-9075-359e26d7bd75}Gw64.sys [48784] =>PUP.Optional.LinkiDoo ---\\ Last modified or created user files (6) - 6s O61 - LFC: 2015/10/02 10:48:44 A . (.Secure By Design Inc..) -- C:\Users\RA\Downloads\Ninite GOM Installer (1).exe [307200] O61 - LFC: 2015/10/02 10:48:43 A . (.Secure By Design Inc..) -- C:\Users\RA\Downloads\Ninite GOM Installer.exe [307200] O61 - LFC: 2015/09/30 17:12:48 A . (..) -- C:\Users\RA\Documents\KONAMI\Pro Evolution Soccer 2015\save\ML 01.bin [14962792] O61 - LFC: 2015/09/30 17:25:08 A . (..) -- C:\Users\RA\Documents\KONAMI\Pro Evolution Soccer 2015\save\SYSTEM.bin [136577] O61 - LFC: 2015/10/08 03:33:14 A . (.BitTorrent Inc..) -- C:\Users\RA\AppData\Roaming\uTorrent\updates\3.4.5_41202.exe [1822048] O61 - LFC: 2015/10/08 03:28:07 A . (..) -- C:\Users\RA\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [674082] ---\\ File Associations Shell Spawning (11) - 0s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe © O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe © O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe © O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe © O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe © O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe © ---\\ Start Menu Internet (10) - 0s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe © ---\\ Search Browser Infection (5) - 4s O69 - SBI: prefs.js [RA - ktrv81ik.default] user_pref("browser.search.defaultenginename", "oursurfing"); =>PUP.Optional.OurSurfing O69 - SBI: prefs.js [RA - ktrv81ik.default] user_pref("browser.startup.homepage", "http://www.oursurfing.com/?type=hp&ts=1442316437&z=62b27fb71459e23e1804b09cb4cff176gzzocgqz[...] =>PUP.Optional.OurSurfing O69 - SBI: prefs.js [RA - ktrv81ik.default] user_pref("extensions.quick_start.enable_search1", false); =>PUP.Optional.QuickStart O69 - SBI: prefs.js [RA - ktrv81ik.default] user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); =>PUP.Optional.QuickStart O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com/ =>PUP.Optional.Babylon ---\\ Crack & Keygen Files (1) - 23s O82 - LFC: 2014/09/06 06:03:48 A . (...) -- C:\Users\RA\Desktop\Cinema 4D R16 by Traylix\KeyGen.exe [110080] =>.Crack,Keygen ---\\ Search Svchost Services (33) - 1s O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192] © O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] © O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [80384] © O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\system32\srvsvc.dll [236032] © O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [777728] © O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [853504] © O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [679424] © O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328] © O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064] © O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] © O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [64512] © O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424] © O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] © O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [680960] © O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [2420736] © O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920] © O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] © O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [569344] © O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720] © O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70656] © O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\system32\iscsiexe.dll [156672] © O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\system32\mmcss.dll [67584] © O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688] © O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [121856] © O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136704] © O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104] © O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\system32\schedsvc.dll [1110016] © O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\system32\kmsvc.dll [90624] © O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480] © O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [209920] © O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\system32\themeservice.dll [44544] © O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864] © O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [193536] © ---\\ Firewall Active Exception List (24) - 3s O87 - FAEL: "{677F4951-7A18-477A-B0BC-AAB364F4F60E}" [In-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{227A7362-07E7-468D-998B-644C079ABF47}" [Out-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{508E8CA4-B717-4251-A6B2-096ACEC864E7}" [In-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{04D205C5-2A6F-42A8-93B2-E85A8F8B7600}" [In-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{076739BE-D578-4BC1-82FF-E57646F31CBC}" [In-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{22568D40-324E-4B0D-BFDF-49E4C2B4D740}" [Out-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\RA\AppData\Roaming\uTorrent\uTorrent.exe O87 - FAEL: "{38D28DA5-5972-40AF-9419-49C8C606077B}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe =>PUP.Optional.LuckyBrowse O87 - FAEL: "{B225FAD3-DB00-4F68-AB40-5BA4D90F594B}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe =>PUP.Optional.LuckyBrowse O87 - FAEL: "{E6503CE9-2A14-44B0-B568-0142A85A11BE}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe (.not file.) =>PUP.Optional.SimpleFiles O87 - FAEL: "{D700A30C-43DE-4E76-8A17-2794D2F910F7}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe (.not file.) =>PUP.Optional.SimpleFiles O87 - FAEL: "{1CA9022D-50EE-47A9-A4EC-A2C258FA4959}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\SimpleFiles\downloader.exe (.not file.) =>PUP.Optional.SimpleFiles O87 - FAEL: "{DD476983-7F25-44FC-A458-3A031887F3AD}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\SimpleFiles\downloader.exe (.not file.) =>PUP.Optional.SimpleFiles O87 - FAEL: "TCP Query User{83A5000D-E15D-4FC9-97A7-99CA50D28531}C:\program files (x86)\pp助手2.0\adevicehelpermon.exe" [In-None-P6-TRUE] .(.广州铁人网络科技有限公司 - PP助手连接模块.) -- C:\program files (x86)\pp助手2.0\adevicehelpermon.exe O87 - FAEL: "UDP Query User{75878CE8-9EEF-4014-94B7-698875742A3A}C:\program files (x86)\pp助手2.0\adevicehelpermon.exe" [In-None-P17-TRUE] .(.广州铁人网络科技有限公司 - PP助手连接模块.) -- C:\program files (x86)\pp助手2.0\adevicehelpermon.exe O87 - FAEL: "TCP Query User{6118AE21-35BC-44E1-A70C-57C6CD5EF75C}C:\program files (x86)\pp助手2.0\ihelper.exe" [In-None-P6-TRUE] .(.广州铁人网络科技有限公司 - PP助手.) -- C:\program files (x86)\pp助手2.0\ihelper.exe O87 - FAEL: "UDP Query User{973635D5-0115-4D88-8BCA-0AF1A4189F03}C:\program files (x86)\pp助手2.0\ihelper.exe" [In-None-P17-TRUE] .(.广州铁人网络科技有限公司 - PP助手.) -- C:\program files (x86)\pp助手2.0\ihelper.exe O87 - FAEL: "TCP Query User{BB529EBB-243A-4E07-86DC-CB6A14C2E656}C:\program files\maxon\net render r13 client\net render client 64 bit.exe" [In-None-P6-TRUE] .(.MAXON Computer GmbH - CINEMA 4D ®.) -- C:\program files\maxon\net render r13 client\net render client 64 bit.exe O87 - FAEL: "UDP Query User{DACA32F3-1522-491F-AC77-8264D7AF5C2C}C:\program files\maxon\net render r13 client\net render client 64 bit.exe" [In-None-P17-TRUE] .(.MAXON Computer GmbH - CINEMA 4D ®.) -- C:\program files\maxon\net render r13 client\net render client 64 bit.exe O87 - FAEL: "TCP Query User{1CF7F0CC-DB5B-4A99-BFB1-E7BC203D2BB7}C:\program files\maxon\net render r13 client\net render client.exe" [In-None-P6-TRUE] .(.MAXON Computer GmbH - CINEMA 4D ®.) -- C:\program files\maxon\net render r13 client\net render client.exe O87 - FAEL: "UDP Query User{D1FE0AE9-0DCD-4071-ABDA-CACEE216A417}C:\program files\maxon\net render r13 client\net render client.exe" [In-None-P17-TRUE] .(.MAXON Computer GmbH - CINEMA 4D ®.) -- C:\program files\maxon\net render r13 client\net render client.exe O87 - FAEL: "TCP Query User{91F48FA9-CD3A-4C95-ACCB-BAAB7AA1FC4F}C:\program files\next limit\realflow 5\realflow.exe" [In-None-P6-TRUE] .(...) -- C:\program files\next limit\realflow 5\realflow.exe O87 - FAEL: "UDP Query User{7A5B5ADB-86D5-4634-9C03-EDA3B71535B6}C:\program files\next limit\realflow 5\realflow.exe" [In-None-P17-TRUE] .(...) -- C:\program files\next limit\realflow 5\realflow.exe O87 - FAEL: "TCP Query User{F0F03629-CFEB-4726-A626-EF6F4B641D8A}C:\program files\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe" [In-None-P6-TRUE] .(.MAXON Computer GmbH - CineRender.) -- C:\program files\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe O87 - FAEL: "UDP Query User{98F9D3E5-73E5-4BE4-8FDB-282677C20E4D}C:\program files\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe" [In-None-P17-TRUE] .(.MAXON Computer GmbH - CineRender.) -- C:\program files\adobe\adobe after effects cc 2014\support files\plug-ins\maxon cineware ae\(cineware support)\bin\cinerender 64bit.exe ---\\ Services not Microsoft (SR=Run, SS=Stop) (22) - 16s SR - Auto [2013/02/15 13:01:52] [ 1143720] Acronis Scheduler2 Service (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe © SR - Auto [2011/07/28 17:35:44] [ 262144] Arp Intelligent Protection Service (AIPS) . (.Arcai.com.) - C:\Program Files (x86)\netcut\services\aips.exe © SS - Auto [2015/08/06 20:58:22] [ 887128] Avira Mail Protection (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe © SR - Auto [2015/08/06 20:58:24] [ 461672] Avira Scheduler (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe © SR - Auto [2015/08/06 20:58:22] [ 461672] Avira Real-Time Protection (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe © SS - Disabled [2015/08/06 20:58:22] [ 1213072] Avira Web Protection (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe © SR - Auto [2015/05/29 18:51:26] [ 77128] Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe © SR - Auto [2015/08/13 12:01:24] [ 228104] Avira Service Host (Avira.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe © SR - Auto [2007/03/06 10:35:02] [ 198168] Capture Device Service (Capture Device Service) . (.InterVideo Inc..) - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe © SS - Demand [2015/06/04 22:21:38] [ 280680] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe © SS - Auto [2015/09/15 04:24:00] [ 107848] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe © SS - Demand [2015/09/15 04:24:00] [ 107848] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe © SR - Demand [2012/04/24 14:37:56] [ 169752] Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe © SR - Auto [2015/09/09 03:20:12] [ 268520] ihpmServer (ihpmServer) . (.Copyright 2015. All rights reserved..) - C:\Program Files (x86)\RayDld\ihpmServer.exe =>PUP.Optional.CrossRider SS - Demand [2015/08/13 02:43:14] [ 644880] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe © SS - Auto [2015/09/15 04:27:36] [ 281600] LuckyBrowse (LuckyBrowse) . (...) - C:\Program Files (x86)\LuckyBrowse\app\luckyBrowseStarter.exe =>PUP.Optional.LuckyBrowse SS - Demand [2015/08/26 05:46:31] [ 149160] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe © SR - Auto [2014/08/13 22:52:34] [ 118496] PP Assistant Service (PP Assistant Service) . (.(C) 广州铁人网络科技有限公司。保留所有权利。.) - C:\Program Files (x86)\PP助手2.0\adevicehelpersvr.exe SR - Auto [2015/09/16 07:57:34] [ 186760] ScsiAccess (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe SS - Auto [2015/07/09 13:14:04] [ 327296] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe © SR - Auto [2013/03/20 19:28:20] [ 7084672] Acronis Sync Agent Service (syncagentsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe © ---\\ Additional Scan (O88) (22) - 1s C:\Program Files (x86)\RayDld\ihpmServer.exe =>PUP.Optional.CrossRider C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe =>PUP.Optional.LuckyBrowse HKLM\SYSTEM\CurrentControlSet\Services\ihpmServer =>PUP.Optional.CrossRider HKLM\SYSTEM\CurrentControlSet\Services\LuckyBrowse =>PUP.Optional.LuckyBrowse C:\Program Files (x86)\LuckyBrowse\app\luckyBrowseStarter.exe =>PUP.Optional.LuckyBrowse HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ski Search =>PUP.Optional.SkiSearch HKLM\SOFTWARE\Wow6432Node\Babylon =>PUP.Optional.Babylon HKLM\SOFTWARE\Wow6432Node\BabylonToolbar =>PUP.Optional.Babylon HKLM\SOFTWARE\Wow6432Node\LuckyBrowse =>PUP.Optional.LuckyBrowse HKLM\SOFTWARE\Wow6432Node\RayDld =>PUP.Optional.CrossRider HKLM\SOFTWARE\Wow6432Node\Ski Search =>PUP.Optional.SkiSearch HKCU\SOFTWARE\Ski Search =>PUP.Optional.SkiSearch C:\Program Files (x86)\LuckyBrowse =>PUP.Optional.LuckyBrowse C:\Program Files (x86)\RayDld =>PUP.Optional.CrossRider C:\Program Files (x86)\Ski Search =>PUP.Optional.SkiSearch C:\ProgramData\Babylon =>PUP.Optional.Babylon C:\ProgramData\LuckyBrowse =>PUP.Optional.LuckyBrowse C:\Users\RA\AppData\Roaming\Babylon =>PUP.Optional.Babylon C:\Users\RA\AppData\Local\Babylon =>PUP.Optional.Babylon C:\Windows\Prefetch\LUCKYBROWSE.EXE-B2199B63.pf =>PUP.Optional.LuckyBrowse C:\Windows\Prefetch\LUCKYBROWSESTARTER.EXE-7F3CB22C.pf =>PUP.Optional.LuckyBrowse C:\Windows\System32\drivers\{08af550f-210b-44e5-9075-359e26d7bd75}Gw64.sys =>PUP.Optional.LinkiDoo ---\\ Summary of the elements found (8) - 0s http://www.nicolascoolman.fr/pup-crossrider/ =>PUP.Optional.CrossRider http://www.nicolascoolman.fr/blog =>PUP.Optional.LuckyBrowse http://www.nicolascoolman.fr/blog =>PUP.Optional.OurSurfing http://www.nicolascoolman.fr/pup-optional-skisearch/ =>PUP.Optional.SkiSearch http://www.nicolascoolman.fr/pup-babylon/ =>PUP.Optional.Babylon http://www.nicolascoolman.fr/pup-linkidoo/ =>PUP.Optional.LinkiDoo http://www.nicolascoolman.fr/pup-quickstart/ =>PUP.Optional.QuickStart http://www.nicolascoolman.fr/blog =>PUP.Optional.SimpleFiles ~ End of the scan, 19602 items in 113 seconds (853)(1)()