~ ZHPDiag v2015.11.28.175 By Nicolas Coolman (2015/11/25) ~ Run by pr (Administrator) (2015/11/29 12:16:53) ~ Web: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ State version: Version OK ~ Mode: Scan ~ Report: C:\Users\pr\Desktop\ZHPDiag.txt ~ Report: C:\Users\pr\AppData\Roaming\ZHP\ZHPDiag.txt ~ UAC: Deactivate ~ System startup: Normal (Normal boot) Windows 7 Ultimate, 32-bit (Build 7600) ---\\ Internet Browsers (3) - 0s GCIE: Google Chrome v46.0.2490.86 MFIE: Mozilla Firefox 28.0 (x86 fr) v28.0 MSIE: Internet Explorer v9.0.8112.16421 ---\\ Windows Product Information (4) - 3s ~ Windows Server License Manager Script : OK ~ Licence Script File Génération : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System protection software (3) - 17s Avast Premier v11.1.2241 Malwarebytes Anti-Malware version 2.2.0.1024 Windows Defender W7 (Activate) ---\\ System protection software (Superfluous) (1) - 17s Spybot - Search & Destroy v1.6.2 ---\\ System optimization software (1) - 17s CCleaner v5.10 ---\\ Surveillance software (2) - 17s Adobe Flash Player 19 ActiveX Adobe Reader XI ---\\ Information on the system (6) - 0s ~ Operating System: x86 Family 6 Model 15 Stepping 2, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) Total RAM: 3144.184 MB (24% free) System Restore: Activé (Enable) System drive C: has 121 GB () free of 205 GB ---\\ Connection to the system mode (3) - 0s ~ Computer Name: PR-PC ~ User Name: pr ~ Logged in as Administrator ---\\ Enumeration of the disk units (2) - 0s ~ Drive C: has 121 GB free of 205 GB (System) ~ Drive D: has 87 GB free of 99 GB ---\\ State of the Windows Security Center (13) - 0s [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ---\\ Search Generic System Files (24) - 1s [MD5.2626FC9755BE22F805D3CFA0CE3EE727] - 31/10/2009 - (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\Explorer.exe [2614272] © [MD5.51138BEEA3E2C21EC44D0932C71762A8] - 14/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\rundll32.exe [44544] © [MD5.B5C5DCAD3899512020D135600129D665] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\Windows\System32\Wininit.exe [96256] © [MD5.C36E38AD3C7FAFF0E30C4CBCB28CE7FB] - 21/11/2013 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\Windows\System32\wininet.dll [1129472] © [MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - 28/10/2009 - (.Microsoft Corporation - Windows Logon Application.) -- C:\Windows\System32\Winlogon.exe [285696] © [MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - 14/07/2009 - (.Microsoft Corporation - Software Licensing Library.) -- C:\Windows\System32\sppcomapi.dll [193024] © [MD5.62390F4ACE9E2B63E3CA26B7F7497897] - 03/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\Windows\System32\dnsapi.dll [269824] © [MD5.DDC040FDB01EF1712A6B13E52AFB104C] - 14/07/2009 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [338944] © [MD5.338C86357871C167A96AB976519BF59E] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [21584] © [MD5.77EA11B065E0A8AB902D78145CA51E10] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [70656] © [MD5.BA6E70AA0E6091BC39DE29477D866A77] - 14/07/2009 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [108544] © [MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - 14/07/2009 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [78336] © [MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - 14/07/2009 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [108544] © [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\drivers\i8042prt.sys [80896] © [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [101888] © [MD5.B4C76EF46322A9711C7B0F4E21EF6EA5] - 23/02/2011 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [123392] © [MD5.DD52A733BF4CA5AF84562A5E2F963B91] - 14/07/2009 - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [187904] © [MD5.3795DCD21F740EE799FB7223234215AF] - 14/07/2009 - (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\drivers\ntfs.sys [1210432] © [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\drivers\Parport.sys [79360] © [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - 14/07/2009 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [78848] © [MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - 14/07/2009 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [133120] © [MD5.3E21C083B8A01CB70BA1F09303010FCE] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [71168] © [MD5.CB39E896A2A83702D1737BFD402B3542] - 14/07/2009 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [74240] © [MD5.58DF9D2481A56EDDE167E51B334D44FD] - 14/07/2009 - (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\drivers\volsnap.sys [245328] © ---\\ Software installed (83) - 34s O42 - Logiciel: 7-Zip 9.20 - (...) [HKLM] -- 7-Zip O42 - Logiciel: Adobe Flash Player 19 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX © O42 - Logiciel: Adobe Photoshop CS5 - (.Adobe Systems Incorporated.) [HKLM] -- {15FEDA5F-141C-4127-8D7E-B962D1742728} © O42 - Logiciel: Adobe Reader XI (11.0.13) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001} © O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-0804-1033-1959-001824161310} © O42 - Logiciel: AMD Accelerated Video Transcoding - (.Advanced Micro Devices, Inc..) [HKLM] -- {7F644A4B-C9A7-E419-BFD9-75DFA0EE57DB} © O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM] -- {A25FF1C0-80B6-4B8B-A551-DC525697A408} © O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM] -- {B448BC74-1CB7-7A57-3313-5E075AFB413E} © O42 - Logiciel: AMD Drag and Drop Transcoding - (.Advanced Micro Devices, Inc..) [HKLM] -- {DBA18992-B9F3-950D-E973-6ED23422EA73} © O42 - Logiciel: AMD Media Foundation Decoders - (.Advanced Micro Devices, Inc..) [HKLM] -- {3DF7D356-6225-8717-AFC2-91D5C1521036} © O42 - Logiciel: Any Video Converter Ultimate 5.8.0 - (.Any-Video-Converter.com.) [HKLM] -- Any Video Converter Ultimate_is1 O42 - Logiciel: Audacity 1.2.6 and lame_enc.dll 3.97 - (.--.) [HKLM] -- Audacity + Lame_is1 O42 - Logiciel: Avast Premier - (.AVAST Software.) [HKLM] -- avast © O42 - Logiciel: Boris Graffiti - (.Boris FX, Inc..) [HKLM] -- {262BF2CD-601D-4F43-919C-4B00B1D1F338} O42 - Logiciel: Catalyst Control Center - (.Advanced Micro Devices, Inc..) [HKLM] -- {EBBD4FE6-91DA-C397-6D56-FE85DBF24FCF} © O42 - Logiciel: Catalyst Control Center - Branding - (.Advanced Micro Devices, Inc..) [HKLM] -- {88B2ABCF-9C00-47C1-8FC4-369B98845DD7} © O42 - Logiciel: Catalyst Control Center Graphics Previews Common - (.Advanced Micro Devices, Inc..) [HKLM] -- {D4236B82-213F-679E-09A2-9AEB5EF4CADC} © O42 - Logiciel: Catalyst Control Center InstallProxy - (.Advanced Micro Devices, Inc..) [HKLM] -- {28164BD8-81EA-639A-85E9-E659E3EE6DA7} © O42 - Logiciel: Catalyst Control Center Localization All - (.Advanced Micro Devices, Inc..) [HKLM] -- {BD96ABD3-D1D4-5513-6C60-11476D6DCFC5} © O42 - Logiciel: CCC Help Chinese Standard - (.Advanced Micro Devices, Inc..) [HKLM] -- {4745F6F8-09DA-CC39-EC19-0E8D764CF2B7} © O42 - Logiciel: CCC Help Chinese Traditional - (.Advanced Micro Devices, Inc..) [HKLM] -- {25A7270E-1B63-DFD1-ACBC-88852A305398} © O42 - Logiciel: CCC Help Czech - (.Advanced Micro Devices, Inc..) [HKLM] -- {15A05AAA-37E7-D516-5BE9-C960C2170403} © O42 - Logiciel: CCC Help Danish - (.Advanced Micro Devices, Inc..) [HKLM] -- {2E69E784-F84A-9A18-7D8E-4EB8504EEE1E} © O42 - Logiciel: CCC Help Dutch - (.Advanced Micro Devices, Inc..) [HKLM] -- {58771CF6-F212-CC4D-61B1-45CC70B6375C} © O42 - Logiciel: CCC Help English - (.Advanced Micro Devices, Inc..) [HKLM] -- {00F14E5B-E07A-2A1E-6788-580773CE1486} © O42 - Logiciel: CCC Help Finnish - (.Advanced Micro Devices, Inc..) [HKLM] -- {B09567CC-E43F-10F1-752D-549AC7FB0C43} © O42 - Logiciel: CCC Help French - (.Advanced Micro Devices, Inc..) [HKLM] -- {C39C7876-4D21-8A38-0A42-B5C8858EC6C7} © O42 - Logiciel: CCC Help German - (.Advanced Micro Devices, Inc..) [HKLM] -- {9A7F1628-2126-34A5-852D-2B93328BCF3F} © O42 - Logiciel: CCC Help Greek - (.Advanced Micro Devices, Inc..) [HKLM] -- {911904DE-EBB6-BC8E-D5BD-762B7DB42C46} © O42 - Logiciel: CCC Help Hungarian - (.Advanced Micro Devices, Inc..) [HKLM] -- {4FA31DE2-B613-24BB-1738-B655C00B1C9D} © O42 - Logiciel: CCC Help Italian - (.Advanced Micro Devices, Inc..) [HKLM] -- {6D5CE5F1-CBB0-9ED4-1A1E-91DDCD6225FD} © O42 - Logiciel: CCC Help Japanese - (.Advanced Micro Devices, Inc..) [HKLM] -- {362614E4-9ABB-E7A7-CDDC-239AB168060A} © O42 - Logiciel: CCC Help Korean - (.Advanced Micro Devices, Inc..) [HKLM] -- {812B956B-37AB-24B9-4527-78A6D3ECE7F8} © O42 - Logiciel: CCC Help Norwegian - (.Advanced Micro Devices, Inc..) [HKLM] -- {B170B91D-E8E3-A6A3-D129-D8E36FEA8A0B} © O42 - Logiciel: CCC Help Polish - (.Advanced Micro Devices, Inc..) [HKLM] -- {83293709-B863-0EF6-00DA-B026D486E8B5} © O42 - Logiciel: CCC Help Portuguese - (.Advanced Micro Devices, Inc..) [HKLM] -- {9903011B-5F1D-A2A1-8078-EE62B3324CCE} © O42 - Logiciel: CCC Help Russian - (.Advanced Micro Devices, Inc..) [HKLM] -- {AE6C422B-DADB-D547-411C-E9E56DF03D16} © O42 - Logiciel: CCC Help Spanish - (.Advanced Micro Devices, Inc..) [HKLM] -- {707210B0-29F1-C550-BA96-6ECDA245CF24} © O42 - Logiciel: CCC Help Swedish - (.Advanced Micro Devices, Inc..) [HKLM] -- {FCEFDA6B-63CD-BB17-B845-478A42E24D39} © O42 - Logiciel: CCC Help Thai - (.Advanced Micro Devices, Inc..) [HKLM] -- {21E9850E-58C2-FA88-D5AD-B64D253B8F82} © O42 - Logiciel: CCC Help Turkish - (.Advanced Micro Devices, Inc..) [HKLM] -- {0A036215-0A8D-6FBE-7EA3-7AED4F9E162A} © O42 - Logiciel: ccc-utility - (.Advanced Micro Devices, Inc..) [HKLM] -- {8D5B19AA-3D3A-5870-C9A0-346EBC5DB21E} © O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner © O42 - Logiciel: CDex - Open Source Digital Audio CD Extractor - (.Georgy Berdyshev.) [HKLM] -- CDex © O42 - Logiciel: dBpowerAMP Music Converter - (...) [HKLM] -- dBpowerAMP Music Converter O42 - Logiciel: EPSON Scan - (.Seiko Epson Corporation.) [HKLM] -- EPSON Scanner © O42 - Logiciel: EPSON SX420W Series Printer Uninstall - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON SX420W Series © O42 - Logiciel: Funny Photo Maker 2.4.2 - (.Funny-Photo-Maker.com.) [HKLM] -- Funny Photo Maker_is1 O42 - Logiciel: GIMP 2.8.14 - (.The GIMP Team.) [HKLM] -- GIMP-2_is1 © O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome © O42 - Logiciel: Google Input Tools - (.Google Inc..) [HKLM] -- GoogleInputFramework © O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} © O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} © O42 - Logiciel: InstantPhotoSketch 2.0 - (.CPSSoftware.) [HKLM] -- {5A76F86F-C0E5-4755-BD6C-4FC627F17033}_is1 © O42 - Logiciel: Keyman Package - Helabasa - (...) [HKLM] -- Keyman Package Helabasa O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.0.1024 - (.Malwarebytes.) [HKLM] -- Malwarebytes Anti-Malware_is1 © O42 - Logiciel: Mozilla Firefox 28.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 28.0 (x86 fr) © O42 - Logiciel: Nero Burning ROM 10 - (.Nero AG.) [HKLM] -- {FE83F463-7E61-4B18-9FA0-B94B90A0B6B9} © O42 - Logiciel: Nero BurningROM 10 Help (CHM) - (.Nero AG.) [HKLM] -- {9B6B24BE-80E7-46C4-9FA5-B167D5E0F345} © O42 - Logiciel: Nero BurnRights 10 - (.Nero AG.) [HKLM] -- {943CFD7D-5336-47AF-9418-E02473A5A517} © O42 - Logiciel: Nero BurnRights 10 Help (CHM) - (.Nero AG.) [HKLM] -- {555868C6-49FB-484F-BB43-8980651A1B00} © O42 - Logiciel: Nero Control Center 10 - (.Nero AG.) [HKLM] -- {6DFB899F-17A2-48F0-A533-ED8D6866CF38} © O42 - Logiciel: Nero ControlCenter 10 Help (CHM) - (.Nero AG.) [HKLM] -- {523B2B1B-D8DB-4B41-90FF-C4D799E2758A} © O42 - Logiciel: Nero Core Components 10 - (.Nero AG.) [HKLM] -- {2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F} © O42 - Logiciel: PDF Settings CS5 - (.Adobe Systems Incorporated.) [HKLM] -- {A78FE97A-C0C8-49CE-89D0-EDD524A17392} © O42 - Logiciel: Pinnacle Studio 12 - (.Pinnacle Systems.) [HKLM] -- {D041EB9E-890A-4098-8F94-51DA194AC72A} © O42 - Logiciel: Pinnacle Studio 12 Ultimate Plugins - (.Pinnacle Systems.) [HKLM] -- {D1860E6E-520E-4380-8433-E58E8F88B473} © O42 - Logiciel: Pinnacle Studio 15 - (.Pinnacle Systems.) [HKLM] -- {1362E602-9625-42D3-B57F-CDA9D26F9DA8} © O42 - Logiciel: Pinnacle Video Driver - (.Pinnacle Systems.) [HKLM] -- {6DE721A5-5E89-4D74-994C-652BB3C0672E} © O42 - Logiciel: proDAD Heroglyph 2.5 - (...) [HKLM] -- proDAD-Heroglyph-2.5 O42 - Logiciel: SafeZone Stable 1.46.1990.55 - (.Avast Software.) [HKLM] -- SafeZone 1.46.1990.55 © O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM] -- {B6CF2967-C81E-40C0-9815-C05774FEF120} © O42 - Logiciel: Skype™ 7.12 - (.Skype Technologies S.A..) [HKLM] -- {6A0549A9-1B96-498C-ACBC-3943001FEB19} © O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 O42 - Logiciel: Studio 11 Bonus DVD - (.Pinnacle Systems.) [HKLM] -- {45A1BF92-700A-4408-B95E-79F462E3D67D} © O42 - Logiciel: Studio Premium Pack 2 - (...) [HKLM] -- {20CCB867-C95A-4604-A743-0DB5C88E792E} O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726} © O42 - Logiciel: Tavultesoft Keyman 6.0 - (...) [HKLM] -- Tavultesoft Keyman 6.0 O42 - Logiciel: Teller Of Future (Sinhala) (C:\Program Files\ - (...) [HKLM] -- ST5UNST #2 O42 - Logiciel: This PC - (.Aquaform Corporation.) [HKLM] -- This PC1.1 O42 - Logiciel: Vistaprint Livres photo - (.Vistaprint.) [HKCU] -- {70B0F1A3-D243-4FB9-B2C8-074350115F98}_is1 © O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM] -- VLC media player © O42 - Logiciel: WinRAR 5.21 beta 1 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver © ---\\ HKCU & HKLM Software Keys (147) - 34s HKLM\SOFTWARE\4Sync HKLM\SOFTWARE\7-Zip HKLM\SOFTWARE\ABBYY HKLM\SOFTWARE\Adobe HKLM\SOFTWARE\AdwCleaner HKLM\SOFTWARE\AMD HKLM\SOFTWARE\AppDataLow HKLM\SOFTWARE\Apple Computer, Inc. HKLM\SOFTWARE\Ashampoo HKLM\SOFTWARE\Astralax HKLM\SOFTWARE\ASUS HKLM\SOFTWARE\ATI HKLM\SOFTWARE\ATI Technologies HKLM\SOFTWARE\Auslogics HKLM\SOFTWARE\AVAST Software HKLM\SOFTWARE\Avid HKLM\SOFTWARE\AVS4YOU HKLM\SOFTWARE\Boris FX, Inc. HKLM\SOFTWARE\BrowserChoice HKLM\SOFTWARE\CDDB HKLM\SOFTWARE\DivX HKLM\SOFTWARE\EPSON HKLM\SOFTWARE\FAST Multimedia HKLM\SOFTWARE\Foxit Software HKLM\SOFTWARE\Freemake HKLM\SOFTWARE\Gabest HKLM\SOFTWARE\GEAR Software HKLM\SOFTWARE\Google HKLM\SOFTWARE\HaaliMkx HKLM\SOFTWARE\HitmanPro HKLM\SOFTWARE\IM Providers HKLM\SOFTWARE\IncrediMail HKLM\SOFTWARE\Intel HKLM\SOFTWARE\JavaSoft HKLM\SOFTWARE\JreMetrics HKLM\SOFTWARE\Khronos HKLM\SOFTWARE\KoshyJohn.com HKLM\SOFTWARE\LAV HKLM\SOFTWARE\Macromedia HKLM\SOFTWARE\Malwarebytes' Anti-Malware HKLM\SOFTWARE\Microimage HKLM\SOFTWARE\Mozilla HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\MozillaPlugins HKLM\SOFTWARE\NCH Software HKLM\SOFTWARE\Nero HKLM\SOFTWARE\Norton HKLM\SOFTWARE\ODBC HKLM\SOFTWARE\Opera Software HKLM\SOFTWARE\Pegasus Imaging HKLM\SOFTWARE\PegasusImaging HKLM\SOFTWARE\Pinnacle Systems HKLM\SOFTWARE\Piriform HKLM\SOFTWARE\proDAD HKLM\SOFTWARE\RealNetworks HKLM\SOFTWARE\RegisteredApplications HKLM\SOFTWARE\Safer Networking Limited HKLM\SOFTWARE\SAS Institute Inc. HKLM\SOFTWARE\Skype HKLM\SOFTWARE\Sonic HKLM\SOFTWARE\SONIX HKLM\SOFTWARE\Sony Corporation HKLM\SOFTWARE\Symantec HKLM\SOFTWARE\Tavultesoft HKLM\SOFTWARE\VideoLAN HKLM\SOFTWARE\Volatile HKLM\SOFTWARE\WinRAR HKLM\SOFTWARE\Wow6432Node HKLM\SOFTWARE\Xing Technology Corp. HKLM\SOFTWARE\Xpress Software HKCU\SOFTWARE\553EB3D537C61AC0 =>PUP.Optional.Heuristic HKCU\SOFTWARE\7-Zip HKCU\SOFTWARE\ABBYY HKCU\SOFTWARE\Adobe HKCU\SOFTWARE\Aiseesoft Studio HKCU\SOFTWARE\AMD HKCU\SOFTWARE\AMS Software HKCU\SOFTWARE\Anvsoft HKCU\SOFTWARE\AppDataLow HKCU\SOFTWARE\Apple Computer, Inc. HKCU\SOFTWARE\Apple Inc. HKCU\SOFTWARE\ASProtect HKCU\SOFTWARE\Astralax HKCU\SOFTWARE\ATI HKCU\SOFTWARE\Audacity HKCU\SOFTWARE\AVAST Software HKCU\SOFTWARE\AVS4YOU HKCU\SOFTWARE\Brorsoft HKCU\SOFTWARE\CDDB HKCU\SOFTWARE\Clubic HKCU\SOFTWARE\ContactKeeper HKCU\SOFTWARE\Datastead HKCU\SOFTWARE\DivXNetworks HKCU\SOFTWARE\Efofex Software HKCU\SOFTWARE\EPSON HKCU\SOFTWARE\Foxit Software HKCU\SOFTWARE\FreeDownloadManager.ORG HKCU\SOFTWARE\Freemake HKCU\SOFTWARE\Gabest HKCU\SOFTWARE\Google HKCU\SOFTWARE\Haali HKCU\SOFTWARE\Illustrate HKCU\SOFTWARE\IM Providers HKCU\SOFTWARE\LAV HKCU\SOFTWARE\Licenses HKCU\SOFTWARE\Macromedia HKCU\SOFTWARE\Malwarebytes' Anti-Malware HKCU\SOFTWARE\Mediachance HKCU\SOFTWARE\mozilla HKCU\SOFTWARE\MozillaPlugins HKCU\SOFTWARE\MPC-HC HKCU\SOFTWARE\NCH Software HKCU\SOFTWARE\Netscape HKCU\SOFTWARE\Nitro PDF HKCU\SOFTWARE\ODBC HKCU\SOFTWARE\Ongkara software HKCU\SOFTWARE\Opera Software HKCU\SOFTWARE\Pinnacle Systems HKCU\SOFTWARE\Piriform HKCU\SOFTWARE\proDAD HKCU\SOFTWARE\RealNetworks HKCU\SOFTWARE\Regressi HKCU\SOFTWARE\Safer Networking Limited HKCU\SOFTWARE\Skype HKCU\SOFTWARE\Softplicity HKCU\SOFTWARE\Software HKCU\SOFTWARE\SolidDocuments HKCU\SOFTWARE\Sony Corporation HKCU\SOFTWARE\Tavultesoft HKCU\SOFTWARE\Trolltech HKCU\SOFTWARE\UninstallHelper HKCU\SOFTWARE\VB and VBA Program Settings HKCU\SOFTWARE\VOB HKCU\SOFTWARE\Wabbitemu HKCU\SOFTWARE\WComVista64 HKCU\SOFTWARE\WinRAR HKCU\SOFTWARE\WinRAR SFX HKCU\SOFTWARE\Xpress Software HKCU\SOFTWARE\Yahoo HKCU\SOFTWARE\ZebHelpProcess Helper HKCU\SOFTWARE\zsys HKCU\SOFTWARE\AppDataLow\RealNetworks HKCU\SOFTWARE\AppDataLow\Software HKCU\SOFTWARE\AppDataLow\Software\Adobe HKCU\SOFTWARE\AppDataLow\Software\Buzz_it HKCU\SOFTWARE\AppDataLow\Software\JavaSoft HKCU\SOFTWARE\AppDataLow\Software\RealNetworks ---\\ Non Microsoft non disabled Windows Services (9) - 2s O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe © O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe © O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe © O23 - Service: Avast Firewall (avast! Firewall) . (.AVAST Software - avast! firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe © O23 - Service: GoogleInputService (GoogleInputService) . (.Google Inc - Google Input Tools..) - C:\Program Files\Google\Google Input Tools\GoogleInputService.exe © O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe © O23 - Service: (MBAMService) . (.Malwarebytes - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe © O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe © O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe © ---\\ Task Planned Automatically (44) - 11s [MD5.B89A82FB10E98F2FDF51FA82C7366DD3] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1067736] © [MD5.280A526E8111AC6A5BCC1A059E1E0340] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [269000] © [MD5.5447AF432CDA61159ADDE218C468FFD9] [APT] [AdobeAAMUpdater-1.0-pr-PC-pr] (.Adobe Systems Incorporated.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208] © [MD5.8A6D1C082176864414E85ACF6696331D] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [1510320] © [MD5.1DC0CC580B6149CE24782B65384F34BD] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [6495144] © [MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] © [MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [144200] © [MD5.00000000000000000000000000000000] [APT] [Norton Security Scan for pr] (...) -- C:\PROGRA~1\NORTON~2\Engine\410~1.28\Nss.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealDownloaderDownloaderScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001] (...) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealDownloaderRealUpgradeLogonTaskS-1-5-21-565781450-1203981865-1107377620-1001] (...) -- C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealDownloaderRealUpgradeScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001] (...) -- C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealPlayerRealUpgradeLogonTaskS-1-5-21-565781450-1203981865-1107377620-1001] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealPlayerRealUpgradeScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-565781450-1203981865-1107377620-1001] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.) [0] [MD5.45ADCD37376140892745F157552A7051] [APT] [SafeZone scheduled Autoupdate 1447059829] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [728568] © [MD5.B73F17DF5CA5A1C748C36CC63297C6E3] [APT] [{0649676D-11F5-4FFC-9F16-A297C21264B1}] (.SEIKO EPSON CORP..) -- C:\Windows\twain_32\escndv\escndv.exe [155648] © [MD5.B73F17DF5CA5A1C748C36CC63297C6E3] [APT] [{0A2D0847-13FC-4DEC-B3FF-74141A07A99A}] (.SEIKO EPSON CORP..) -- C:\Windows\twain_32\escndv\escndv.exe [155648] © [MD5.7A2870C2A8283B3630BF7670D0362B94] [APT] [{13C9A6FA-0C25-4A19-9EB2-0DDEB23E28C8}] (.Google Inc..) -- c:\program files\Google\Chrome\application\chrome.exe [811848] © [MD5.7A2870C2A8283B3630BF7670D0362B94] [APT] [{1EAD07BB-F16F-4FF1-B7DB-3E536201DD0E}] (.Google Inc..) -- c:\program files\Google\Chrome\application\chrome.exe [811848] © [MD5.7115853FF96289DF7F65FB6B68E095ED] [APT] [{2EF6BA87-1D80-4CF5-86C7-74002F2F5610}] (.Mozilla Corporation.) -- c:\program files\mozilla firefox\firefox.exe [275568] © [MD5.7A2870C2A8283B3630BF7670D0362B94] [APT] [{5033D47E-1419-464C-9C08-6940334E952E}] (.Google Inc..) -- c:\program files\Google\Chrome\application\chrome.exe [811848] © [MD5.7115853FF96289DF7F65FB6B68E095ED] [APT] [{C9D785FD-59C3-429F-B2CF-A47BF74937E0}] (.Mozilla Corporation.) -- c:\program files\mozilla firefox\firefox.exe [275568] © [MD5.01E5B25A973BEA364CA745C3B5658434] [APT] [{CDAE434D-8213-4B4A-AA5C-43DCE216AD15}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe [57981568] © O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [830] © O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1052] © O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1056] © O39 - APT: Norton Security Scan for pr - (...) -- C:\Windows\Tasks\Norton Security Scan for pr.job [434] O39 - APT: Adobe Acrobat Update Task - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Acrobat Update Task [3874] © O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3768] © O39 - APT: AdobeAAMUpdater-1.0-pr-PC-pr - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-pr-PC-pr [3478] © O39 - APT: avast! Emergency Update - (.AVAST Software.) -- C:\Windows\System32\Tasks\avast! Emergency Update [4182] © O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\Windows\System32\Tasks\CCleanerSkipUAC [2778] © O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3800] © O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [4052] © O39 - APT: Norton Security Scan for pr - (...) -- C:\Windows\System32\Tasks\Norton Security Scan for pr [3580] O39 - APT: RealDownloaderDownloaderScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001 - (...) -- C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001 [3358] O39 - APT: RealDownloaderRealUpgradeLogonTaskS-1-5-21-565781450-1203981865-1107377620-1001 - (...) -- C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-565781450-1203981865-1107377620-1001 [3198] O39 - APT: RealDownloaderRealUpgradeScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001 - (...) -- C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001 [3338] O39 - APT: RealPlayerRealUpgradeLogonTaskS-1-5-21-565781450-1203981865-1107377620-1001 - (...) -- C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-565781450-1203981865-1107377620-1001 [3176] O39 - APT: RealPlayerRealUpgradeScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001 - (...) -- C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001 [3316] O39 - APT: RealUpgradeLogonTaskS-1-5-21-565781450-1203981865-1107377620-1001 - (...) -- C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-565781450-1203981865-1107377620-1001 [3176] O39 - APT: RealUpgradeScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001 - (...) -- C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-565781450-1203981865-1107377620-1001 [3316] O39 - APT: SafeZone scheduled Autoupdate 1447059829 - (.Avast Software.) -- C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1447059829 [3026] © ---\\ Process running (27) - 2s [MD5.EB7C2F213A219CA9CF807B6888186070] - (.AMD - AMD External Events Service Module.) -- C:\Windows\System32\atiesrxx.exe [217088] [PID.900] © [MD5.CC7A6B8B048BB08CB446C01597D11CC5] - (.AMD - AMD External Events Client Module.) -- C:\Windows\System32\atieclxx.exe [453632] [PID.1328] © [MD5.199D3FA1AF32FCE46A38E8EB64FFF520] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416] [PID.1572] © [MD5.945697058B2A6EBB3155FB6BB3399F57] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109520] [PID.1836] © [MD5.5DB2C6B908C50767E2EDAA294A7566B5] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [82128] [PID.2036] © [MD5.78AF384F14F01009EFB10A31AFEC51F4] - (.Google Inc - Google Input Tools..) -- C:\Program Files\Google\Google Input Tools\GoogleInputService.exe [164888] [PID.496] © [MD5.329D828599BE8859DDC81F866019B2F0] - (.Google Inc. - Google Input Tools.) -- C:\Program Files\Google\Google Input Tools\GoogleInputHandler.exe [2511384] [PID.1324] © [MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2760] © [MD5.F7D68D8E70EA376713A39395664793CA] - (.Pinnacle Systems GmbH - Pinnacle USB Tip - for Multi Media eXtensio.) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752] [PID.2768] © [MD5.2F722690B624C9AD160EDC24DCA880DF] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376] [PID.2944] © [MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.3060] © [MD5.01E5B25A973BEA364CA745C3B5658434] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [57981568] [PID.3076] © [MD5.1DC0CC580B6149CE24782B65384F34BD] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [6495144] [PID.3236] © [MD5.0EBCD3C26F9584864A9C8337DABB0185] - (.Avast Software - AvastVirtualBox Interface.) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4390776] [PID.3436] © [MD5.4B9949208944C50B1A16FD1F05ED0A04] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [299008] [PID.3584] © [MD5.A9950F1C63BA70151803C6F24CEE23F3] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [299008] [PID.3684] © [MD5.7A2870C2A8283B3630BF7670D0362B94] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.2060] © [MD5.7A2870C2A8283B3630BF7670D0362B94] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.4244] © [MD5.7A2870C2A8283B3630BF7670D0362B94] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.4152] © [MD5.7A2870C2A8283B3630BF7670D0362B94] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.4532] © [MD5.B89A82FB10E98F2FDF51FA82C7366DD3] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1067736] [PID.5124] © [MD5.BABBBDEF9DBB5E012EE5210FCB47C33B] - (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [9832760] [PID.3416] © [MD5.7A2870C2A8283B3630BF7670D0362B94] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.1396] © [MD5.7A2870C2A8283B3630BF7670D0362B94] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.4704] © [MD5.3AEA467EB1A5F3AD8FA39894D519677D] - (.Copyright (C) 2015 Nicolas Coolman - ZHPDiag.) -- C:\Users\pr\Downloads\ZHPDiag3.exe [1977856] [PID.5300] © [MD5.7A2870C2A8283B3630BF7670D0362B94] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [811848] [PID.4708] © [MD5.D5B783DACE1BBDD382A63C894BAB8E1E] - (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992] [PID.4544] © ---\\ Google Chrome, Start,Search,Extensions (7) - 0s G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [gomekmidlodglbbmalcneegieacbdmki] Avast Online Security G2 - GCE: Preference [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module G2 - GCE: Preference [User Data\Default] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Click to Call G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc. ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (27) - 4s M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\extensions\how_recover+bgc.html P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\extensions\how_recover+bgc.txt P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\extensions\how_recover+rxw.html P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\extensions\how_recover+rxw.txt P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\extensions\how_recover+ykn.html P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\extensions\how_recover+ykn.txt P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\searchplugins\google-avast.xml P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\searchplugins\how_recover+bgc.html P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\searchplugins\how_recover+bgc.txt P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\searchplugins\how_recover+rxw.html P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\searchplugins\how_recover+rxw.txt P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\searchplugins\how_recover+ykn.html P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\searchplugins\how_recover+ykn.txt P2 - EXT FILE: (...) -- C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\searchplugins\Search Provided by Yahoo.xml =>PUP.Optional.BDYahoo P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\amazon-france.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\bing.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\cnrtl-tlfi-fr.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay-france.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-fr.xml P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-france.xml P2 - EXT: (.Skype Technologies S.A. - Skype Click to Call.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} © P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} © P2 - FPN: [HKLM] [@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp] - (...) -- C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll P2 - FPN: [HKLM] [@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf] - (...) -- C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll ---\\ Internet Explorer Extensions, Start, Search (9) - 1s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer ---\\ Internet Explorer, Proxy Management (4) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) © F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) © F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.) © ---\\ Hosts file redirection (3) - 0s 128.199 128.199 ~ Nombre lignes détournées 128.199 15534 (Hosts file redirected) ---\\ Browser Helper Object (BHO) (6) - 0s O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} (Orphean) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll © O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll © O2 - BHO: (no name) - {970c55b4-c79e-4c62-9bfa-76439b68969f} (Orphean) O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (Orphean) O2 - BHO: (no name) - {da104fa1-3714-4056-8f42-d7fb74fd43dc} (Orphean) ---\\ Auto loading programs from Registry and folders (25) - 1s O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe © O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe © O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe © O4 - HKLM\..\Run: [USB2Check] . (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\Windows\System32\RUNDLL32.EXE © O4 - HKLM\..\Run: [USBToolTip] . (.Pinnacle Systems GmbH - Pinnacle USB Tip - for Multi Media eXtensio.) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe © O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe © O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe © O4 - HKLM\..\Run: [AMD AVT] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\Cmd.exe © O4 - HKLM\..\Run: [hgjuy78gfh] . (...) -- C:\Users\pr\AppData\Roaming\wyddf-a.exe O4 - HKCU\..\Run: [AdobeBridge] (Orphean) O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe © O4 - HKCU\..\Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE © O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe © O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © O4 - HKCU\..\Run: [hgjuy78gfh] . (...) -- C:\Users\pr\AppData\Roaming\wyddf-a.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe © O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe © O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe © O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe © O4 - HKUS\S-1-5-21-565781450-1203981865-1107377620-1001\..\Run: [AdobeBridge] (Orphean) O4 - HKUS\S-1-5-21-565781450-1203981865-1107377620-1001\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe © O4 - HKUS\S-1-5-21-565781450-1203981865-1107377620-1001\..\Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE © O4 - HKUS\S-1-5-21-565781450-1203981865-1107377620-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe © O4 - HKUS\S-1-5-21-565781450-1203981865-1107377620-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © O4 - HKUS\S-1-5-21-565781450-1203981865-1107377620-1001\..\Run: [hgjuy78gfh] . (...) -- C:\Users\pr\AppData\Roaming\wyddf-a.exe ---\\ Lop.com/Domain Hijackers (3) - 0s O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ---\\ Extra protocols (25) - 0s O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll © O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} . (.Microsoft Corporation - GrooveSystemServices Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll © O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll © O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll © O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\System32\urlmon.dll © O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll © O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll © O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype Click to Call for Internet Explorer.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll © O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype4COM.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll © O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\MSVidCtl.dll © O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll © O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll © O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll © O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll © O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL © ---\\ BootExecute (BEX) (1) - 0s O34 - HKLM BootExecute: (bootdelete) (.SurfRight B.V. - Hitman Pro 3.5 BootDelete.) -- C:\Windows\System32\bootdelete.exe ---\\ Contents of the Common Files folders (299) - 18s O43 - CFD: 11/11/2015 - [] D -- C:\Program Files\7-Zip O43 - CFD: 06/04/2015 - [] D -- C:\Program Files\Adobe O43 - CFD: 19/12/2014 - [] D -- C:\Program Files\AMD APP O43 - CFD: 19/12/2014 - [] D -- C:\Program Files\AMD AVT O43 - CFD: 30/10/2015 - [] D -- C:\Program Files\Anvsoft O43 - CFD: 12/11/2014 - [] D -- C:\Program Files\Apple Software Update O43 - CFD: 13/11/2015 - [] D -- C:\Program Files\Assassins Creed II Offline Server v0.41 O43 - CFD: 19/12/2014 - [] D -- C:\Program Files\ATI O43 - CFD: 19/12/2014 - [] D -- C:\Program Files\ATI Technologies O43 - CFD: 02/10/2015 - [] D -- C:\Program Files\Audacity O43 - CFD: 20/11/2015 - [0] D -- C:\Program Files\Auslogics O43 - CFD: 08/11/2015 - [] D -- C:\Program Files\AVAST Software O43 - CFD: 27/05/2011 - [] D -- C:\Program Files\Boris FX, Inc O43 - CFD: 09/11/2015 - [] D -- C:\Program Files\CCleaner O43 - CFD: 18/12/2011 - [] D -- C:\Program Files\CDex O43 - CFD: 27/11/2015 - [] D -- C:\Program Files\Common Files O43 - CFD: 14/11/2015 - [] D -- C:\Program Files\ContactKeeper O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\DVD Maker O43 - CFD: 29/11/2015 - [] D -- C:\Program Files\Efofex O43 - CFD: 02/06/2015 - [] D -- C:\Program Files\epson O43 - CFD: 28/03/2015 - [] D -- C:\Program Files\Epson Software O43 - CFD: 24/10/2015 - [] D -- C:\Program Files\GIMP 2 O43 - CFD: 19/11/2015 - [] D -- C:\Program Files\Google O43 - CFD: 08/11/2015 - [] D -- C:\Program Files\GUM2A99.tmp O43 - CFD: 17/09/2011 - [] D -- C:\Program Files\Illustrate O43 - CFD: 28/03/2015 - [] HD -- C:\Program Files\InstallShield Installation Information O43 - CFD: 30/10/2015 - [] D -- C:\Program Files\InstantPhotoSketch O43 - CFD: 04/10/2015 - [] D -- C:\Program Files\Internet Explorer O43 - CFD: 27/11/2015 - [] D -- C:\Program Files\IObit O43 - CFD: 17/05/2015 - [] D -- C:\Program Files\Java O43 - CFD: 25/11/2015 - [0] D -- C:\Program Files\MAGIX O43 - CFD: 29/11/2015 - [] D -- C:\Program Files\Malwarebytes Anti-Malware O43 - CFD: 21/12/2014 - [0] D -- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 21/04/2011 - [] D -- C:\Program Files\Micro Application O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Microsoft Games O43 - CFD: 03/04/2015 - [] D -- C:\Program Files\Microsoft Office O43 - CFD: 08/11/2015 - [] D -- C:\Program Files\Microsoft Visual Studio O43 - CFD: 03/04/2015 - [] D -- C:\Program Files\Microsoft Visual Studio 8 O43 - CFD: 08/11/2015 - [] D -- C:\Program Files\Microsoft Works O43 - CFD: 19/11/2015 - [] D -- C:\Program Files\Microsoft.NET O43 - CFD: 27/11/2015 - [] D -- C:\Program Files\Mozilla Firefox O43 - CFD: 08/11/2015 - [] D -- C:\Program Files\MSBuild O43 - CFD: 22/06/2013 - [] D -- C:\Program Files\MSECache O43 - CFD: 25/11/2015 - [] D -- C:\Program Files\PC Speedup Pro =>.Superfluous.PCSpeedUpPro O43 - CFD: 18/12/2011 - [] D -- C:\Program Files\Photo Notifier and Animation Creator O43 - CFD: 15/12/2012 - [] D -- C:\Program Files\Pinnacle O43 - CFD: 22/12/2011 - [] D -- C:\Program Files\proDAD O43 - CFD: 13/04/2011 - [] D -- C:\Program Files\QuickTime O43 - CFD: 06/11/2014 - [] D -- C:\Program Files\Real O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Reference Assemblies O43 - CFD: 12/11/2014 - [] D -- C:\Program Files\SAS O43 - CFD: 27/11/2015 - [] RD -- C:\Program Files\Skype O43 - CFD: 03/04/2011 - [] D -- C:\Program Files\SopCast O43 - CFD: 17/11/2014 - [] D -- C:\Program Files\Spybot - Search & Destroy O43 - CFD: 30/03/2011 - [] D -- C:\Program Files\Tavultesoft O43 - CFD: 29/11/2015 - [] D -- C:\Program Files\Teller Of Future (Sinhala) O43 - CFD: 27/11/2015 - [] D -- C:\Program Files\This PC O43 - CFD: 14/07/2009 - [0] HD -- C:\Program Files\Uninstall Information O43 - CFD: 14/05/2015 - [] D -- C:\Program Files\VideoLAN O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows Defender O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows Journal O43 - CFD: 31/03/2011 - [] D -- C:\Program Files\Windows Mail O43 - CFD: 31/03/2011 - [] D -- C:\Program Files\Windows Media Player O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows NT O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows Photo Viewer O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows Portable Devices O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Windows Sidebar O43 - CFD: 22/11/2015 - [] D -- C:\Program Files\WinRAR O43 - CFD: 17/11/2015 - [] D -- C:\Program Files\Xpress Software O43 - CFD: 29/11/2015 - [] D -- C:\Program Files\ZHPFix O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip O43 - CFD: 29/11/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 29/11/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boris Graffiti 5.2 O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ContactKeeper O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpowerAMP Music Converter O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3 O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Efofex Software O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON O43 - CFD: 29/11/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstantPhotoSketch O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX O43 - CFD: 29/11/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Address Book O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Effects Studio O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15 O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SinhalaTamilIME O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy O43 - CFD: 29/11/2015 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio 10 O43 - CFD: 29/11/2015 - [] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tavultesoft Keyman O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Data Recovery O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\ABBYY O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Adobe O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\AMD O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Apple O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Apple Computer O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Application Data O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Ashampoo O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\ATI O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Auslogics O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\AVAST Software O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\AVS4YOU O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Documents O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Driver Tool O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\EPSON O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Favorites O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Freemake O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Google O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\HitmanPro O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\IM O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\IncrediMail O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\IObit O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\MAGIX O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Malwarebytes O43 - CFD: 29/11/2015 - [] SD -- C:\ProgramData\Microsoft O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Microsoft Help O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Mozilla O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Nero O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Nitro PDF O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Norton O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\NortonInstaller O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Ocerlolomuw O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Oracle O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Particles O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\PCSpeedupPro.com =>.Superfluous.PCSpeedUpPro O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\PCValidator =>.Superfluous.PCSpeedUpPro O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Photo Notifier and Animation Creator O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Pinnacle O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Pinnacle Studio Plus O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Pinnacle Studio Ultimate O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Pinnacle Studio Ultimate Collection O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\proDAD O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\ProductData =>PUP.Optional.Generic O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Real O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\regid.1986-12.com.adobe O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\simplitec O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Skype O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Spybot - Search & Destroy O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Start Menu O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Studio 12 O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Studio 15 O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Sun O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Symantec O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Tavultesoft O43 - CFD: 14/07/2009 - [0] SHD -- C:\ProgramData\Templates O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\UDL O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\Xpress Software O43 - CFD: 29/11/2015 - [] D -- C:\ProgramData\{03B09F86-626A-4E82-B967-C3706B9A717B} O43 - CFD: 06/04/2015 - [] D -- C:\Program Files\Common Files\Adobe O43 - CFD: 06/11/2014 - [] D -- C:\Program Files\Common Files\Apple O43 - CFD: 19/12/2014 - [] D -- C:\Program Files\Common Files\ATI Technologies O43 - CFD: 19/11/2015 - [] D -- C:\Program Files\Common Files\designer O43 - CFD: 29/03/2015 - [] D -- C:\Program Files\Common Files\EPSON O43 - CFD: 07/05/2011 - [] D -- C:\Program Files\Common Files\InstallShield O43 - CFD: 27/11/2015 - [] D -- C:\Program Files\Common Files\MAGIX Services O43 - CFD: 08/11/2015 - [] D -- C:\Program Files\Common Files\microsoft shared O43 - CFD: 19/11/2015 - [] D -- C:\Program Files\Common Files\Nero O43 - CFD: 13/04/2011 - [] D -- C:\Program Files\Common Files\Nitro PDF O43 - CFD: 15/12/2012 - [] D -- C:\Program Files\Common Files\Pinnacle O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Common Files\Services O43 - CFD: 27/11/2015 - [] D -- C:\Program Files\Common Files\Skype O43 - CFD: 14/07/2009 - [] D -- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 04/04/2015 - [] D -- C:\Program Files\Common Files\System O43 - CFD: 08/11/2015 - [] D -- C:\Program Files\Common Files\Yahoo! O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\53184e6ccd6da1ad5c005fdc O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Adobe O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Adobe Mini Bridge CS5 O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\AMS Software O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Anvsoft O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Apple Computer O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Ashampoo O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\ATI O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\AVAST Software O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\AVS4YOU O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\BitTorrent O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Brorsoft O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\CLiPW O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\com.adobe.amp O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Dashlane O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Downloaded Installations O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\dvdcss O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Efofex O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Epson O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Foxit Software O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Google O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\HWM BlackBox O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Icones O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Identities O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\IObit O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\KastorVideoConverter O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\KoshyJohn.com O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Macromedia O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\MAGIX O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Malwarebytes O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Media Center Programs O43 - CFD: 29/11/2015 - [] SD -- C:\Users\pr\AppData\Roaming\Microsoft O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Mozilla O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\MPC-HC O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Nero O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Nitro PDF O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Opera Software O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\pcspeeduppro.com =>.Superfluous.PCSpeedUpPro O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\PDManager O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\proDAD O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Real O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\RealNetworks O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Regressi O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\simplitec O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Skype O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Softplicity O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Sony Corporation O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Thunderbird O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\vlc O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Wabbitemu O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\WindowsFileOpener =>Adware.InstallCore O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\WinRAR O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\ZHP O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\ABBYY O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Adobe O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Aiseesoft Studio O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Albelli Livres Photos O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Apple O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Apple Computer O43 - CFD: 30/03/2011 - [0] SHD -- C:\Users\pr\AppData\Local\Application Data O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\ApplicationHistory O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Apps O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\ashampoo O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\ATI O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Chromium O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Deployment O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Downloaded Installations O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Efofex O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Ezr8 O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\fontconfig O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\FreemakeVideoConverter O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\GAS Softwares O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\gegl-0.2 O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\GGEmpire O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Google O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\gtk-2.0 O43 - CFD: 30/03/2011 - [0] SHD -- C:\Users\pr\AppData\Local\History O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\IM O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\JMP7 Data O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Macromedia O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Magix O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Microsoft O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Microsoft Games O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Microsoft Help O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Mozilla O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Opera Software O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Packages O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Pinnacle O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Programs O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Real O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Skype O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Temp O43 - CFD: 30/03/2011 - [0] SHD -- C:\Users\pr\AppData\Local\Temporary Internet Files O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Thunderbird O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\VirtualStore O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Vistaprint Livres photo O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\webkit O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Local\Xara O43 - CFD: 29/11/2015 - [] RD -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 29/11/2015 - [] RD -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dBpowerAMP Music Converter O43 - CFD: 29/11/2015 - [] RD -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 12 O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast O43 - CFD: 29/11/2015 - [] RD -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\This PC O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vistaprint Livres photo O43 - CFD: 29/11/2015 - [] D -- C:\Users\pr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ---\\ ShellIconOverlayIdentifiers (SIOI) (9) - 0s O106 - SIOI: avast [00avast] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - avast! Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll © O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) -- C:\Windows\System32\EhStorShell.dll © O106 - SIOI: Groove Explorer Icon Overlay 1 (GFS Unread Stub) [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7}. (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll © O106 - SIOI: Groove Explorer Icon Overlay 2 (GFS Stub) [Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}. (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll © O106 - SIOI: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399}. (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll © O106 - SIOI: Groove Explorer Icon Overlay 3 (GFS Folder) [Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619}. (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll © O106 - SIOI: Groove Explorer Icon Overlay 4 (GFS Unread Mark) [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}. (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll © O106 - SIOI: [Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81}. (.Microsoft Corporation - Client Side Caching UI.) -- C:\Windows\System32\cscui.dll © O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) -- C:\Windows\System32\ntshrui.dll © ---\\ System Drivers List (87) - 9s O58 - SDL:2015/05/17 12:06:50 A . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\0C376171.sys [119512] © O58 - SDL:2009/07/14 02:26:15 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [422976] © O58 - SDL:2009/07/14 02:26:17 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [297552] © O58 - SDL:2009/07/14 02:26:15 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys [146512] © O58 - SDL:2009/07/14 02:26:15 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [14400] © O58 - SDL:2009/07/14 02:26:15 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [79952] © O58 - SDL:2009/07/14 02:26:15 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [159312] © O58 - SDL:2009/07/14 02:26:15 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [23616] © O58 - SDL:2011/11/28 13:51:44 A . (.AnvSoft Inc. - AnvSoft Virtual Audio Device.) -- C:\Windows\System32\drivers\anvsnddrv.sys [32896] O58 - SDL:2009/07/14 02:26:15 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [76368] © O58 - SDL:2009/07/14 02:26:15 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [86608] © O58 - SDL:2004/08/13 08:56:20 A . (. - ATK0110 ACPI Utility.) -- C:\Windows\System32\drivers\ASACPI.sys [5810] O58 - SDL:2015/11/08 20:05:55 A . (.AVAST Software - avast! HWID.) -- C:\Windows\System32\drivers\aswHwid.sys [24016] © O58 - SDL:2015/11/08 20:05:45 A . (.AVAST Software - avast! Keyboard Filter Driver.) -- C:\Windows\System32\drivers\aswKbd.sys [26096] © O58 - SDL:2015/11/08 20:05:55 A . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\Windows\System32\drivers\aswMonFlt.sys [81168] © O58 - SDL:2015/11/08 20:05:32 A . (.AVAST Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\drivers\aswNdisFlt.sys [283072] © O58 - SDL:2011/09/06 22:36:38 A . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\System32\drivers\aswRdr.sys [34392] © O58 - SDL:2015/11/08 20:05:55 A . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\Windows\System32\drivers\aswRdr2.sys [81728] © O58 - SDL:2015/11/08 20:05:55 A . (.AVAST Software - avast! Revert.) -- C:\Windows\System32\drivers\aswRvrt.sys [49776] © O58 - SDL:2015/11/08 20:05:45 A . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\drivers\aswSnx.sys [794952] © O58 - SDL:2015/11/08 20:05:55 A . (.AVAST Software - avast! self protection module.) -- C:\Windows\System32\drivers\aswSP.sys [435464] © O58 - SDL:2015/11/08 20:05:55 A . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\drivers\aswStm.sys [117200] © O58 - SDL:2015/11/08 20:05:55 A . (.AVAST Software - avast! VM Monitor.) -- C:\Windows\System32\drivers\aswVmm.sys [209432] © O58 - SDL:2012/05/14 07:12:28 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\System32\drivers\AtihdW73.sys [86656] © O58 - SDL:2013/04/30 05:14:44 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\System32\drivers\atikmdag.sys [10070016] © O58 - SDL:2013/04/30 03:47:52 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\System32\drivers\atikmpag.sys [290304] © O58 - SDL:2009/07/13 23:02:49 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60x.sys [229888] © O58 - SDL:2009/07/13 23:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [13568] © O58 - SDL:2009/07/13 23:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [5248] © O58 - SDL:2009/07/14 01:57:25 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [272128] © O58 - SDL:2009/07/13 23:53:32 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [62336] © O58 - SDL:2009/07/13 23:53:33 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [12160] © O58 - SDL:2009/07/13 23:53:33 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [11904] © O58 - SDL:2009/07/13 23:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbdx.sys [430080] © O58 - SDL:2009/07/14 02:26:21 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [15952] © O58 - SDL:2009/07/14 02:20:28 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\drivers\djsvs.sys [70720] © O58 - SDL:2009/07/14 02:20:28 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [453712] © O58 - SDL:2009/07/13 23:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbdx.sys [3100160] © O58 - SDL:2012/08/21 12:01:22 A . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys [26840] © O58 - SDL:2009/07/13 23:54:14 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [26624] © O58 - SDL:2009/07/14 02:20:28 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [67152] © O58 - SDL:2009/02/08 21:42:42 A . (.Guillemot Corporation - Filter Driver for the Hercules Webcams (MJP.) -- C:\Windows\System32\drivers\hxctlflt.sys [99968] © O58 - SDL:2009/07/14 02:20:36 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [332352] © O58 - SDL:2009/07/14 02:20:36 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [41040] © O58 - SDL:2009/07/14 02:20:36 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [95824] © O58 - SDL:2009/07/14 02:20:37 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [89168] © O58 - SDL:2009/07/14 02:20:36 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [54864] © O58 - SDL:2009/07/14 02:20:36 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [96848] © O58 - SDL:2007/05/09 08:36:18 A . (.Pinnacle a division of Avid Technology, Inc. - Marvin Series USB AVStream Driver.) -- C:\Windows\System32\drivers\MarvinAVS.sys [434176] O58 - SDL:2005/09/23 22:18:32 A . (.Pinnacle Systems GmbH - Pinnacle Marvin Discrete Bus Enumerator.) -- C:\Windows\System32\drivers\MarvinBus.sys [171520] © O58 - SDL:2015/10/05 09:50:04 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [23256] © O58 - SDL:2015/10/05 09:50:08 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) -- C:\Windows\System32\drivers\mbamchameleon.sys [94936] © O58 - SDL:2015/11/29 11:48:40 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [170200] © O58 - SDL:2009/07/14 02:20:36 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [30800] © O58 - SDL:2009/07/14 02:20:36 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [235584] © O58 - SDL:2015/10/05 09:50:16 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\Windows\System32\drivers\mwac.sys [51928] © O58 - SDL:2009/07/14 02:20:44 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [44624] © O58 - SDL:2015/11/08 20:05:36 A . (.AVAST Software - avast! NG snapshot driver.) -- C:\Windows\System32\drivers\ngvss.sys [121368] © O58 - SDL:2009/07/14 02:20:44 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [117312] © O58 - SDL:2009/07/14 02:20:44 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [142416] © O58 - SDL:2009/07/14 02:19:04 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1383488] © O58 - SDL:2009/07/14 02:19:04 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [106064] © O58 - SDL:2009/07/13 23:02:52 A . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) -- C:\Windows\System32\drivers\Rt86win7.sys [139776] © O58 - SDL:2009/07/13 21:50:20 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480] © O58 - SDL:2009/07/14 02:19:04 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [40016] © O58 - SDL:2009/07/14 02:19:04 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [77888] © O58 - SDL:2008/07/16 07:59:38 A . (.Copyright 2004-2007 - USBCAMD for Sonix UVC.) -- C:\Windows\System32\drivers\sncduvc.sys [27264] O58 - SDL:2009/04/22 12:46:42 A . (.Copyright 2004-2007 - UVC Camera Streaming Driver.) -- C:\Windows\System32\drivers\snp2uvc.sys [3482112] O58 - SDL:2009/07/14 02:19:04 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [21072] © O58 - SDL:2012/12/13 12:50:38 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\drivers\usbaapl.sys [45056] © O58 - SDL:2009/07/14 02:19:10 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [16976] © O58 - SDL:2009/07/14 02:19:11 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [141904] © O58 - SDL:2009/07/13 22:40:41 A . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:2009/07/13 22:40:44 A . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:2009/07/13 22:40:40 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:2009/07/13 22:40:43 A . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:2009/07/13 22:40:43 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:2009/07/13 22:40:23 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:2009/07/13 22:40:31 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:2009/07/13 22:40:35 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:2009/07/13 22:40:39 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:2009/07/13 22:40:27 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:2009/07/13 22:40:11 A . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:2009/07/13 22:40:15 A . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:2009/07/13 22:40:17 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:2009/07/13 22:40:19 A . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:2009/07/13 22:40:13 A . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ---\\ Last modified or created user files (7) - 8s O61 - LFC: 2015/11/29 11:41:26 A . (.Enigma Software Group USA, LLC..) -- C:\Users\pr\Downloads\sh-remover.exe [3237248] =>.Superfluous.SpyHunter O61 - LFC: 2034/03/09 08:49:32 A . (..) -- C:\Users\pr\Desktop\WinRAR 5.21 Beta 1 (32 & 64 bit)\Winrar 64bit 521b1.exe [1937328] O61 - LFC: 2015/11/29 10:27:33 A . (..) -- C:\Users\pr\AppData\Roaming\wyddf-a.exe [403456] O61 - LFC: 2015/11/25 15:22:52 A . (..) -- C:\Users\pr\AppData\Roaming\pcspeeduppro.com\PC Speedup Pro\exlist.bin [258033] =>.Superfluous.PCSpeedUpPro O61 - LFC: 2015/11/29 11:39:37 A . (..) -- C:\Users\pr\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [674082] O61 - LFC: 2015/11/29 11:32:13 A . (..) -- C:\Users\pr\AppData\Local\ATI\ACE\Manifest.Bin [30466] O61 - LFC: 2015/11/28 14:55:35 A . (..) -- C:\Users\pr\AppData\Local\Adobe\Acrobat\11.0\UserCache.bin [150112] ---\\ File Associations Shell Spawning (9) - 1s O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe © O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe © O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe © O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe © O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S ---\\ Start Menu Internet (16) - 0s O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe © O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe © ---\\ Search Browser Infection (2) - 0s O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ O69 - SBI: SearchScopes [HKCU] {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} [DefaultScope] - (Google) - http://www.google.com/ ---\\ Search Svchost Services (33) - 2s O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [62464] © O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [67584] © O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\Windows\System32\certprop.dll [67584] © O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [168448] © O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [591360] © O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\IKEEXT.DLL [667136] © O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\audiosrv.dll [473088] © O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [90624] © O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [285184] © O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [75264] © O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\Sens.dll [49664] © O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [300544] © O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [241664] © O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) -- C:\Windows\System32\termsrv.dll [543232] © O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1912832] © O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [589312] © O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [328192] © O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\Windows\System32\iphlpsvc.dll [497152] © O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\System32\seclogon.dll [21504] © O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [46592] © O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [114688] © O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [49664] © O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [61440] © O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [98304] © O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [162816] © O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [749056] © O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\KMSVC.DLL [71168] © O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [99328] © O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960] © O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [102400] © O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [37376] © O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [76800] © O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [149504] © ---\\ Services not Microsoft (SR=Run, SS=Stop) (14) - 38s SR - Auto [28/10/2015] [ 82128] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe © SS - Demand [11/11/2015] [ 269000] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe © SR - Auto [30/04/2013] [ 217088] (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe © SR - Auto [08/11/2015] [ 174416] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe © SR - Auto [08/11/2015] [ 109520] Avast Firewall (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe © SR - Demand [08/11/2015] [ 4390776] AvastVBox COM Service (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe © SR - Auto [30/04/2015] [ 164888] GoogleInputService (GoogleInputService) . (.Google Inc.) - C:\Program Files\Google\Google Input Tools\GoogleInputService.exe © SS - Auto [12/09/2015] [ 144200] Service Google Update (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe © SS - Demand [12/09/2015] [ 144200] Service Google Update (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe © SS - Auto [05/10/2015] [ 1135416] (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe © SR - Auto [26/01/2009] [ 1153368] SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe © SS - Auto [09/07/2015] [ 327296] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe © SS - Demand [19/02/2010] [ 517096] (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe © ---\\ Additional Scan (O88) (9) - 0s HKCU\SOFTWARE\553EB3D537C61AC0 =>PUP.Optional.Heuristic C:\Users\pr\AppData\Roaming\Mozilla\Firefox\Profiles\x6nr21ee.default\searchplugins\Search Provided by Yahoo.xml =>PUP.Optional.BDYahoo C:\Program Files\PC Speedup Pro =>.Superfluous.PCSpeedUpPro C:\ProgramData\PCSpeedupPro.com =>.Superfluous.PCSpeedUpPro C:\ProgramData\PCValidator =>.Superfluous.PCSpeedUpPro C:\ProgramData\ProductData =>PUP.Optional.Generic C:\Users\pr\AppData\Roaming\pcspeeduppro.com =>.Superfluous.PCSpeedUpPro C:\Users\pr\AppData\Roaming\WindowsFileOpener =>Adware.InstallCore C:\Users\pr\AppData\Roaming\pcspeeduppro.com\PC Speedup Pro\exlist.bin =>.Superfluous.PCSpeedUpPro ---\\ Summary of the elements found (5) - 0s http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Heuristic http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.BDYahoo http://www.nicolascoolman.fr/?p=5020 =>.Superfluous.PCSpeedUpPro http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Generic http://www.nicolascoolman.fr/?p=279 =>Adware.InstallCore ~ End of the scan, 21026 items in 188 seconds (1013)(0)