Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean  =>.Microsoft Internet Explorer
O2 - BHO: Safe Money Plugin [64Bits] - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (.not file.)
O3 - Toolbar: 0xB1C218236549D4119B18009027A5CD4F - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} . (...) --  (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe  =>.Intel Corporation®
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe  =>.Intel Corporation®
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe  =>.Intel Corporation®
O4 - HKLM\..\Run: [SmoothView] . (.TOSHIBA Corporation - SmoothView.) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe  =>.TOSHIBA CORPORATION®
O4 - HKLM\..\Run: [TPwrMain] . (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe  =>.TOSHIBA CORPORATION®
O4 - HKLM\..\Run: [00TCrdMain] . (.TOSHIBA Corporation - TOSHIBA Flash Cards.) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe  =>.TOSHIBA CORPORATION®
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe  =>.Realtek Semiconductor Corp®
O4 - HKLM\..\Run: [SmartFaceVWatcher] . (.TOSHIBA Corporation - SmartFaceVWatcher.) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe  =>.Toshiba Corporation
O4 - HKLM\..\Run: [TosNC] . (.TOSHIBA Corporation - Message Center.) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe  =>.TOSHIBA CORPORATION®
O4 - HKLM\..\Run: [TosReelTimeMonitor] . (.TOSHIBA Corporation - Monitor of TOSHIBA ReelTime.) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe  =>.TOSHIBA CORPORATION®
O4 - HKLM\..\Run: [bintin] D:\bin.doc (.not file.)
O4 - HKLM\..\Run: [Samsung Link] . (.Copyright 2013 SAMSUNG - Samsung Link Tray Agent.) -- C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe  =>.Samsung Electronics CO., LTD.®
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (.not file.)
O4 - HKCU\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe  =>.Yahoo! Inc.®
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe  =>.Facebook, Inc.®
O4 - HKLM\..\Wow6432Node\Run: [HWSetup] . (.TOSHIBA Electronics, Inc. - HWSetup.) -- C:\Program Files\TOSHIBA\Utilities\HWSetup.exe  =>.TOSHIBA Electronics, Inc.
O4 - HKLM\..\Wow6432Node\Run: [KeNotify] . (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe {0B31CA164E206FF8F811DE9F20A60946}  =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe  =>.Adobe Systems, Incorporated®
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe  =>.Adobe Systems, Incorporated®
O4 - HKLM\..\Wow6432Node\Run: [LogitechCommunicationsManager] . (.Logitech Inc. - Communications Manager.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe  =>.Logitech Inc®
O4 - HKLM\..\Wow6432Node\Run: [LogitechQuickCamRibbon] . (...) -- C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe  =>.Logitech Inc®
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe  =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3829083247-3182876061-4161828277-1000\..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (.not file.)
O4 - HKUS\S-1-5-21-3829083247-3182876061-4161828277-1000\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe  =>.Yahoo! Inc.®
O4 - HKUS\S-1-5-21-3829083247-3182876061-4161828277-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\khalid\AppData\Local\Facebook\Update\FacebookUpdate.exe  =>.Facebook, Inc.®
O4 - GS\Desktop [khalid]: Samsung Link hafid0062@gmail.com.lnk . (...) C:\Users\khalid\Samsung Link\hafid0062@gmail.com
O4 - GS\Desktop [Administrateur]: Samsung Link hafid0062@gmail.com.lnk . (...) C:\Users\khalid\Samsung Link\hafid0062@gmail.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B056BD6C-6ED5-4299-8C3D-372FE463FCF4}: DhcpNameServer = 192.168.1.1
HKLM\SOFTWARE\Wow6432Node\AVAST Software
HKLM\SOFTWARE\Wow6432Node\McAfee.com
HKLM\SOFTWARE\Wow6432Node\mcafeeupdater
HKCU\SOFTWARE\ESET
HKCU\SOFTWARE\MCAFEE
O43 - CFD: 08/11/2014 - [] D -- C:\ProgramData\RogueKiller
O43 - CFD: 26/04/2014 - [] D -- C:\Users\khalid\AppData\Roaming\ESET
O43 - CFD: 26/04/2014 - [] D -- C:\Users\khalid\AppData\Local\ESET
O43 - CFD: 01/03/2016 - [] D -- C:\Users\khalid\AppData\Local\Temp
O43 - CFD: 29/05/2010 - [0] SHD -- C:\Users\khalid\AppData\Local\Temporary Internet Files
O87 - FAEL: "{78852EE5-ED2B-4784-8958-E8B1168E7374}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Yahoo!\Messenger\YPager.exe (.not file.)
O87 - FAEL: "{3525089F-E247-43D3-AB9F-38AB17E9060D}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Yahoo!\Messenger\YPager.exe (.not file.)
O87 - FAEL: "{D38329D3-5D1B-4248-B2FE-AADFBD2D98EB}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Yahoo!\Messenger\YServer.exe (.not file.)
O87 - FAEL: "{BCE37C30-4A7B-459F-B81F-64C2C6746296}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Yahoo!\Messenger\YServer.exe (.not file.)
O87 - FAEL: "TCP Query User{7317D3A7-CE02-49A8-BE61-AFADF75AA97A}C:\program files (x86)\internet download manager\idman.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\internet download manager\idman.exe (.not file.)
O87 - FAEL: "UDP Query User{C9FD579C-3FF6-4257-ABEA-A0ED801210C4}C:\program files (x86)\internet download manager\idman.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\internet download manager\idman.exe (.not file.)
O87 - FAEL: "{5B60D856-F80C-464F-AB5B-AC4204B60BF5}" [In-None-P6-TRUE] .(...) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.)
O87 - FAEL: "{C164B0CA-07CF-4DC0-BF89-ADD45A053C9E}" [In-None-P17-TRUE] .(...) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.)
O87 - FAEL: "{1A89AEED-27BD-4074-B774-D2A11DC754FA}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe (.not file.)
O87 - FAEL: "{049B15C3-6101-4045-B635-54A5D66C193C}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe (.not file.)
O87 - FAEL: "TCP Query User{D9621BD4-40F4-4DCC-803C-975D3C9AFA3F}C:\program files (x86)\emule\emule.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{6B9089A1-7172-43CE-BDEC-1FCFBA814BB2}C:\program files (x86)\emule\emule.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\emule\emule.exe (.not file.)
O87 - FAEL: "TCP Query User{2DDF1BD7-DCED-49EC-8AEA-88B28D1A25C9}C:\program files (x86)\limewire\limewire.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{5701F7E5-BD4F-4933-BC2D-A73899FA63DA}C:\program files (x86)\limewire\limewire.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "{A7758709-F640-494F-9DA4-8847E43CAFFA}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O87 - FAEL: "{1103FC30-5A25-40D2-8A9C-F4DAC1DEC743}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Windows Live\Messenger\livecall.exe (.not file.)
O87 - FAEL: "{CE2212F2-8AE5-45CE-9A91-586C1D62F9CA}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O87 - FAEL: "{7763B9DD-1B14-4823-B1E1-93EF19525469}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Windows Live\Messenger\livecall.exe (.not file.)
O87 - FAEL: "{149A6D57-75FD-4CE0-A60F-2C005B634AE5}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O87 - FAEL: "{C08A0089-1BBA-4095-94EE-025DDE21E44E}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Windows Live\Messenger\livecall.exe (.not file.)
O87 - FAEL: "TCP Query User{A2BF6E96-993A-4A0D-829A-3F429E521B97}C:\program files (x86)\nimbuzz\nimbuzz.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\nimbuzz\nimbuzz.exe (.not file.)
O87 - FAEL: "UDP Query User{5FC20E70-777D-46A1-93E0-04861508B107}C:\program files (x86)\nimbuzz\nimbuzz.exe" [In-None-P17-TRUE] .(...) -- C:\program files (x86)\nimbuzz\nimbuzz.exe (.not file.)
O87 - FAEL: "{ECBFE0CE-B560-4E21-BADD-808D1F531CE4}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe (.not file.)
O87 - FAEL: "{81451610-081A-49BF-9128-8E9E5295D0A6}" [In-None-P6-TRUE] .(...) -- C:\Program Files\ma-config.com\x64\maconfservice.exe (.not file.)
O87 - FAEL: "{50450043-C0DF-409E-9BB1-6BA15523041D}" [In-None-P17-TRUE] .(...) -- C:\Program Files\ma-config.com\x64\maconfservice.exe (.not file.)
O87 - FAEL: "TCP Query User{D9514794-A170-42EA-A2B7-DAC1E765480A}C:\users\khalid\appdata\local\temp\nsk2924.tmp\setup.exe" [In-None-P6-TRUE] .(...) -- C:\users\khalid\appdata\local\temp\nsk2924.tmp\setup.exe (.not file.)
O87 - FAEL: "UDP Query User{8052B737-3C50-409A-A442-1AFD57845C2A}C:\users\khalid\appdata\local\temp\nsk2924.tmp\setup.exe" [In-None-P17-TRUE] .(...) -- C:\users\khalid\appdata\local\temp\nsk2924.tmp\setup.exe (.not file.)
O87 - FAEL: "{2DC98226-5D3F-43B3-94AE-B9A2AA74C259}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe (.not file.)
O87 - FAEL: "{D2CE121F-3CB8-4E72-BE09-7A11D76B1EB1}" [In-None-P17-TRUE] .(...) -- C:\Users\khalid\Downloads\VideoPerformerSetup.exe (.not file.)  =>PUP.Optional.VideoPerformer
O87 - FAEL: "{03A2FCAB-2B95-45BA-9F63-950014C4325F}" [Out-None-P17-TRUE] .(...) -- C:\Users\khalid\Downloads\VideoPerformerSetup.exe (.not file.)  =>PUP.Optional.VideoPerformer
O87 - FAEL: "{3C7F7B5F-8B2F-4161-AE14-85983C65BEF4}" [In-None-P17-TRUE] .(.Epom Ltd. - Citrio.) -- C:\Users\soumya\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe {1855136D47C1A483}