Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Hamza (07-07-2018 08:14:20)
Running from C:\Users\Hamza\Desktop
Windows 10 Home Version 1709 16299.371 (X64) (2017-12-06 12:36:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-518511124-2112986350-859192497-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-518511124-2112986350-859192497-503 - Limited - Disabled)
Elamr (S-1-5-21-518511124-2112986350-859192497-1010 - Limited - Disabled)
Guest (S-1-5-21-518511124-2112986350-859192497-501 - Limited - Disabled) => C:\Users\Guest
Hamza (S-1-5-21-518511124-2112986350-859192497-1001 - Administrator - Enabled) => C:\Users\Hamza
VUSR_HAMZAMOUKKAR (S-1-5-21-518511124-2112986350-859192497-1012 - Limited - Enabled)
VUSR_HAMZAMOUKKAR1 (S-1-5-21-518511124-2112986350-859192497-1013 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-518511124-2112986350-859192497-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
ActiveState Komodo Edit 11.0.1 (HKLM-x32\...\{C0C305D4-1D83-46A3-9DEE-EF836E8C7C30}) (Version: 11.0.1 - ActiveState Software Inc.)
Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
AppServ 8.6.0 (remove only) (HKLM-x32\...\AppServ) (Version:  - )
Assistant Mise à jour de Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Atom (HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\atom) (Version: 1.23.3 - GitHub Inc.)
Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Camtasia 9 (HKLM\...\{1D09B594-C8B5-4CF1-B927-41D9A487799C}) (Version: 9.0.5.2021 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Discord (HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A7D43B07-A0E2-4DB9-9843-01EA269F6F67}) (Version: 1.1.147.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Feem 2017 version 4.2.1 (HKLM-x32\...\{0650E0DD-30F9-49F6-B849-1384D45605C3}}_is1) (Version: 4.2.1 - FeePerfect)
FileZilla Client 3.29.0 (HKLM-x32\...\FileZilla Client) (Version: 3.29.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HTMLPad 2016 v14.3 (HKLM-x32\...\HTMLPad 2016_is1) (Version: 14.0 - Karlis Blumentals)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_v6_6.0.21.6598) (Version: 6.0.21.6598 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (HKLM-x32\...\{EC8ABDF0-358B-11E5-82EB-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Data Collector (HKLM-x32\...\{E3A02E00-358B-11E5-81F8-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Face Tracking (HKLM-x32\...\{EB18904F-358B-11E5-9D96-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Face Tracking: Models (HKLM-x32\...\{E1B4D8C0-358B-11E5-8DC2-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking (HKLM-x32\...\{D74B980F-358B-11E5-B6FE-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking: Models (HKLM-x32\...\{ED5C65CF-358B-11E5-9F51-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Object Tracking (HKLM-x32\...\{DDF056B0-358B-11E5-A478-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): TouchlessController (HKLM-x32\...\{F0106240-358B-11E5-9FD1-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): TouchlessController: Models (HKLM-x32\...\{E1260640-358B-11E5-B0DF-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (HKLM-x32\...\{E57451C0-358B-11E5-A269-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Utilities (HKLM-x32\...\{E6E80600-358B-11E5-AD9F-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java SE Development Kit 8 Update 144 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180144}) (Version: 8.0.1440.1 - Oracle Corporation)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LOGO!Soft Comfort V7.0  (HKLM-x32\...\LOGO!Soft Comfort V7.0 ) (Version: 7.0.0.0 - Siemens AG)
LOGO!Soft Comfort V8.0 (Demo) (HKLM-x32\...\LOGO!Soft Comfort V8.0 (Demo)) (Version: 8.0.0.0 - Siemens AG)
LOGO!Soft Comfort V8.1 (HKLM\...\LOGO!Soft Comfort V8.1) (Version: 8.1.0.22 - Siemens AG)
MAGIX Youcast (HKLM\...\{AC71DDCB-63D8-40E2-9950-688E1EE0C66A}) (Version: 1.0.0.146 - MAGIX Software GmbH) Hidden
MAGIX Youcast (HKLM\...\MX.{AC71DDCB-63D8-40E2-9950-688E1EE0C66A}) (Version: 1.0.0.146 - MAGIX Software GmbH)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Professionnel Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Editor 14 (HKLM-x32\...\Movavi Video Editor 14) (Version: 14.0.0 - Movavi)
Mozilla Firefox 59.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 59.0.2 (x64 fr)) (Version: 59.0.2 - Mozilla)
Mozilla Firefox 59.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 59.0.2 (x86 fr)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Opera Stable 53.0.2907.99 (HKLM-x32\...\Opera 53.0.2907.99) (Version: 53.0.2907.99 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
phpDesigner 8 version 8.1.2 (HKLM-x32\...\phpDesigner8_is1) (Version:  - MPSOFTWARE)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)
Rapid PHP 2016 v14.2 (HKLM-x32\...\Rapid PHP 2016_is1) (Version: 14.0 - Karlis Blumentals)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.29092 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.27.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.27.0 - Adlice Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{9092DCCE-3475-44A0-BC7A-ACAF55C8A45F}) (Version: 6.2.00 - Silicon Laboratories, Inc.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16121.3 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16121.3 - Samsung Electronics Co., Ltd.)
Snagit 12 (HKLM-x32\...\{4FC332FE-CBE3-4AE0-B531-35048FD81912}) (Version: 12.4.1 - TechSmith Corporation)
Stremio (HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\Stremio) (Version: 3.6.5 - Smart Code Ltd.)
Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-012B-0401-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-012B-040C-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
VMware Workstation (HKLM\...\{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}) (Version: 11.0.0 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.0.0 - VMware, Inc)
WhatsApp (HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\WhatsApp) (Version: 0.2.9998 - WhatsApp)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-518511124-2112986350-859192497-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-31ED0B905399}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-518511124-2112986350-859192497-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers: [			IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-03] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-03] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-03] (AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-08-14] (TechSmith Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2014-11-20] (VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-03] (AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-23] ()
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-08-14] (TechSmith Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-03] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {055C04B5-D8B9-4D95-8818-36A90A0B038E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-07-03] (AVAST Software)
Task: {113802E8-073E-40C3-BC74-BF4B7B6C2F49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.)
Task: {2C1B9DBA-649C-470A-B054-4A55BEFB6DD0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-07-05] (AVAST Software)
Task: {3071C96C-23A0-474E-A797-A412955DBF0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.)
Task: {30DAFA09-894A-4612-BD50-04A6D2911E85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-05] (Microsoft Corporation)
Task: {54AC8F14-DEAF-4C42-A64B-0651261F5544} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-05] (Microsoft Corporation)
Task: {572D950A-F56C-4EA3-B279-D0F32669AA0E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {68EDF73E-B1AF-4983-B650-6153FD8072FA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-moukkar.hamza@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {75CE351F-B4C1-4043-8B5A-2DC05271C1A5} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-08-11] (TechSmith Corporation)
Task: {93685523-677B-4880-BDFD-3FB3E72B99D2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-03] (Adobe Systems Incorporated)
Task: {9B6BB95A-2BDD-4AF7-9784-7108E745F5F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-05] (Microsoft Corporation)
Task: {A7833AA3-AE50-4288-8786-AA581A7D21AF} - System32\Tasks\SafeZone scheduled Autoupdate 1482868481 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {A7CB6E85-8F5E-40E1-9C8C-351DE630CE66} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {AF60A87A-43CF-4BBC-BA1B-EA14993DF0EF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-07-03] (Adobe Systems Incorporated)
Task: {B4DBA774-C17B-4989-94C1-C6898FBAAE4A} - System32\Tasks\Opera scheduled Autoupdate 1482860869 => C:\Program Files (x86)\Opera\launcher.exe [2018-06-12] (Opera Software)
Task: {B54F839A-77C5-4072-98D3-18F7636F45FC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {C4700EFA-417E-4B67-B455-F10D9D471626} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {CB57758F-A4FD-4DC6-9108-148D9F619B13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-05] (Microsoft Corporation)
Task: {CD6DB00D-2D24-4A83-AD27-D351069D9180} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-27] (Realtek Semiconductor)
Task: {CDE3663C-BD26-46C6-B4E1-DF0E701B4106} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {D77F3467-10F1-4566-ADBB-05C6D996B77B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {F492E579-5724-4EF0-A23E-A39303F37F8F} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-moukkar.hamza@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2014-11-20 18:20 - 2014-11-20 18:20 - 012730560 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2016-10-31 20:45 - 2017-06-23 01:51 - 000598528 _____ () C:\Users\Hamza\AppData\Local\MEGAsync\ShellExtX64.dll
2017-09-26 03:52 - 2017-09-26 03:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-11-06 20:32 - 2017-11-06 20:32 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-12-02 08:32 - 2016-12-02 08:32 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-03-14 00:34 - 2018-02-22 01:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 00:35 - 2018-02-22 01:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-30 12:03 - 2018-05-30 12:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-07-03 20:11 - 2018-06-22 20:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-07-03 20:11 - 2018-06-22 20:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-07-06 09:20 - 2018-07-06 09:20 - 000113152 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\_ctypes.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000080896 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\bz2.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 001585152 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\_hashlib.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000128512 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32api.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000137728 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\pywintypes27.dll
2018-07-06 09:20 - 2018-07-06 09:20 - 000548864 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\pythoncom27.dll
2018-07-06 09:20 - 2018-07-06 09:20 - 000689664 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\unicodedata.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000438784 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32com.shell.shell.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 001489408 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\wx._core_.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 001007104 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\wx._gdi_.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 001039872 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\wx._windows_.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 001325056 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\wx._controls_.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000916992 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\wx._misc_.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 001084416 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\pysqlite2._sqlite.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000149504 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32file.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000136192 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32security.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000007680 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\hashobjs_ext.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000020992 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\thumbnails_ext.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000118784 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\usb_ext.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000047616 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\_socket.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 002224640 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\_ssl.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000014848 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\common.time34.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000023040 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32event.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000034304 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\windows.conditional.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000020480 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\windows.winwrap.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000110080 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\windows.volumes.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000223232 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32gui.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000173568 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\_elementtree.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000169472 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\pyexpat.pyd
2018-07-06 09:20 - 2018-07-06 09:21 - 000048128 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32inet.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000103424 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\wx._html2.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000046080 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\_psutil_windows.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000633272 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\windows._cacheinvalidation.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000011776 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32crypt.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000301568 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\PIL._imaging.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000032256 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\_multiprocessing.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 005458944 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\cello.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000026112 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\_yappi.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000044032 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32process.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000027648 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32pipe.pyd
2018-07-06 09:20 - 2018-07-06 09:20 - 000010752 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\select.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000029696 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32pdh.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000038400 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\windows.connectivity.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000073216 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\windows.device_monitor.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000020480 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32profile.pyd
2018-07-06 09:21 - 2018-07-06 09:21 - 000026624 _____ () C:\Users\Hamza\AppData\Local\Temp\_MEI87722\win32ts.pyd
2018-03-01 14:41 - 2018-03-01 14:45 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-01 14:41 - 2018-03-01 14:45 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-01 14:41 - 2018-03-01 14:45 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-01 14:41 - 2018-03-01 14:45 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-01 14:41 - 2018-03-01 14:45 - 000649216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-16 00:55 - 2018-03-16 00:56 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 12:45 - 2018-03-09 12:46 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-09 12:46 - 2018-03-09 12:51 - 001227440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2018-02-05 16:09 - 2018-02-05 16:14 - 004601048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2014-11-20 18:44 - 2014-11-20 18:44 - 001299136 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2016-06-28 18:10 - 2016-06-28 18:10 - 000285184 _____ () C:\AppServ\Apache24\bin\pcre.dll
2017-02-24 19:44 - 2017-01-18 14:10 - 000176128 _____ () C:\AppServ\Apache24\bin\libssh2.dll
2014-11-20 18:20 - 2014-11-20 18:20 - 000194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2014-11-20 18:20 - 2014-11-20 18:20 - 000388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2014-11-20 18:20 - 2014-11-20 18:20 - 000191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2018-07-06 14:32 - 2013-12-10 00:27 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-18 03:34 - 2018-02-27 11:31 - 000001949 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 65.52.240.48 
127.0.0.1 activation.cloud.techsmith.com 
0.0.0.0 activation.cloud.techsmith.com 
0.0.0.0 assets.cloud.techsmith.com 
0.0.0.0 camtasiatudi.techsmith.com 
0.0.0.0 oscount.techsmith.com 
0.0.0.0 tsccloud.cloudapp.net 
0.0.0.0 updater.techsmith.com 
127.0.0.1 65.52.240.48 
127.0.0.1 activation.cloud.techsmith.com 
0.0.0.0 activation.cloud.techsmith.com 
0.0.0.0 assets.cloud.techsmith.com 
0.0.0.0 camtasiatudi.techsmith.com 
0.0.0.0 oscount.techsmith.com 
0.0.0.0 tsccloud.cloudapp.net 
0.0.0.0 updater.techsmith.com 
127.0.0.1 65.52.240.48 
127.0.0.1 activation.cloud.techsmith.com 
0.0.0.0 activation.cloud.techsmith.com 
0.0.0.0 assets.cloud.techsmith.com 
0.0.0.0 camtasiatudi.techsmith.com 
0.0.0.0 oscount.techsmith.com 
0.0.0.0 tsccloud.cloudapp.net 
0.0.0.0 updater.techsmith.com 
127.0.0.1	camtasia.studio.techsmith.com
127.0.0.1 www.techsmith.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1 updater.techsmith.com
127.0.0.1 camtasiatudi.techsmith.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-518511124-2112986350-859192497-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hamza\Downloads\0e585d0950f942923da0b89e753c8fc1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Snagit 12.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\StartupFolder: => "Envoyer à OneNote.lnk"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_3EBD3C99C071D90B38F4CE32377B84BB"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\Run: => "WhatsApp"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\Run: => "Seed4Me"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\Run: => "Feem"
HKU\S-1-5-21-518511124-2112986350-859192497-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A868DC60-7A68-4155-9C64-265446402323}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C3925681-26A6-4F47-9C90-235D105AB0A7}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{FE5ABBC6-B8A6-40B0-A4DA-9A0DA05B3E25}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{40EA8EA7-9E00-46B4-8C24-B934C81F1BC6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{5555F359-F81C-446D-B02A-E5CE94B6F5B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F1DE3DA8-3DC2-441D-B1C3-55744678B95A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{5CF03760-BB8F-4B61-95F4-9FCB2D5C880C}C:\users\hamza\appdata\local\programs\lnv\stremio\stremio.exe] => (Block) C:\users\hamza\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [TCP Query User{0C430216-031E-458D-B208-FCA7247687B0}C:\users\hamza\appdata\local\programs\lnv\stremio\stremio.exe] => (Block) C:\users\hamza\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [{C4B97F77-AE54-4F05-91C3-C956D5D57E5E}] => (Allow) C:\Users\Hamza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2CCFDC3D-92B0-45A2-95B6-A9F859F0AD16}] => (Allow) C:\Users\Hamza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D32AC817-FECD-4115-A5C4-323C3CC13CDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BCAECD9-966A-4A71-90E4-32C243E85EFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{401DA69A-2223-48A3-84DC-960264FE012F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{479F416C-4289-4EA2-8F7C-A106171045A1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{EB618385-D464-4FBE-AB22-2D769EE2D8D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CEEAD58B-1B07-4CB0-ABDC-F78F25BB7E33}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6EFE058B-D0A5-4AB7-A5CC-723CC427F72C}] => (Allow) LPort=8298
FirewallRules: [{1D86E963-64C7-4533-8881-1D8D32FF392A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{3B6B74B2-AEF1-45DA-9B94-FDD8EF41DDF7}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{C6E38776-5367-46E0-9834-214B025E1298}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{5282D93F-2A06-4795-AA5D-AF4A38D0D5E0}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{285A2BCB-C71D-46D1-A976-2D542FC8D948}C:\program files (x86)\phpdesigner 8\phpdesigner.exe] => (Allow) C:\program files (x86)\phpdesigner 8\phpdesigner.exe
FirewallRules: [UDP Query User{B11D2B8E-9361-4CDA-834B-02A72AEC939B}C:\program files (x86)\phpdesigner 8\phpdesigner.exe] => (Allow) C:\program files (x86)\phpdesigner 8\phpdesigner.exe
FirewallRules: [{F72826E9-43B3-4573-AEB4-84B8345E99F0}] => (Allow) C:\Program Files (x86)\Feem 2017\Feem.exe
FirewallRules: [{5E5BB1F7-7E5A-417F-A42D-E5E9B29675E0}] => (Allow) LPort=8318
FirewallRules: [TCP Query User{282F7D73-1241-4B20-892F-70BD6BB6AC9F}C:\users\hamza\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\hamza\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{4994BAC9-B87B-43DD-86CA-14F5BD34EAB2}C:\users\hamza\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\hamza\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [{82436FA1-64CF-4EB2-A055-669FE340ECA2}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{F0348CBD-3D7D-407D-85CE-F75F6A75C6A1}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.64\opera.exe
FirewallRules: [{A679B45C-8AA8-4706-B06C-DFFBDEBCD652}] => (Allow) LPort=1688
FirewallRules: [{84F0579B-F791-4A9A-B888-7FDFC9895CD9}] => (Allow) C:\Program Files (x86)\Opera\53.0.2907.99\opera.exe
FirewallRules: [{50CA36A0-E68A-49D3-8714-174381C772FD}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{7625A5FF-D5AA-4ECD-8811-F6442D2B47BF}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{F8554566-1BDC-4AD1-88AA-ADD32390E593}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1890A2C1-CDF3-44E2-A390-09C0940B79CA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{F6BBF143-39ED-4A9C-8699-71BA9E072CFA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{50C94708-4805-492F-B764-BC6E8861BB66}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{2DA4F3F5-0087-44E7-B20C-B10FAD78FFDB}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe

==================== Restore Points =========================

28-04-2018 00:21:20 Scheduled Checkpoint
03-07-2018 19:39:01 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2018 12:40:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante Microsoft.Photos.exe, version : 2018.18021.12420.0, horodatage : 0x5a8e3c23
Nom du module défaillant : SharedLibrary.dll, version : 1.7.25531.0, horodatage : 0x597af36c
Code d’exception : 0x00001007
Décalage d’erreur : 0x0000000000493b3f
ID du processus défaillant : 0x33b8
Heure de début de l’application défaillante : 0x01d4153e63d683f1
Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Chemin d’accès du module défaillant: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
ID de rapport : 5692bb01-28ae-4959-8c80-db5d47a35fae
Nom complet du package défaillant : Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe
ID de l’application relative au package défaillant : App

Error: (07/06/2018 02:26:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: YOURMOTHER)
Description: Le package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App a été interrompu, car sa suspension a été trop longue.

Error: (07/06/2018 02:26:13 PM) (Source: COM) (EventID: 10031) (User: )
Description: Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a été refusée

Error: (07/06/2018 02:26:01 PM) (Source: COM) (EventID: 10031) (User: )
Description: Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a été refusée

Error: (07/05/2018 05:28:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: YOURMOTHER)
Description: Le package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App a été interrompu, car sa suspension a été trop longue.

Error: (07/04/2018 02:59:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: YOURMOTHER)
Description: Le package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App a été interrompu, car sa suspension a été trop longue.

Error: (07/03/2018 10:32:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: YOURMOTHER)
Description: Le package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App a été interrompu, car sa suspension a été trop longue.

Error: (07/03/2018 07:20:16 PM) (Source: COM) (EventID: 10031) (User: )
Description: Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée


System errors:
=============
Error: (07/07/2018 08:08:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (07/06/2018 11:57:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (07/06/2018 05:23:58 PM) (Source: DCOM) (EventID: 10016) (User: YOURMOTHER)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 et l’APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 au SID YOURMOTHER\Hamza de l’utilisateur (S-1-5-21-518511124-2112986350-859192497-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy du conteneur d’applications (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (07/06/2018 04:24:34 PM) (Source: WinRM) (EventID: 10142) (User: )
Description: Le service Gestion à distance de Windows ne peut pas migrer l’écouteur avec l’adresse * et le transport HTTP. Un écouteur ayant une configuration d’adresse et de transport identique existe déjà.

Error: (07/06/2018 03:49:06 PM) (Source: DCOM) (EventID: 10016) (User: YOURMOTHER)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 et l’APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 au SID YOURMOTHER\Hamza de l’utilisateur (S-1-5-21-518511124-2112986350-859192497-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy du conteneur d’applications (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (07/06/2018 02:28:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service avast! Antivirus.

Error: (07/06/2018 02:27:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service FDResPub.

Error: (07/06/2018 02:27:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service NcdAutoSetup.


Windows Defender:
===================================
Date: 2018-07-05 01:37:45.408
Description: 
Antivirus Windows Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0
Nom : HackTool:Win32/AutoKMS!rfn
ID : 2147692752
Gravité : High
Catégorie : Tool
Chemin : file:_C:\ProgramData\KMSAutoS\KMSAuto Net.exe;file:_C:\WINDOWS\System32\Tasks\KMSAutoNet;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B08CA6C-20C5-4CFC-BBDC-B9663821B0FD};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet;taskscheduler:_C:\WINDOWS\System32\Tasks\KMSAutoNet
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : YOURMOTHER\Hamza
Nom du processus : C:\Users\Hamza\AppData\Roaming\ZHP\ZHPDiag3.exe
Version de la signature : AV: 1.271.473.0, AS: 1.271.473.0, NIS: 119.0.0.0
Version du moteur : AM: 1.1.15000.2, NIS: 2.1.14600.4

Date: 2018-07-05 01:35:16.587
Description: 
Antivirus Windows Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0
Nom : HackTool:Win32/AutoKMS!rfn
ID : 2147692752
Gravité : High
Catégorie : Tool
Chemin : file:_C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : YOURMOTHER\Hamza
Nom du processus : C:\Users\Hamza\AppData\Roaming\ZHP\ZHPDiag3.exe
Version de la signature : AV: 1.271.473.0, AS: 1.271.473.0, NIS: 119.0.0.0
Version du moteur : AM: 1.1.15000.2, NIS: 2.1.14600.4

Date: 2018-07-05 10:11:51.196
Description: 
Antivirus Windows Defender a rencontré une erreur lors d la mise à jour des signatures.
Nouvelle version de la signature : 
Version précédente de la signature : 1.271.473.0
Source de mise à jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise à jour : Complet
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur : 
Version précédente du moteur : 1.1.15000.2
Code d’erreur : 0x80070643
Description de l’erreur : Fatal error during installation. 

Date: 2018-07-05 10:11:48.991
Description: 
Antivirus Windows Defender a rencontré une erreur lors d la mise à jour des signatures.
Nouvelle version de la signature : 
Version précédente de la signature : 
Source de mise à jour : Utilisateur
Type de signature : 
Type de mise à jour : 
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur : 
Version précédente du moteur : 
Code d’erreur : 0x80070652
Description de l’erreur : Another installation is already in progress. Complete that installation before proceeding with this install. 

Date: 2018-07-05 07:45:22.975
Description: 
Antivirus Windows Defender a rencontré une erreur lors d la mise à jour des signatures.
Nouvelle version de la signature : 
Version précédente de la signature : 1.271.473.0
Source de mise à jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise à jour : Complet
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur : 
Version précédente du moteur : 1.1.15000.2
Code d’erreur : 0x80240438
Description de l’erreur : An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2018-01-05 17:16:50.677
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2018-01-05 17:16:49.864
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2018-01-05 17:16:41.932
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2018-01-05 17:16:41.509
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2018-01-05 17:16:31.431
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2018-01-05 17:16:31.054
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2018-01-05 17:16:20.553
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2018-01-05 17:16:20.197
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 65%
Total physical RAM: 6054.96 MB
Available physical RAM: 2107.11 MB
Total Virtual: 7717.71 MB
Available Virtual: 2986.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:687.12 GB) (Free:397.53 GB) NTFS

\\?\Volume{12e73d79-cf0e-11e3-8b1c-201a067be536}\ (System) (Fixed) (Total:1 GB) (Free:0.37 GB) NTFS
\\?\Volume{12e73d7f-cf0e-11e3-8b1c-201a067be536}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{4fa20bef-cdc1-4472-b7bb-295d3d62d527}\ () (Fixed) (Total:0.81 GB) (Free:0.32 GB) NTFS
\\?\Volume{63350bfb-ec94-11e3-8278-f8a96385a9ec}\ (Recovery) (Fixed) (Total:9.49 GB) (Free:0.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================