0 ratings0% found this document useful (0 votes)
173 views41 pagesZHP Diag
The document provides information from a system scan, including details on installed software, services, and system files. Browsers like Chrome and Firefox are listed along with other software such as Adobe Flash and μTorrent. The operating system, hardware details, and disk usage are also summarized. Security settings and the status of various services are outlined.
Uploaded by
Jayaraj PoojaryCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0 ratings0% found this document useful (0 votes)
173 views41 pagesZHP Diag
The document provides information from a system scan, including details on installed software, services, and system files. Browsers like Chrome and Firefox are listed along with other software such as Adobe Flash and μTorrent. The operating system, hardware details, and disk usage are also summarized. Security settings and the status of various services are outlined.
Uploaded by
Jayaraj PoojaryCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 41
~ ZHPDiag v2017.8.21.
141 By Nicolas Coolman (2017/08/21)
~ Run by jayaraj (Administrator) (2017/08/24 12:52:37)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Certificate ZHPDiag: Legal
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\jayaraj\Desktop\ZHPDiag.txt
~ Report: C:\Users\jayaraj\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 10586) =>.Microsoft Corporation
---\\ Internet Browsers (4) - 0s
~ GCIE: Google Chrome v60.0.3112.101
~ MFIE: Mozilla Firefox 55.0.2 (x86 en-US)
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.494.10586.0
---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
---\\ System protection software (2) - 6s
Malwarebytes Anti-Malware version 2.2.1.1043 (Protection)
Windows Defender (Activate) (Protection)
---\\ Surveillance software (1) - 7s
~ Adobe Flash Player 26 NPAPI (Surveillance)
---\\ Sharing software PeerToPeer (1) - 7s
~ µTorrent v3.5.0.43916 (P2P)
---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 4193.524 MB (48% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 236 GB (50%) free of 466 GB : OK =>.Disk Space
---\\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-K1DKFOA
~ User Name: jayaraj
~ Logged in as Administrator
---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 236 GB free of 466 GB (System)
~ Drive E: has 1 GB free of 9 GB
---\\ State of the Windows Security Center (7) - 0s
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
NoActiveDesktopChanges: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\policies\system]
EnableLUA: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folde
r\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folde
r\Hidden\SHOWALL] CheckedValue: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
Application: OK
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM64\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
---\\ Search Generic System Files (24) - 3s
[MD5.E396258CFD8F84E8F2C24930E6D88C67] - 13/07/2016 - (.Microsoft Corporation -
Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4515256] =>.Microsoft Windows®
[MD5.0DCB89B1F3689BC6262FF30BBD603171] - 30/10/2015 - (.Microsoft Corporation -
Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [59392]
=>.Microsoft Corporation
[MD5.C1C81AAF533552B3C4D9F11A5FF97700] - 13/07/2016 - (.Microsoft Corporation -
Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [291360]
=>.Microsoft Windows Publisher®
[MD5.1EEBC6859473037A1A671738AD083C7D] - 13/07/2016 - (.Microsoft Corporation -
Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [3026944]
=>.Microsoft Corporation
[MD5.5C156EC4E44E30331BCC865A3B61D839] - 13/07/2016 - (.Microsoft Corporation -
Windows Logon Application.) -- C:\WINDOWS\System32\Winlogon.exe [585728]
=>.Microsoft Corporation
[MD5.9EEAA1B69DC3FD620AE576CC8F4147DC] - 30/10/2015 - (.Microsoft Corporation -
Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [430592]
=>.Microsoft Corporation
[MD5.9A3E17CDB177913C2A111C80F3D0DBB4] - 13/07/2016 - (.Microsoft Corporation - DNS
Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [686976] =>.Microsoft Windows®
[MD5.6A7ACABAE92C837F5C1330188EAE36AE] - 13/07/2016 - (.Microsoft Corporation - DNS
Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [535080] =>.Microsoft Windows®
[MD5.70148EFA9A562E7185B75BBE7D376BF7] - 13/07/2016 - (.Microsoft Corporation -
Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys
[578912] =>.Microsoft Windows®
[MD5.492B99D2E3D5D7BFD5F0AE1BE7BD37DD] - 30/10/2015 - (.Microsoft Corporation -
ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [28512]
=>.Microsoft Windows®
[MD5.7F9C7226D743B232907ED2537B8A574F] - 30/10/2015 - (.Microsoft Corporation - CD-
ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [92672]
=>.Microsoft Corporation
[MD5.82D97776BF982AA143BDC7DFB5054EA8] - 30/10/2015 - (.Microsoft Corporation -
SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [173568]
=>.Microsoft Corporation
[MD5.935823F79CBEDB91637B63D37E3A5A36] - 13/07/2016 - (.Microsoft Corporation - DFS
Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [148480]
=>.Microsoft Corporation
[MD5.84BC034B6BB763733C1949B7B9BAF976] - 30/10/2015 - (.Microsoft Corporation -
High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys
[79872] =>.Microsoft Corporation
[MD5.53FDD9E69189E546DE4740F8C4D8AB2F] - 30/10/2015 - (.Microsoft Corporation -
i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [114688]
=>.Microsoft Corporation
[MD5.9E5E8F2A1996F23B7E9687846AA81B01] - 30/10/2015 - (.Microsoft Corporation - IP
Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [143360]
=>.Microsoft Corporation
[MD5.0B3B0C1D86050355676640488FA897D3] - 13/07/2016 - (.Microsoft Corporation -
Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [430944]
=>.Microsoft Windows®
[MD5.C03E926B0E7D66D68994067231DC3246] - 13/07/2016 - (.Microsoft Corporation - MBT
Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [278528] =>.Microsoft
Corporation
[MD5.19BD8A88AAC580592668B070AC0727D9] - 13/07/2016 - (.Microsoft Corporation - NT
File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2152280]
=>.Microsoft Windows®
[MD5.7D0FC96264C0F8F2C1321E33E8EB646C] - 30/10/2015 - (.Microsoft Corporation -
Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [96768]
=>.Microsoft Corporation
[MD5.E3C82823B22463BC38AA4F8ADA852624] - 13/07/2016 - (.Microsoft Corporation - RAS
L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys
[104960] =>.Microsoft Corporation
[MD5.1DC2CC74B51E4DC4CD5A20C1021E4010] - 30/10/2015 - (.Microsoft Corporation -
Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [173056]
=>.Microsoft Corporation
[MD5.91D3F2A6253EF83EFBD7903028F58C4D] - 13/07/2016 - (.Microsoft Corporation - TDI
Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [118624] =>.Microsoft
Windows®
[MD5.E1F91A727A04C9F8199D04FF3BBBF63C] - 30/10/2015 - (.Microsoft Corporation -
Volume Shadow Copy Driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [414560]
=>.Microsoft Windows®
---\\ Non Microsoft non disabled Windows Services (12) - 3s
O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple
Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe =>.Apple Inc.®
O23 - Service: Avira Phantom VPN (AviraPhantomVPN) . (.Avira Operations GmbH & Co.
KG - Avira.VpnService.) - C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
=>.Avira Operations GmbH & Co. KG®
O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.)
- C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google
Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) . (.SurfRight B.V. -
HitmanPro Scheduler.) - C:\Program Files\HitmanPro\hmpsched.exe =>.SurfRight B.V.®
O23 - Service: HPTurtle Service (HPTurtle Service) . (...) - C:\Program Files
(x86)\HPTurtle\HPTurtleSrv.exe (.not file.)
O23 - Service: KMS-R@1n (KMS-R@1n) . (...) - C:\Windows\KMS-R@1n.exe
=>HackTool.WinActivator
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) . (.NVIDIA
Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA
Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) .
(.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA
Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) . (.NVIDIA
Corporation - NVIDIA Container.) - C:\Program Files (x86)\NVIDIA
Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
O23 - Service: TMhardwareHelp (TMhardwareHelp) . (...) -
C:\Windows\SysWOW64\TMhardwareHelp.dll =>.SUP.SuspiciousCloud
O23 - Service: Windows Defender Helper Service (Windows 1703 Creators Upda
(WinDefender) . (...) - C:\Windows\windefender.exe
---\\ Services not Microsoft (SR=Run, SS=Stop) (16) - 41s
SR - Auto [03/04/2017] [ 83768] Apple Mobile Device Service (Apple Mobile
Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile
Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
SR - Auto [13/07/2017] [ 322616] Avira Phantom VPN (AviraPhantomVPN) . (.Avira
Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
=>.Avira Operations GmbH & Co. KG®
SR - Auto [12/08/2015] [ 462096] Bonjour Service (Bonjour Service) . (.Apple
Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
SS - Auto [25/07/2017] [ 153168] Google Update Service (gupdate) (gupdate) .
(.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google
Inc®
SS - Demand [25/07/2017] [ 153168] Google Update Service (gupdatem) (gupdatem) .
(.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google
Inc®
SR - Auto [24/08/2017] [ 135488] HitmanPro Scheduler (HitmanProScheduler) .
(.SurfRight B.V..) - C:\Program Files\HitmanPro\hmpsched.exe =>.SurfRight B.V.®
SR - Demand [14/07/2017] [ 689976] iPod Service (iPod Service) . (.Apple Inc..) -
C:\Program Files\iPod\bin\iPodService.exe =>.Apple Inc.®
SS - Demand [17/06/2013] [ 954368] JumpStart Wi-Fi Protected Setup (jswpsapi) .
(.Wireless.) - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration
Utility\WPS\jswpsapi.exe
SR - Auto [02/05/2017] [ 26112] KMS-R@1n (KMS-R@1n) . (...) - C:\Windows\KMS-
R@1n.exe =>HackTool.WinActivator
SS - Demand [18/08/2017] [ 175568] Mozilla Maintenance Service
(MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla
Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SR - Auto [26/04/2017] [ 492664] NVIDIA LocalSystem Container
(NvContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA
Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
SS - Demand [26/04/2017] [ 492664] NVIDIA NetworkService Container
(NvContainerNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA
Corporation\NvContainer\nvcontainer.exe =>.NVIDIA Corporation®
SR - Auto [02/05/2017] [ 462968] NVIDIA Display Container LS
(NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA
Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®
SR - Auto [02/05/2017] [ 449984] NVIDIA Telemetry Container
(NvTelemetryContainer) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA
Corporation\NvTelemetry\NvTelemetryContainer.exe =>.NVIDIA Corporation®
SR - Auto [21/08/2017] [ 455976] TMhardwareHelp (TMhardwareHelp) . (...) -
C:\Windows\SysWOW64\TMhardwareHelp.dll =>.SUP.SuspiciousCloud
SR - Auto [ 0] [ 0] Windows Defender Helper Service (Windows 1703
Creators Upda (WinDefender) . (...) - C:\Windows\windefender.exe
---\\ Task Planned Automatically (33) - 34s
[MD5.42F96B9F7FAAA4E1BF4FCD73E7DBCA39] [APT] [Compare Clipboard Software] (...) --
C:\Program Files\Compare Clipboard Software\Compare Clipboard Software.dll
[2265088] (.Activate.)
[MD5.0545A3EB959CFA4790D267BFB8C1ACA4] [APT] [GoogleUpdateTaskMachineCore] (.Google
Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168]
(.Activate.) =>.Google Inc®
[MD5.0545A3EB959CFA4790D267BFB8C1ACA4] [APT] [GoogleUpdateTaskMachineUA] (.Google
Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168]
(.Activate.) =>.Google Inc®
[MD5.2497C55CA4DB59E3D259598056ED55E3] [APT] [NvDriverUpdateCheckDaily_{B2FE1952-
0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA
Corporation\NvContainer\nvcontainer.exe [492664] (.Activate.) =>.NVIDIA
Corporation®
[MD5.AA1E7969688D88359C9C89B5F056E99E] [APT] [NvNodeLauncher_{B2FE1952-0186-46C3-
BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA
Corporation\NvNode\nvnodejslauncher.exe [946296] (.Activate.) =>.NVIDIA
Corporation®
[MD5.3C10EA636881D4F9DD5A220C386865B2] [APT] [NvProfileUpdaterDaily_{B2FE1952-0186-
46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA
Corporation\Update Core\NvProfileUpdater64.exe [647800] (.Activate.) =>.NVIDIA
Corporation®
[MD5.3C10EA636881D4F9DD5A220C386865B2] [APT] [NvProfileUpdaterOnLogon_{B2FE1952-
0186-46C3-BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files\NVIDIA
Corporation\Update Core\NvProfileUpdater64.exe [647800] (.Activate.) =>.NVIDIA
Corporation®
[MD5.080F6AF4C997883371DB5D0C6D5EA68A] [APT] [NvTmMon_{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA
Corporation\Update Core\NvTmMon.exe [436344] (.Activate.) =>.NVIDIA Corporation®
[MD5.7819B68E97730AB10907961D4E6ED306] [APT] [NvTmRepOnLogon_{B2FE1952-0186-46C3-
BAEC-A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA
Corporation\Update Core\NvTmRep.exe [720504] (.Activate.) =>.NVIDIA Corporation®
[MD5.7819B68E97730AB10907961D4E6ED306] [APT] [NvTmRep_{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8}] (.NVIDIA Corporation.) -- C:\Program Files (x86)\NVIDIA
Corporation\Update Core\NvTmRep.exe [720504] (.Activate.) =>.NVIDIA Corporation®
[MD5.00000000000000000000000000000000] [APT] [TnqpiRJoXWMCwN] (...) -- rundll32
"C:\Program Files (x86)\GXZiGyYLSHyU2\Z2gPVNB.dll (.not file.) [0] (.Activate.)
=>.SUP.Empty
[MD5.00000000000000000000000000000000] [APT] [uuxHwpnMkRCRpJh] (...) -- rundll32
"C:\Program Files (x86)\thzXuJvjU\kfh9gwS.dll (.not file.) [0] (.Activate.)
=>.SUP.Empty
[MD5.00000000000000000000000000000000] [APT] [uuxHwpnMkRCRpJh2] (...) -- rundll32
"C:\Program Files (x86)\thzXuJvjU\kfh9gwS.dll (.not file.) [0] (.Activate.)
=>.SUP.Empty
[MD5.2AEDCCA604B6A8808DBA746AFC5D9B4A] [APT] [Apple\AppleSoftwareUpdate] (.Apple
Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
[570240] (.Activate.) =>.Apple Inc.®
[MD5.00000000000000000000000000000000] [APT]
[Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup] (...) --
C:\WINDOWS\system32\AppxDeploymentClient.dll (.not file.) [0] (.Activate.)
=>.SUP.Empty
[MD5.00000000000000000000000000000000] [APT]
[Microsoft\Windows\DiskFootprint\StorageSense] (...) --
C:\WINDOWS\system32\StorageUsage.dll (.not file.) [0] (.Activate.) =>.SUP.Empty
O39 - APT: Unknown - (.Legitimate.) --
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [214]
O39 - APT: uuxHwpnMkRCRpJh - (...) -- C:\WINDOWS\Tasks\uuxHwpnMkRCRpJh.job [326]
(.Orphan.) =>.SUP.Orphan
O39 - APT: 332362554ef29ed673be2b7cb227d9f1 - (...) --
C:\WINDOWS\System32\Tasks\332362554ef29ed673be2b7cb227d9f1 [3294] (.Orphan.)
=>.SUP.Orphan
O39 - APT: Compare Clipboard Software - (...) -- C:\WINDOWS\System32\Tasks\Compare
Clipboard Software [16896]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) --
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore [3292] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) --
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA [3416] =>.Google Inc®
O39 - APT: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -
(.NVIDIA Corporation.) --
C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8} [4308] =>.NVIDIA Corporation®
O39 - APT: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA
Corporation.) -- C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8} [3994] =>.NVIDIA Corporation®
O39 - APT: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA
Corporation.) -- C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-
46C3-BAEC-A80AA35AC5B8} [3894] =>.NVIDIA Corporation®
O39 - APT: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -
(.NVIDIA Corporation.) --
C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8} [3654] =>.NVIDIA Corporation®
O39 - APT: NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.)
-- C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3858]
=>.NVIDIA Corporation®
O39 - APT: NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA
Corporation.) -- C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-
A80AA35AC5B8} [3696] =>.NVIDIA Corporation®
O39 - APT: NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - (.NVIDIA Corporation.)
-- C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3866]
=>.NVIDIA Corporation®
O39 - APT: Unknown - (.Microsoft Corporation.) --
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1084577546-
2084351412-2160391770-1001 [3382] =>.Microsoft Corporation
O39 - APT: TnqpiRJoXWMCwN - (...) -- C:\WINDOWS\System32\Tasks\TnqpiRJoXWMCwN
[3202] (.Orphan.) =>.SUP.Orphan
O39 - APT: uuxHwpnMkRCRpJh - (...) -- C:\WINDOWS\System32\Tasks\uuxHwpnMkRCRpJh
[2646] (.Orphan.) =>.SUP.Orphan
O39 - APT: uuxHwpnMkRCRpJh2 - (...) -- C:\WINDOWS\System32\Tasks\uuxHwpnMkRCRpJh2
[2866] (.Orphan.) =>.SUP.Orphan
---\\ Auto loading programs from Registry and folders (26) - 2s
O4 - HKLM\..\Run: [ShadowPlay] . (.Microsoft Corporation - Windows host process
(Rundll32).) -- C:\WINDOWS\system32\rundll32.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program
Files\iTunes\iTunesHelper.exe =>.Apple Inc.®
O4 - HKLM\..\RunOnce: [DESKTOP-K1DKFOA] . (...) -- C:\Windows\Temp\gCC29.tmp.exe
O4 - HKCU\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) --
C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft
Corporation®
O4 - HKCU\..\Run: [LonelyScreen] . (...) -- C:\Program Files
(x86)\LonelyScreen\lonelyscreen.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) --
C:\Users\jayaraj\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) --
C:\Program Files (x86)\Steam\steam.exe =>.Valve®
O4 - HKCU\..\Run: [xexjco12vxr] . (.2336 - Install Agent Crash Handler.) --
C:\Users\jayaraj\AppData\Roaming\vih0i4ppomh\yj4xtnjdfxn.exe =>Adware.Wizzcaster
O4 - HKCU\..\Run: [qd4gzom43ik] . (.2336 - Install Agent Crash Handler.) --
C:\Users\jayaraj\AppData\Roaming\nliv5o3vlkr\2iotuzmloyu.exe =>Adware.Wizzcaster
O4 - HKCU\..\Run: [zw0q2rmobpj] . (.2336 - Install Agent Crash Handler.) --
C:\Users\jayaraj\AppData\Roaming\0erxqiidsmq\eeaymxtv0dp.exe =>Adware.Wizzcaster
O4 - HKCU\..\Run: [CG0M3JASE790KCZ] -- C:\Program Files\TAB3CUNX5O\TAB3CUNX5.exe
(.not file.)
O4 - HKCU\..\Run: [M10ZSGCDMJ90DLC] -- C:\Program Files\PZ70HVZTHZ\PZ70HVZTH.exe
(.not file.)
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java
Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java
Update\jusched.exe =>.Oracle America, Inc.®
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION -
EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event
Manager\EEventManager.exe =>.SEIKO EPSON CORPORATION®
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft
Office 2010 component.) -- C:\Program Files (x86)\Microsoft
Office\Office14\BCSSync.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft
OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft
Corporation®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft
OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft
Corporation®
O4 - HKUS\S-1-5-21-1084577546-2084351412-2160391770-1001\..\Run: [OneDrive] .
(.Microsoft Corporation - Microsoft OneDrive.) --
C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft
Corporation®
O4 - HKUS\S-1-5-21-1084577546-2084351412-2160391770-1001\..\Run: [LonelyScreen] .
(...) -- C:\Program Files (x86)\LonelyScreen\lonelyscreen.exe
O4 - HKUS\S-1-5-21-1084577546-2084351412-2160391770-1001\..\Run: [uTorrent] .
(.BitTorrent Inc. - µTorrent.) --
C:\Users\jayaraj\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - HKUS\S-1-5-21-1084577546-2084351412-2160391770-1001\..\Run: [Steam] . (.Valve
Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe
=>.Valve®
O4 - HKUS\S-1-5-21-1084577546-2084351412-2160391770-1001\..\Run: [xexjco12vxr] .
(.2336 - Install Agent Crash Handler.) --
C:\Users\jayaraj\AppData\Roaming\vih0i4ppomh\yj4xtnjdfxn.exe =>Adware.Wizzcaster
O4 - HKUS\S-1-5-21-1084577546-2084351412-2160391770-1001\..\Run: [qd4gzom43ik] .
(.2336 - Install Agent Crash Handler.) --
C:\Users\jayaraj\AppData\Roaming\nliv5o3vlkr\2iotuzmloyu.exe =>Adware.Wizzcaster
O4 - HKUS\S-1-5-21-1084577546-2084351412-2160391770-1001\..\Run: [zw0q2rmobpj] .
(.2336 - Install Agent Crash Handler.) --
C:\Users\jayaraj\AppData\Roaming\0erxqiidsmq\eeaymxtv0dp.exe =>Adware.Wizzcaster
O4 - HKUS\S-1-5-21-1084577546-2084351412-2160391770-1001\..\Run: [CG0M3JASE790KCZ]
-- C:\Program Files\TAB3CUNX5O\TAB3CUNX5.exe (.not file.)
O4 - HKUS\S-1-5-21-1084577546-2084351412-2160391770-1001\..\Run: [M10ZSGCDMJ90DLC]
-- C:\Program Files\PZ70HVZTHZ\PZ70HVZTH.exe (.not file.)
---\\ Process running (37) - 5s
[MD5.2AE5694D8A4CB9E28FE8BF042E064180] - (.NVIDIA Corporation - NVIDIA Container.)
-- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
[462968] [PID.504] =>.NVIDIA Corporation®
[MD5.2AE5694D8A4CB9E28FE8BF042E064180] - (.NVIDIA Corporation - NVIDIA Container.)
-- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
[462968] [PID.1360] =>.NVIDIA Corporation®
[MD5.A6FFE56E72D6C500A0D2AA0843630D40] - (.SurfRight B.V. - HitmanPro Scheduler.)
-- C:\Program Files\HitmanPro\hmpsched.exe [135488] [PID.1592] =>.SurfRight B.V.®
[MD5.0F9FD9565E6EB157FA9BE11ED9C1DC9F] - (...) -- C:\Windows\KMS-R@1n.exe [26112]
[PID.2224] =>HackTool.WinActivator
[MD5.0D5CB95D0DFDC38D4D80E63CE36837ED] - (.Avira Operations GmbH & Co. KG -
Avira.VpnService.) -- C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
[322616] [PID.2280] =>.Avira Operations GmbH & Co. KG®
[MD5.7DEFAE8665BCEDDC2C9983138D69D7A5] - (.Apple Inc. - MobileDeviceService.) --
C:\Program Files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe [83768] [PID.2368] =>.Apple Inc.®
[MD5.B5C2F92EE1106DFE7BB1CCE4D35B6037] - (.Apple Inc. - Bonjour Service.) --
C:\Program Files\Bonjour\mDNSResponder.exe [462096] [PID.2396] =>.Apple Inc.®
[MD5.2497C55CA4DB59E3D259598056ED55E3] - (.NVIDIA Corporation - NVIDIA Container.)
-- C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492664]
[PID.2432] =>.NVIDIA Corporation®
[MD5.16006A9892E8AB4BFD4D555740E97CE1] - (.NVIDIA Corporation - NVIDIA Container.)
-- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
[449984] [PID.2444] =>.NVIDIA Corporation®
[MD5.00000000000000000000000000000000] - (...) -- C:\Windows\windefender.exe
[3315200] [PID.2600]
[MD5.9E4D3D29698492912B38A688F2B875B4] - (.SurfRight B.V. - HitmanPro 3.7.) --
C:\Program Files\HitmanPro\HitmanPro.exe [11584088] [PID.3536] =>.SurfRight B.V.®
[MD5.DDBF6306076003C7FD14A07753D21B26] - (.NVIDIA Corporation - NVIDIA Container.)
-- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [448120]
[PID.4048] =>.NVIDIA Corporation®
[MD5.BB8E7C63BAC1C3856C80CA57DA40888D] - (...) -- C:\Program
Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
[44032] [PID.3172] =>.Skype Technologies
[MD5.FAED18897A2803598507657C5099ACDA] - (...) --
C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe [208384] [PID.4464]
[MD5.5624E208D204E77166A9F2CD83037A74] - (.NVIDIA Corporation - NVIDIA Settings.)
-- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2457720] [PID.1248]
=>.NVIDIA Corporation®
[MD5.B9D6C3C32FAB7DB4BC4DA90563B84765] - (.Apple Inc. - iTunesHelper.) --
C:\Program Files\iTunes\iTunesHelper.exe [303928] [PID.5744] =>.Apple Inc.®
[MD5.98A323AB6F55E1EBB514CE831F6F7467] - (...) -- C:\Program Files
(x86)\LonelyScreen\LonelyScreen.exe [23334400] [PID.5780]
[MD5.1EFB6E92F0986E3E12C53102D155DE2E] - (.BitTorrent Inc. - µTorrent.) --
C:\Users\jayaraj\AppData\Roaming\uTorrent\uTorrent.exe [2406080] [PID.5928]
=>.BitTorrent Inc®
[MD5.5614A72C29D1BBEAD78FE507013B2488] - (.Valve Corporation - Steam Client
Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe [3062560] [PID.5948]
=>.Valve®
[MD5.378EF0CEE487977634821E4DFF86F37B] - (.BitTorrent Inc. - WebHelper.) --
C:\Users\jayaraj\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
[396992] [PID.3152] =>.BitTorrent Inc®
[MD5.9B24DED2B57F2E47A78BE6B1BC87F3DD] - (.Apple Inc. - iPodService Module (64-
bit).) -- C:\Program Files\iPod\bin\iPodService.exe [689976] [PID.4116] =>.Apple
Inc.®
[MD5.24DB425DD1D3590B43DC696BEE1BE78E] - (.2336 - Install Agent Crash Handler.) --
C:\Users\jayaraj\AppData\Roaming\vih0i4ppomh\yj4xtnjdfxn.exe [8192] [PID.5392]
=>Adware.Wizzcaster
[MD5.24DB425DD1D3590B43DC696BEE1BE78E] - (.2336 - Install Agent Crash Handler.) --
C:\Users\jayaraj\AppData\Roaming\nliv5o3vlkr\2iotuzmloyu.exe [8192] [PID.5668]
=>Adware.Wizzcaster
[MD5.378EF0CEE487977634821E4DFF86F37B] - (.BitTorrent Inc. - WebHelper.) --
C:\Users\jayaraj\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
[396992] [PID.5600] =>.BitTorrent Inc®
[MD5.24DB425DD1D3590B43DC696BEE1BE78E] - (.2336 - Install Agent Crash Handler.) --
C:\Users\jayaraj\AppData\Roaming\0erxqiidsmq\eeaymxtv0dp.exe [8192] [PID.5564]
=>Adware.Wizzcaster
[MD5.B167ED48776952DC7DC899DD22267146] - (...) -- C:\Program Files (x86)\TP-
LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [847360] [PID.3580]
[MD5.C9B991D112CA3A93AEC9F5BBB97C3944] - (...) --
C:\Users\jayaraj\AppData\Roaming\msvcdata\msvc.exe [532992] [PID.5716]
[MD5.A443A7C05ABF0FCD16E89593F63B633B] - (.Oracle Corporation - Java Update
Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
[587288] [PID.6200] =>.Oracle America, Inc.®
[MD5.F17FFAF69E1AF3D0A010FD4749148981] - (.SEIKO EPSON CORPORATION - EEventManager
Application.) -- C:\Program Files (x86)\Epson Software\Event
Manager\EEventManager.exe [1087184] [PID.6228] =>.SEIKO EPSON CORPORATION®
[MD5.16B80296B8CECEC5E524C52AFB29AF3B] - (...) -- C:\Windows\Temp\gD8AD.tmp.exe
[566272] [PID.4320] =>Heuristic.Suspect
[MD5.E067E0D9AAF8DB409BF2FDFBA2F85AB4] - (.Node.js - NVIDIA Web Helper Service.) --
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [15553656]
[PID.3380] =>.NVIDIA Corporation®
[MD5.EEAB6D5CF73C032ACC2C6A2EB1ABDECB] - (.Mozilla Corporation - Firefox.) --
C:\Program Files (x86)\Mozilla Firefox\firefox.exe [532432] [PID.7580] =>.Mozilla
Corporation®
[MD5.EEAB6D5CF73C032ACC2C6A2EB1ABDECB] - (.Mozilla Corporation - Firefox.) --
C:\Program Files (x86)\Mozilla Firefox\firefox.exe [532432] [PID.720] =>.Mozilla
Corporation®
[MD5.EEAB6D5CF73C032ACC2C6A2EB1ABDECB] - (.Mozilla Corporation - Firefox.) --
C:\Program Files (x86)\Mozilla Firefox\firefox.exe [532432] [PID.5260] =>.Mozilla
Corporation®
[MD5.EEAB6D5CF73C032ACC2C6A2EB1ABDECB] - (.Mozilla Corporation - Firefox.) --
C:\Program Files (x86)\Mozilla Firefox\firefox.exe [532432] [PID.7424] =>.Mozilla
Corporation®
[MD5.374C85D02B8D27E7C70CFAF5B516D518] - (.Nicolas Coolman - ZHPDiag.) --
C:\Users\jayaraj\Downloads\ZHPDiag3.exe [2815872] [PID.7084] =>.Nicolas Coolman
[MD5.DC30CFD21BBB742C10E3621D5B506780] - (...) -- C:\Windows\KMS-R@1nHook.exe
[5120] [PID.3692] =>HackTool.AutoKMS
---\\ Google Chrome, Start,Search,Extensions (9) - 1s
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek]
=>.Google Inc. {Slides}
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake]
=>.Google Inc. {Docs}
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf]
http://drive.google.com/ =>.Google Inc. {Drive}
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo]
http://www.youtube.com =>.Youtube {Youtube}
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap]
=>.Google Inc. {Sheets}
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi]
=>.Google Inc. {Docs hors connexion}
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda]
=>.Google Inc. {Wallet}
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia]
http://mail.google.com/ =>.Google Inc. {Gmail}
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome
Media Router =>.Google Inc.
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (10) - 2s
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla
Firefox\browser\features\aushelper@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla
Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi =>.Mozilla
Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla
Firefox\browser\features\e10srollout@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla
Firefox\browser\features\firefox@getpocket.com.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla
Firefox\browser\features\followonsearch@mozilla.com.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla
Firefox\browser\features\screenshots@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla
Firefox\browser\features\shield-recipe-client@mozilla.org.xpi =>.Mozilla
Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla
Firefox\browser\features\webcompat@mozilla.org.xpi =>.Mozilla Corporation
P2 - EXT: (.Company Inc. - Adblocker for Youtube™.) -- C:\Program Files
(x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59}
=>Adware.CloudAtlas
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) --
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll =>.Adobe Systems
Incorporated
---\\ Internet Explorer Extensions, Start, Search (21) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://
%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?
p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxloezufognkauwh1gqyuaj0fqkffz8swziqzcedvw3uhm
bsque4bw2sern5cdglnxaxzl5wubm_svgwzryxfbsmimjpcjgtkewm7c2wyzm9memfr26i4hmtu2pftzn6n
_j12lenkqtw6c0yczxxyl4jnnq4ljw30hq9tr4ftia,,&q={searchterms} =>.SUP.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://
%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?
p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxloezufognkauwh1gqyuaj0fqkffz8swziqzcedvw3uhm
bsque4bw2sern5cdglnxaxzl5wubm_svgwzryxfbsmimjpcjgtkewm7c2wyzm9memfr26i4hmtu2pftzn6n
_j12lenkqtw6c0yczxxyl4jnnq4ljw30hq9tr4ftia,,&q={searchterms} =>.SUP.Linkury
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page =
about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://
%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?
p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxloezufognkauwh1gqyuaj0fqkffz8swziqzcedvw3uhm
bsque4bw2sern5cdglnxaxzl5wubm_svgwzryxfbsmimjpcjgtkewm7c2wyzm9memfr26i4hmtu2pftzn6n
_j12lenkqtw6c0yczxxyl4jnnq4ljw30hq9tr4ftia,,&q={searchterms} =>.SUP.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://
%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?
p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxloezufognkauwh1gqyuaj0fqkffz8swziqzcedvw3uhm
bsque4bw2sern5cdglnxaxzl5wubm_svgwzryxfbsmimjpcjgtkewm7c2wyzm9memfr26i4hmtu2pftzn6n
_j12lenkqtw6c0yczxxyl4jnnq4ljw30hq9tr4ftia,,&q={searchterms} =>.SUP.Linkury
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page
= about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page
= about:securityrisk =>.Microsoft Corporation
R1 - HKEY_USERS\S-1-5-21-1084577546-2084351412-2160391770-
1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://
%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?
p=mko_awfzxipyrahdgkbrhojyn9_5edl7qppmxloezufognkauwh1gqyuaj0fqkffz8swziqzcedvw3uhm
bsque4bw2sern5cdglnxaxzl5wubm_svgwzryxfbsmimjpcjgtkewm7c2wyzm9memfr26i4hmtu2pftzn6n
_j12lenkqtw6c0yczxxyl4jnnq4ljw30hq9tr4ftia,,&q={searchterms} =>.SUP.Linkury
R3 - URLSearchHook: (no name)[HKCU] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} .
(.Microsoft Corporation - Internet Browser.) (11.00.10586.17 (th2_release.151121-
2308)) -- C:\Windows\SysWOW64\ieframe.dll =>.Microsoft Corporation
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV9
= 1
---\\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride
= *.local
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
http=127.0.0.1:8080;https=127.0.0.1:8080
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable =
1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy
= 1
R5 -
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies
[1http=127.0.0.1:8080;https=127.0.0.1:8080]
---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.)
=>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=
---\\ Hosts file redirection (184) - 1s
O1 - Hosts: 127.0.0.1 gf.tools.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 pair.ff.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 ipm-provider.ff.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 id.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v4618535.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v4618535.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v4618535.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v4618535.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v4618535.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v7.stats.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v7event.stats.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 sm00.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 submit5.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 geoip.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w9448963.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w9448963.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w9448963.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w9448963.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w9448963.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w9448963.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v7630928.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v7630928.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v7630928.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v7630928.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v7630928.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v7630928.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f5136535.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f5136535.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f5136535.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f5136535.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f5136535.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f5136535.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9743321.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9743321.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9743321.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9743321.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9743321.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9743321.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 x6055396.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 x6055396.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 x6055396.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 x6055396.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 x6055396.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 x6055396.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t3036159.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t3036159.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t3036159.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t3036159.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t3036159.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t3036159.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f6761140.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f6761140.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f6761140.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f6761140.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f6761140.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f6761140.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p4085325.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p4085325.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p4085325.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p4085325.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p4085325.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p4085325.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 g0511470.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 g0511470.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 g0511470.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 g0511470.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 g0511470.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 g0511470.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 k6375621.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 k6375621.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 k6375621.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 k6375621.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 k6375621.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 k6375621.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 r5525652.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 r5525652.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 r5525652.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 r5525652.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 r5525652.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 r5525652.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v6834318.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v6834318.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v6834318.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v6834318.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v6834318.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 v6834318.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 y9663457.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 y9663457.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 y9663457.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 y9663457.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 y9663457.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 y9663457.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h1874089.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h1874089.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h1874089.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h1874089.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h1874089.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h1874089.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 l5978727.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 l5978727.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 l5978727.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 l5978727.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 l5978727.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 l5978727.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 j8087387.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 j8087387.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 j8087387.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 j8087387.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 j8087387.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 j8087387.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d3116203.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d3116203.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d3116203.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d3116203.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d3116203.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d3116203.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h0637628.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h0637628.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h0637628.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h0637628.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h0637628.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 h0637628.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f7031642.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f7031642.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f7031642.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f7031642.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f7031642.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 f7031642.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w6607332.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w6607332.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w6607332.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w6607332.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w6607332.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 w6607332.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s4705686.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s4705686.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s4705686.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s4705686.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s4705686.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s4705686.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s7284151.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s7284151.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s7284151.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s7284151.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s7284151.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 s7284151.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t5730298.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t5730298.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t5730298.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t5730298.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t5730298.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 t5730298.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2217299.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2217299.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2217299.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2217299.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2217299.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2217299.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2461313.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2461313.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2461313.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2461313.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2461313.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z2461313.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9820048.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9820048.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9820048.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9820048.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9820048.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 z9820048.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d0211227.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d0211227.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d0211227.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d0211227.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d0211227.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 d0211227.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p3713387.iavs9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p3713387.ivps9x.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p3713387.ivps9tiny.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p3713387.vpsnitro.u.avast.com =>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p3713387.vpsnitrotiny.u.avast.com
=>PUM.Misplaced.Certificate
O1 - Hosts: 127.0.0.1 p3713387.iavs5x.u.avast.com =>PUM.Misplaced.Certificate
~ Nombre lignes détournées 361/447 (Hosts file redirected)
---\\ Browser Helper Object (BHO) (4) - 1s
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-
0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace
Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
=>.Microsoft Corporation®
O2 - BHO: Easy Photo Print [64Bits] - {9421DD08-935F-4701-A9CA-22DF90AC4EA6}
(.Orphan.)
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} .
(.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program
Files (x86)\Microsoft Office\Office14\URLREDIR.DLL =>.Microsoft Corporation®
O2 - BHO: YoutubeAdBlock [64Bits] - {C0D38E5A-7CF8-4105-8FE8-31B81443A114} . (...)
-- C:\Program Files (x86)\QYERbvxRHIE\k1I0YMX59.dll (.not file.)
=>PUP.Optional.YouTubeAdBlock
---\\ Global shortcuts Startup (74) - 10s
O4 - GS\Desktop [Administrator]: Google Chrome.lnk . (.Google Inc. - Google
Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google
Inc®
O4 - GS\Desktop [Administrator]: Launcher Avira Phantom VPN - Shortcut.lnk .
(.Avira Operations GmbH & Co. KG - Launcher Avira Phantom VPN.) C:\Program Files
(x86)\Avira\VPN\Launcher Avira Phantom VPN.exe =>.Avira Operations GmbH & Co. KG
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.)
C:\Users\jayaraj\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)
C:\Users\jayaraj\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google
Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google
Inc®
O4 - GS\Quicklaunch [Administrator]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)
C:\Users\jayaraj\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft
Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation -
Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft
Corporation
O4 - GS\Startup [Administrator]: msvc.lnk . (...)
C:\Users\jayaraj\AppData\Roaming\msvcdata\msvc.exe -B -o a.pool.ml:443 -b
a.pool.ml:80 --nicehash -t 1 --av 2 --safe
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation -
Microsoft OneDrive.) C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\OneDrive.exe
=>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Optional Features.lnk . (.Microsoft Corporation -
Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft
Corporation
O4 - GS\Desktop [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [Guest]: Launcher Avira Phantom VPN - Shortcut.lnk . (.Avira
Operations GmbH & Co. KG - Launcher Avira Phantom VPN.) C:\Program Files
(x86)\Avira\VPN\Launcher Avira Phantom VPN.exe =>.Avira Operations GmbH & Co. KG
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.)
C:\Users\jayaraj\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)
C:\Users\jayaraj\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)
C:\Users\jayaraj\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .)
C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft
Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft
Corporation
O4 - GS\Startup [Guest]: msvc.lnk . (...)
C:\Users\jayaraj\AppData\Roaming\msvcdata\msvc.exe -B -o a.pool.ml:443 -b
a.pool.ml:80 --nicehash -t 1 --av 2 --safe
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft
OneDrive.) C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\OneDrive.exe
=>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Optional Features.lnk . (.Microsoft Corporation -
Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft
Corporation
O4 - GS\Desktop [jayaraj]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Desktop [jayaraj]: Launcher Avira Phantom VPN - Shortcut.lnk . (.Avira
Operations GmbH & Co. KG - Launcher Avira Phantom VPN.) C:\Program Files
(x86)\Avira\VPN\Launcher Avira Phantom VPN.exe =>.Avira Operations GmbH & Co. KG
O4 - GS\Desktop [jayaraj]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.)
C:\Users\jayaraj\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Desktop [jayaraj]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)
C:\Users\jayaraj\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\Quicklaunch [jayaraj]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [jayaraj]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)
C:\Users\jayaraj\AppData\Roaming\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - GS\sendTo [jayaraj]: Bluetooth File Transfer.LNK . (.Microsoft Corporation
- .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [jayaraj]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft
Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe /SendTo =>.Microsoft
Corporation
O4 - GS\Startup [jayaraj]: msvc.lnk . (...)
C:\Users\jayaraj\AppData\Roaming\msvcdata\msvc.exe -B -o a.pool.ml:443 -b
a.pool.ml:80 --nicehash -t 1 --av 2 --safe
O4 - GS\Programs [jayaraj]: OneDrive.lnk . (.Microsoft Corporation - Microsoft
OneDrive.) C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\OneDrive.exe
=>.Microsoft Corporation®
O4 - GS\Programs [jayaraj]: Optional Features.lnk . (.Microsoft Corporation -
Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft
Corporation
O4 - GS\CommonDesktop [Public]: Avira Phantom VPN.lnk . (.Avira Operations GmbH &
Co. KG - Avira.WebAppHost.) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
=>.Avira Operations GmbH & Co. KG®
O4 - GS\CommonDesktop [Public]: Decipher Backup Browser.lnk . (...) C:\Program
Files (x86)\Decipher Media\Decipher Backup Browser\decipher.exe
{381B3C6A923413C9F5840FF104728A17}
O4 - GS\CommonDesktop [Public]: Epson Easy Photo Print.lnk . (.Seiko Epson
Corporation - .) C:\Program Files (x86)\Epson Software\Easy Photo
Print\EPQuicker.exe =>.SEIKO EPSON CORPORATION®
O4 - GS\CommonDesktop [Public]: GeForce Experience.lnk . (.NVIDIA Corporation -
NVIDIA GeForce Experience.) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA
GeForce Experience\NVIDIA GeForce Experience.exe =>.NVIDIA Corporation®
O4 - GS\CommonDesktop [Public]: Gооglе Сhrоmе.lnk . (.Google Inc. - Google Chrome.)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: HitmanPro.lnk . (.SurfRight B.V. - .) C:\Program
Files (x86)\HitmanPro\HitmanPro.exe =>.SurfRight B.V.
O4 - GS\CommonDesktop [Public]: iBackup Extractor.lnk . (...) C:\Program Files
(x86)\Wide Angle Software Ltd\iBackup Extractor\iBackup Extractor.exe
O4 - GS\CommonDesktop [Public]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files
(x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\CommonDesktop [Public]: LonelyScreen.lnk . (...) C:\Program Files
(x86)\LonelyScreen\LonelyScreen.exe
O4 - GS\CommonDesktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes -
Malwarebytes Anti-Malware.) C:\Program Files (x86)\Malwarebytes Anti-
Malware\mbam.exe =>.Malwarebytes Corporation®
O4 - GS\CommonDesktop [Public]: NAPS2.lnk . (...) C:\Program Files
(x86)\NAPS2\NAPS2.exe
O4 - GS\CommonDesktop [Public]: Steam.lnk . (.Valve Corporation - Steam Client
Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\CommonDesktop [Public]: TP-LINK Wireless Configuration Utility.lnk . (...)
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O4 - GS\CommonDesktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media
player.) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe =>.VideoLAN®
O4 - GS\CommonDesktop [Public]: WinRAR.lnk . (.Alexander Roshal - WinRAR archiver.)
C:\Program Files (x86)\WinRAR\WinRAR.exe =>.win.rar GmbH®
O4 - GS\CommonDesktop [Public]: Моzillа Firеfох.lnk . (.Mozilla Corporation -
Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla
Corporation®
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft
OneDrive.) C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\OneDrive.exe
=>.Microsoft Corporation®
O4 - GS\Programs [Public]: Optional Features.lnk . (.Microsoft Corporation -
Features On Demand Helper.) C:\Windows\System32\fodhelper.exe =>.Microsoft
Corporation
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation -
Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe
=>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Intеrnеt Ехрlоrеr.lnk . (.Microsoft Corporation -
Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe
=>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.)
C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Startup [Public]: TP-LINK Wireless Configuration Utility.lnk . (...)
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
-nogui
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .)
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft
Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.)
C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft
Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe
=>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation -
Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps
Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky
Notes.) C:\WINDOWS\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation -
Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft
Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation -
Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
/prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows
Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
=>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS
Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation -
Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (...)
C:\WINDOWS\Installer\{52D87F32-70E4-4348-8148-
C0B9F35B1314}\AppleSoftwareUpdateIco.exe =>.Apple Inc.
O4 - GS\ProgramsCommon [Public]: Devices Flow.lnk . (.Microsoft Corporation -
Devices Flow.) C:\WINDOWS\DevicesFlow\DevicesFlow.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Gооglе Сhrоmе.lnk . (.Google Inc. - Google
Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google
Inc®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft
Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe
=>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation -
MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print
Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Search.lnk . (.Microsoft Corporation - Windows
host process (Rundll32).) C:\WINDOWS\system32\rundll32.exe -sta {C90FB8CA-3295-
4462-A721-2935E83694BA} =>..Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Моzillа Firеfох.lnk . (.Mozilla Corporation -
Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla
Corporation®
---\\ Lop.com/Domain Hijackers (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.177.240.125
103.53.234.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{0e20d16f-0d04-4559-b6a2-2edbc6b7f862}:
DhcpNameServer = 192.168.42.129 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip\..\{40e825f4-211c-40b8-9afe-66d7cb24175d}:
DhcpNameServer = 202.177.240.125 103.53.234.226
---\\ Extra protocols (24) - 0s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} .
(.Microsoft Corporation - Microsoft (R) HTML Viewer.) --
C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft
Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll
=>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft
Corporation - ActiveX control for streaming video.) --
C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft
Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll
=>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft
Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll
=>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft
Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll
=>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} .
(.Microsoft Corporation - OLE32 Extensions for Win32.) --
C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft
Corporation - Microsoft® InfoTech Storage System Library.) --
C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} .
(.Microsoft Corporation - Microsoft (R) HTML Viewer.) --
C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} .
(.Microsoft Corporation - OLE32 Extensions for Win32.) --
C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} .
(.Microsoft Corporation - Microsoft (R) HTML Viewer.) --
C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} .
(.Microsoft Corporation - Microsoft Internet Messaging API Resources.) --
C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft
Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll
=>.Microsoft Corporation
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (...) --
C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (.not file.)
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} .
(.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) --
C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft
Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll
=>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} .
(.Microsoft Corporation - TBAuth protocol handler.) --
C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft
Corporation - ActiveX control for streaming video.) --
C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} .
(.Microsoft Corporation - Microsoft (R) HTML Viewer.) --
C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} .
(.Microsoft Corporation - TBAuth protocol handler.) --
C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-
00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.)
-- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-
00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.)
-- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-
00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.)
-- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (...) --
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (.not
file.)
---\\ AppInit_DLLs Registry value Autorun (1) - 0s
O20 - AppInit_DLLs: . (...) - C:\ProgramData\Voyasollam\Trantam.dll (.not file.)
---\\ CLSID Tasks (Register) (1) - 3s
O40 - TASK: {298AF8B8-E8BA-4F74-84EB-4607DAFB0EFA} [64Bits] - (...) --
C:\WINDOWS\System32\osppc.dll (.not file.) [0] (.Orphan.) =>.SUP.Orphan
---\\ Software installed (69) - 24s
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent
O42 - Logiciel: Adobe Flash Player 26 NPAPI - (.Adobe Systems Incorporated.) [HKLM]
[64Bits] -- Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Ansel - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-
46C3-BAEC-A80AA35AC5B8}_Ansel =>.NVIDIA Corporation
O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM][64Bits]
-- {D2FE6376-E549-4F63-A2C5-CA24DA035DE4} =>.Apple Inc.
O42 - Logiciel: Apple Application Support (64-bit) - (.Apple Inc..) [HKLM][64Bits]
-- {BB109E24-EE90-485B-A28B-ADDEFB40540B} =>.Apple Inc.
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] --
{0A596141-97D5-45FA-9281-98DFAF48D579} =>.Apple Inc.
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {52D87F32-
70E4-4348-8148-C0B9F35B1314} =>.Apple Inc.
O42 - Logiciel: Avira Phantom VPN v2.9.1.24376 - (.Avira Operations GmbH & Co. KG.)
[HKLM][64Bits] -- Avira Phantom VPN =>.Avira Operations GmbH & Co. KG®
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {56DDDFB8-7F79-4480-
89D5-25E1F52AB28F} =>.Apple Inc.
O42 - Logiciel: Decipher Backup Browser - (.Decipher Media.) [HKLM][64Bits] --
{7D47DE76-9F86-414D-865E-0BCA0D9954F9}
O42 - Logiciel: Dota 2 - (.Valve.) [HKLM][64Bits] -- Steam App 570 =>.Valve®
O42 - Logiciel: Epson Easy Photo Print 2 - (.Seiko Epson Corporation.) [HKLM]
[64Bits] -- {F05A434E-D3CF-4B44-9D3E-779D42090781} =>.SEIKO EPSON CORPORATION®
O42 - Logiciel: Epson Event Manager - (.Seiko Epson Corporation.) [HKLM][64Bits] --
{9F205E94-9E42-4486-A92A-DF3F6CB85444} =>.Seiko Epson Corporation
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome
=>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-
BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Hello.Neighbor.Alpha.3-ALI213 version 1.0 - (.Ali213.net.) [HKLM]
[64Bits] -- {CCFEDEAB-E25A-43CB-9CBC-DF456FBE0317}}_is1
O42 - Logiciel: HitmanPro 3.7 - (.SurfRight B.V..) [HKLM][64Bits] -- HitmanPro37
=>.SurfRight B.V.®
O42 - Logiciel: iBackup Extractor - (.Wide Angle Software Ltd.) [HKLM][64Bits] --
{910D181E-12C0-4345-9EE1-8212A4364104}
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {02F95875-9527-49CC-B32F-
970ADAEBD1EF} =>.Apple Inc.
O42 - Logiciel: Java 8 Update 131 - (.Oracle Corporation.) [HKLM][64Bits] --
{26A24AE4-039D-4CA4-87B4-2F32180131F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] --
{4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: LonelyScreen 1.2 - (.IMTIGER Technologies Inc..) [HKLM][64Bits] --
LonelyScreen AirPlay Receiver_is1
O42 - Logiciel: LonelyScreen 1.2.15 - (.IMTIGER Technologies Inc..) [HKLM][64Bits]
-- LonelyScreen_is1
O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.1.1043 - (.Malwarebytes.)
[HKLM][64Bits] -- Malwarebytes Anti-Malware_is1 =>.Malwarebytes
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] --
OneDriveSetup.exe =>.Microsoft Corporation®
O42 - Logiciel: Mozilla Firefox 55.0.2 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] --
Mozilla Firefox 55.0.2 (x86 en-US) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] --
MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: NVIDIA 3D Vision Controller Driver 369.04 - (.NVIDIA Corporation.)
[HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA 3D Vision Driver 382.05 - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA Backend - (.NVIDIA Corporation.) [HKLM][64Bits] --
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Container - (.NVIDIA Corporation.) [HKLM][64Bits] --
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Control Panel 382.05 - (.NVIDIA Corporation.) [HKLM][64Bits]
-- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA Display Container - (.NVIDIA Corporation.) [HKLM][64Bits] --
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Container LS - (.NVIDIA Corporation.) [HKLM][64Bits]
-- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA Display Session Container - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer
=>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Watchdog Plugin - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog
=>.NVIDIA Corporation
O42 - Logiciel: NVIDIA GeForce Experience 3.5.0.76 - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA Graphics Driver 382.05 - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA HD Audio Driver 1.3.34.26 - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits]
-- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA LocalSystem Container - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem
=>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Message Bus for NvContainer - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus
=>.NVIDIA Corporation
O42 - Logiciel: NVIDIA NetworkService Container - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService
=>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.17.0329 - (.NVIDIA Corporation.)
[HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA Session Container - (.NVIDIA Corporation.) [HKLM][64Bits] --
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA ShadowPlay 3.5.0.76 - (.NVIDIA Corporation.) [HKLM][64Bits]
-- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay =>.NVIDIA Corporation
O42 - Logiciel: Nvidia Share - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-
0186-46C3-BAEC-A80AA35AC5B8}_OSC =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- NVIDIAStereo =>.NVIDIA Corporation®
O42 - Logiciel: NVIDIA Telemetry Container - (.NVIDIA Corporation.) [HKLM][64Bits]
-- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA Update 24.0.0.0 - (.NVIDIA Corporation.) [HKLM][64Bits] --
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Update Core - (.NVIDIA Corporation.) [HKLM][64Bits] --
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA User Container - (.NVIDIA Corporation.) [HKLM][64Bits] --
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Virtual Audio 3.60.1 - (.NVIDIA Corporation.) [HKLM][64Bits]
-- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver =>.NVIDIA
Corporation
O42 - Logiciel: NVIDIA Watchdog Plugin for NvContainer - (.NVIDIA Corporation.)
[HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog
=>.NVIDIA Corporation
O42 - Logiciel: NvNodejs - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-
46C3-BAEC-A80AA35AC5B8}_NvNodejs =>.NVIDIA Corporation
O42 - Logiciel: NvTelemetry - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-
0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry =>.NVIDIA Corporation
O42 - Logiciel: NvvHci - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-
46C3-BAEC-A80AA35AC5B8}_NvvHci =>.NVIDIA Corporation
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor
Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek
Semiconductor Corp®
O42 - Logiciel: SearchAwesome - (.SearchAwesome.) [HKLM][64Bits] --
332362554ef29ed673be2b7cb227d9f1 =>PUP.Optional.Wajam
O42 - Logiciel: SHIELD Streaming - (.NVIDIA Corporation.) [HKLM][64Bits] --
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv =>.NVIDIA
Corporation
O42 - Logiciel: SHIELD Wireless Controller Driver - (.NVIDIA Corporation.) [HKLM]
[64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController
=>.NVIDIA Corporation
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- Steam =>.Valve®
O42 - Logiciel: TP-LINK TL-WN727N Driver - (.TP-LINK.) [HKLM][64Bits] -- {52C7E8B3-
A21E-460B-A9EC-5B6CBB8635CE} =>.TP-LINK
O42 - Logiciel: TP-LINK Wireless Configuration Utility - (.TP-LINK.) [HKLM][64Bits]
-- {319D91C6-3D44-436C-9F79-36C0D22372DC} =>.TP-LINK
O42 - Logiciel: UE4 Prerequisites (x64) - (.Epic Games, Inc..) [HKLM][64Bits] --
{2890ae6b-90e9-448d-b3e6-97e43c21e2fd} =>.Epic Games Inc.®
O42 - Logiciel: UE4 Prerequisites (x64) - (.Epic Games, Inc..) [HKLM][64Bits] --
{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4} =>.Epic Games, Inc.
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player
=>.VideoLAN
O42 - Logiciel: Vulkan Run Time Libraries 1.0.42.1 - (.LunarG, Inc..) [HKLM]
[64Bits] -- VulkanRT1.0.42.1 =>.LunarG, Inc.®
O42 - Logiciel: WinRAR 5.40 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR
archiver =>.win.rar GmbH®
---\\ HKCU & HKLM Software Keys (55) - 24s
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\Caphyon =>.Caphyon
HKLM\SOFTWARE\Wow6432Node\EPSON =>.EPSON
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\LonelyScreen
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\RtWlan =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Speedownloader0099 =>PUP.Optional.SoftwareEngine
HKLM\SOFTWARE\Wow6432Node\SrcAAAesom Browser Enhancer =>PUP.Optional.Wajam
HKLM\SOFTWARE\Wow6432Node\TP-LINK =>.TP-LINK
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\VideoLAN =>.VideoLAN
HKLM\SOFTWARE\Wow6432Node\vqjoqhoav
HKLM\SOFTWARE\Wow6432Node\Wide Angle Software Ltd
HKLM\SOFTWARE\Wow6432Node\WinRAR =>.WinRAR
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\Avira =>.Avira
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\Epic Games =>.Epic Games
HKCU\SOFTWARE\EpicNet Inc. =>Adware.MSIL
HKCU\SOFTWARE\Epson =>.EPSON
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\IM =>Adware.InstallCore
HKCU\SOFTWARE\IMTIGER Technologies Inc.
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\LonelyScreen
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Rtp =>.RTP Software
HKCU\SOFTWARE\SyncEngines =>.Microsoft Corporation
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
---\\ Contents of the Common Files folders (203) - 20s
O43 - CFD: 19/08/2017 - [] AD -- C:\Program Files\Bonjour =>.Apple Inc.
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files\CMAK =>.Microsoft Corporation
O43 - CFD: 19/08/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft
Corporation
O43 - CFD: 30/10/2015 - [] D -- C:\Program Files\Compare Clipboard Software
O43 - CFD: 24/08/2017 - [] D -- C:\Program Files\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft
Corporation
O43 - CFD: 21/08/2017 - [] D -- C:\Program Files\iPod
O43 - CFD: 19/08/2017 - [] AD -- C:\Program Files\iTunes =>.Apple Inc.
O43 - CFD: 21/05/2017 - [] D -- C:\Program Files\Microsoft Office =>.Microsoft
Corporation
O43 - CFD: 08/06/2016 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 07/05/2017 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia
Corporation
O43 - CFD: 03/05/2017 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 08/06/2016 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft
Corporation
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files\Windows Defender =>.Microsoft
Corporation
O43 - CFD: 13/07/2016 - [] D -- C:\Program Files\Windows Mail =>.Microsoft
Corporation
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft
Corporation
O43 - CFD: 13/07/2016 - [] D -- C:\Program Files\Windows Multimedia Platform
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [] D -- C:\Program Files\Windows NT =>.Microsoft
Corporation
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft
Corporation
O43 - CFD: 13/07/2016 - [] D -- C:\Program Files\Windows Portable Devices
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft
Corporation
O43 - CFD: 05/07/2017 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft
Corporation
O43 - CFD: 30/10/2015 - [] SD -- C:\Program Files\WindowsPowerShell =>.Microsoft
Corporation
O43 - CFD: 19/08/2017 - [] AD -- C:\Program Files (x86)\Apple Software Update
=>.Apple Inc.
O43 - CFD: 08/07/2017 - [] D -- C:\Program Files (x86)\Avira =>.Avira Software
O43 - CFD: 19/08/2017 - [] AD -- C:\Program Files (x86)\Bonjour =>.Apple Inc.
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files (x86)\CMAK =>.Microsoft
Corporation
O43 - CFD: 24/08/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft
Corporation
O43 - CFD: 21/08/2017 - [] D -- C:\Program Files (x86)\Decipher Media
{381B3C6A923413C9F5840FF104728A17}
O43 - CFD: 16/05/2017 - [] D -- C:\Program Files (x86)\EPSON =>.EPSON
O43 - CFD: 16/05/2017 - [] AD -- C:\Program Files (x86)\Epson Software
=>.Epson/Seico
O43 - CFD: 25/07/2017 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 25/06/2017 - [] AD -- C:\Program Files (x86)\Hello.Neighbor.Alpha.3
O43 - CFD: 17/05/2017 - [] HD -- C:\Program Files (x86)\InstallShield Installation
Information =>.InstallShield
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files (x86)\Internet Explorer
=>.Microsoft Corporation
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files (x86)\Java =>.Oracle
O43 - CFD: 11/05/2017 - [] AD -- C:\Program Files (x86)\LonelyScreen
O43 - CFD: 24/08/2017 - [] D -- C:\Program Files (x86)\Malwarebytes Anti-Malware
=>.Malwarebytes
O43 - CFD: 21/05/2017 - [] D -- C:\Program Files (x86)\Microsoft Analysis Services
=>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [] AD -- C:\Program Files (x86)\Microsoft Office
=>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [] D -- C:\Program Files (x86)\Microsoft SQL Server Compact
Edition =>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [] D -- C:\Program Files (x86)\Microsoft Sync Framework
=>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [] D -- C:\Program Files (x86)\Microsoft Synchronization
Services =>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [] AD -- C:\Program Files (x86)\Microsoft Visual Studio 8
=>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft
Corporation
O43 - CFD: 19/08/2017 - [] AD -- C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
O43 - CFD: 19/08/2017 - [] D -- C:\Program Files (x86)\Mozilla Maintenance Service
=>.Mozilla
O43 - CFD: 21/05/2017 - [] AD -- C:\Program Files (x86)\MSBuild =>.Microsoft
Corporation
O43 - CFD: 07/05/2017 - [] D -- C:\Program Files (x86)\NVIDIA Corporation
=>.nVidia Corporation
O43 - CFD: 08/06/2016 - [] D -- C:\Program Files (x86)\Reference Assemblies
=>.Microsoft Corporation
O43 - CFD: 24/08/2017 - [] D -- C:\Program Files (x86)\Steam =>.Steam Games
O43 - CFD: 17/05/2017 - [] D -- C:\Program Files (x86)\TP-LINK =>.TP-LINK
O43 - CFD: 03/05/2017 - [] D -- C:\Program Files (x86)\VideoLAN =>.VideoLan Team
O43 - CFD: 07/05/2017 - [] D -- C:\Program Files (x86)\VulkanRT =>.LunarG, Inc
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files (x86)\Windows Defender
=>.Microsoft Corporation
O43 - CFD: 13/07/2016 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft
Corporation
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files (x86)\Windows Media Player
=>.Microsoft Corporation
O43 - CFD: 13/07/2016 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft
Corporation
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files (x86)\Windows Photo Viewer
=>.Microsoft Corporation
O43 - CFD: 13/07/2016 - [] D -- C:\Program Files (x86)\Windows Portable Devices
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [] SHD -- C:\Program Files (x86)\Windows Sidebar
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [] SD -- C:\Program Files (x86)\WindowsPowerShell
=>.Microsoft Corporation
O43 - CFD: 08/07/2017 - [] AD -- C:\Program Files (x86)\WinRAR =>.win.rar GmbH®
O43 - CFD: 13/07/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 04/05/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 13/07/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 26/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Avira =>.Avira Software
O43 - CFD: 21/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Decipher Backup Browser
O43 - CFD: 16/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Epson Software =>.Epson/Seico
O43 - CFD: 25/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Hello.Neighbor.Alpha.3
O43 - CFD: 24/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 21/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\iBackup Extractor
O43 - CFD: 19/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\iTunes =>.Apple Inc.
O43 - CFD: 05/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Java =>.Oracle
O43 - CFD: 11/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\LonelyScreen
O43 - CFD: 30/10/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 24/08/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 21/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 16/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\NAPS2
O43 - CFD: 07/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 21/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\SharePoint =>.Microsoft Corporation
O43 - CFD: 17/05/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\StartUp =>.Microsoft Corporation
O43 - CFD: 16/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Steam =>.Steam Games
O43 - CFD: 13/07/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 17/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\TP-LINK =>.TP-LINK
O43 - CFD: 03/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\VideoLAN =>.VideoLan Team
O43 - CFD: 08/07/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 19/08/2017 - [] D -- C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 19/08/2017 - [] D -- C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 02/05/2017 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft
Corporation
O43 - CFD: 24/08/2017 - [] D -- C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 08/07/2017 - [] D -- C:\ProgramData\Avira =>.Avira Software
O43 - CFD: 24/08/2017 - [] D -- C:\ProgramData\Cache =>.Legitimate
O43 - CFD: 30/10/2015 - [0] D -- C:\ProgramData\Comms =>.Microsoft Corporation
O43 - CFD: 24/08/2017 - [] D -- C:\ProgramData\DataCache
O43 - CFD: 25/06/2017 - [0] D -- C:\ProgramData\dbg =>.DBG
O43 - CFD: 02/05/2017 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft
Corporation
O43 - CFD: 16/05/2017 - [] D -- C:\ProgramData\EPSON =>.EPSON
O43 - CFD: 24/08/2017 - [] D -- C:\ProgramData\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 24/08/2017 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 24/08/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 21/05/2017 - [] D -- C:\ProgramData\Microsoft Help =>.Microsoft
Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\ProgramData\Microsoft OneDrive =>.Microsoft
Corporation
O43 - CFD: 24/08/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 07/05/2017 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia
Corporation
O43 - CFD: 05/05/2017 - [] D -- C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 21/08/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft
Corporation
O43 - CFD: 17/05/2017 - [] D -- C:\ProgramData\Ralink =>.Ralink
O43 - CFD: 30/10/2015 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft
=>.Microsoft Corporation
O43 - CFD: 18/07/2017 - [] D -- C:\ProgramData\SoftwareDistribution =>.Microsoft
Corporation
O43 - CFD: 16/05/2017 - [] D -- C:\ProgramData\Sony Corporation =>.Sony
Corporation
O43 - CFD: 02/05/2017 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft
Corporation
O43 - CFD: 02/05/2017 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft
Corporation
O43 - CFD: 17/05/2017 - [] D -- C:\ProgramData\TP-LINK =>.TP-LINK
O43 - CFD: 16/05/2017 - [] D -- C:\ProgramData\UDL =>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 21/08/2017 - [] D -- C:\ProgramData\Windows
O43 - CFD: 21/08/2017 - [] D -- C:\ProgramData\WindowsReporting =>Trojan.GenericKD
O43 - CFD: 05/05/2017 - [] D -- C:\Program Files (x86)\Common Files\Java =>.Oracle
O43 - CFD: 24/08/2017 - [] AD -- C:\Program Files (x86)\Common Files\Microsoft
Shared =>.Microsoft Corporation
O43 - CFD: 24/08/2017 - [] D -- C:\Program Files (x86)\Common Files\System
=>.Microsoft Corporation
O43 - CFD: 21/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\0erxqiidsmq
=>Heuristic.Wizzcaster
O43 - CFD: 02/05/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 21/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\Apple Computer
=>.Apple Inc.
O43 - CFD: 21/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\Decipher Media
O43 - CFD: 17/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\dvdcss
=>.VideoLan Team
O43 - CFD: 24/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\EpicNet Inc
=>Adware.MSIL
O43 - CFD: 16/05/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\EPSON =>.EPSON
O43 - CFD: 26/06/2017 - [0] D --
C:\Users\jayaraj\AppData\Roaming\Hello.Neighbor.Alpha.3-ALI213
O43 - CFD: 05/05/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\Macromedia
=>.Macromedia
O43 - CFD: 24/08/2017 - [] SD -- C:\Users\jayaraj\AppData\Roaming\Microsoft
=>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\Mozilla
=>.Mozilla Corporation
O43 - CFD: 21/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\msvcdata
O43 - CFD: 24/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\MuddyMeadow
O43 - CFD: 16/05/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\NAPS2
O43 - CFD: 21/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\nliv5o3vlkr
=>Heuristic.Wizzcaster
O43 - CFD: 02/05/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\Skype =>.Skype
O43 - CFD: 05/05/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\Sun =>.Oracle
O43 - CFD: 04/06/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\TP-LINK =>.TP-
LINK
O43 - CFD: 24/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\uTorrent
O43 - CFD: 21/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\vih0i4ppomh
=>Heuristic.Wizzcaster
O43 - CFD: 18/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\vlc =>.VideoLan
Team
O43 - CFD: 08/07/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 06/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\Xiaomi
O43 - CFD: 24/08/2017 - [] D -- C:\Users\jayaraj\AppData\Roaming\ZHP =>.Nicolas
Coolman
O43 - CFD: 02/05/2017 - [0] D -- C:\Users\jayaraj\AppData\Local\ActiveSync
=>.Microsoft Corporation
O43 - CFD: 28/07/2017 - [0] D -- C:\Users\jayaraj\AppData\Local\Adobe =>.Adobe
O43 - CFD: 19/08/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 21/08/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Apple Computer
=>.Apple Inc.
O43 - CFD: 02/05/2017 - [0] SHD -- C:\Users\jayaraj\AppData\Local\Application Data
=>.Microsoft Corporation
O43 - CFD: 07/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\CEF =>.CEF
O43 - CFD: 14/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Comms =>.Microsoft
Corporation
O43 - CFD: 22/08/2017 - [] D -- C:\Users\jayaraj\AppData\Local\CrashDumps
=>.Microsoft Corporation
O43 - CFD: 25/06/2017 - [] D -- C:\Users\jayaraj\AppData\Local\CrashReportClient
O43 - CFD: 25/07/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Google =>.Google
O43 - CFD: 25/06/2017 - [] D -- C:\Users\jayaraj\AppData\Local\HelloNeighborReborn
O43 - CFD: 02/05/2017 - [0] SHD -- C:\Users\jayaraj\AppData\Local\History
=>.Microsoft Corporation
O43 - CFD: 11/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Macromedia
=>.Macromedia
O43 - CFD: 21/08/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Microsoft
=>.Microsoft Corporation
O43 - CFD: 04/06/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Microsoft Help
=>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\MicrosoftEdge
=>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Mozilla =>.Mozilla
Corporation
O43 - CFD: 07/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\NVIDIA =>.nVidia
Corporation
O43 - CFD: 07/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\NVIDIA Corporation
=>.nVidia Corporation
O43 - CFD: 17/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Packages
=>.Microsoft Corporation
O43 - CFD: 04/05/2017 - [0] D -- C:\Users\jayaraj\AppData\Local\PeerDistRepub
=>.Microsoft Corporation
O43 - CFD: 11/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Programs
=>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Publishers
=>.Microsoft Corporation
O43 - CFD: 16/07/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Steam =>.Steam
Games
O43 - CFD: 24/08/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Temp =>.Microsoft
Corporation
O43 - CFD: 02/05/2017 - [0] SHD -- C:\Users\jayaraj\AppData\Local\Temporary
Internet Files =>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] D -- C:\Users\jayaraj\AppData\Local\TileDataLayer
=>.Microsoft Corporation
O43 - CFD: 25/06/2017 - [] D -- C:\Users\jayaraj\AppData\Local\UnrealEngine
=>.Unreal Software
O43 - CFD: 08/07/2017 - [] D -- C:\Users\jayaraj\AppData\Local\VirtualStore
=>.Microsoft Corporation
O43 - CFD: 21/08/2017 - [] D -- C:\Users\jayaraj\AppData\Local\Wide Angle Software
O43 - CFD: 21/08/2017 - [] D --
C:\Users\jayaraj\AppData\Local\Wide_Angle_Software_Ltd
O43 - CFD: 24/08/2017 - [] D -- C:\Users\jayaraj\AppData\Local\ZHP =>.Nicolas
Coolman
O43 - CFD: 11/05/2017 - [0] D -- C:\Users\jayaraj\AppData\Local\Programs\Common
=>.Microsoft Corporation
O43 - CFD: 13/07/2016 - [] RD --
C:\Users\jayaraj\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 22/08/2017 - [] RD --
C:\Users\jayaraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
=>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [] RD --
C:\Users\jayaraj\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 30/10/2015 - [] D --
C:\Users\jayaraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
=>.Microsoft Corporation
O43 - CFD: 21/08/2017 - [] RD --
C:\Users\jayaraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
=>.Microsoft Corporation
O43 - CFD: 16/07/2017 - [] D --
C:\Users\jayaraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
=>.Steam Games
O43 - CFD: 30/10/2015 - [] RD --
C:\Users\jayaraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [] RSD --
C:\Users\jayaraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows
PowerShell =>.Microsoft Corporation
O43 - CFD: 08/07/2017 - [] D --
C:\Users\jayaraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
=>.WinRAR
O43 - CFD: 02/05/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data
=>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [0] SHD -- C:\Users\Default\AppData\Local\History
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [] D -- C:\Users\Default\AppData\Local\Microsoft
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft
Corporation
O43 - CFD: 02/05/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary
Internet Files =>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Application
Data =>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\History
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [] D -- C:\Users\Default User\AppData\Local\Microsoft
=>.Microsoft Corporation
O43 - CFD: 30/10/2015 - [0] D -- C:\Users\Default User\AppData\Local\Temp
=>.Microsoft Corporation
O43 - CFD: 02/05/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary
Internet Files =>.Microsoft Corporation
O43 - CFD: 07/05/2017 - [] D --
C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft
Corporation
O43 - CFD: 08/07/2017 - [0] D --
C:\WINDOWS\System32\Config\systemprofile\AppData\Local\PeerDistRepub =>.Microsoft
Corporation
O43 - CFD: 07/05/2017 - [] SD --
C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft
Corporation
---\\ Latest files created in Prefetcher (5) - 56s
O45 - LFCP:[MD5.2B891D879B0A08E868CB61EC5C73E6DC] 24/08/2017 A --
C:\WINDOWS\Prefetch\KMS-R@1NHOOK.EXE-95CFB3BC.pf =>HackTool.AutoKMS
O45 - LFCP:[MD5.166317B787688B19EAEDE643D9E3F14A] 21/08/2017 A --
C:\WINDOWS\Prefetch\YEADESKTOP.EXE-2B22185B.pf =>PUP.Optional.Zusy
O45 - LFCP:[MD5.7EDFB12CFFA4711FE0199950C123E7CA] 21/08/2017 A --
C:\WINDOWS\Prefetch\YEADESKTOP.EXE-A25941B0.pf =>PUP.Optional.Zusy
O45 - LFCP:[MD5.E7B6031EF404C40187CB75223B71B89E] 21/08/2017 A --
C:\WINDOWS\Prefetch\YEADESKTOP.TMP-AA8EA153.pf =>PUP.Optional.Zusy
O45 - LFCP:[MD5.DCB74CCABE008691FAEDB949D59713FB] 21/08/2017 A --
C:\WINDOWS\Prefetch\YEADESKTOP.TMP-F42D477D.pf =>PUP.Optional.Zusy
---\\ ShellIconOverlayIdentifiers (SIOI) (10) - 0s
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-
C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) --
C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncShell.dll
=>.Microsoft Corporation®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-
AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) --
C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncShell.dll
=>.Microsoft Corporation®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-
9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.)
--
C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncShell.dll
=>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-
7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) --
C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncShell.dll
=>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-
95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) --
C:\Users\jayaraj\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncShell.dll
=>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 1 (GFS Unread Stub) [Groove Explorer Icon
Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7}. (.Microsoft
Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files
(x86)\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 2 (GFS Stub) [Groove Explorer Icon
Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}. (.Microsoft
Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files
(x86)\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) [Groove Explorer
Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399}.
(.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program
Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 3 (GFS Folder) [Groove Explorer Icon
Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619}. (.Microsoft
Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files
(x86)\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
O106 - SIOI: Groove Explorer Icon Overlay 4 (GFS Unread Mark) [Groove Explorer Icon
Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}. (.Microsoft
Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files
(x86)\Microsoft Office\Office14\GROOVEEX.DLL =>.Microsoft Corporation®
---\\ Image File Execution Options (18) - 1s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ®
Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft
Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM
Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver
Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft
Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User
Initialization Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0
Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft
Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation -
Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft
Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R)
HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation -
Windows Presentation Foundation Host.) [MitigationOptions\\1118481] =>.Microsoft
Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation -
PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows
host process (Rundll32).) [DisableExceptionChainValidation\\3] =>.Microsoft
Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation -
Runtime Broker.) [MitigationOptions\\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation -
Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3]
=>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler
SubSystem App.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler
SubSystem App.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\SppExtComObj.exe - (.Microsoft Corporation - KMS
Connection Broker.) [Debugger\\KMS-R@1nHook.exe] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process
for Windows Services.) [MinimumStackCommitInBytes\\32768] =>.Microsoft Windows
Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ®
Windows Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft
Corporation
---\\ System Drivers List (56) - 14s
O58 - SDL:2015/10/30 12:47:22 A . (.LSI - LSI 3ware SCSI Storport Driver.) --
C:\WINDOWS\System32\drivers\3ware.sys [107360] =>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:22 A . (.PMC-Sierra - PMC-Sierra Storport Driver For
SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1135456] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:22 A . (.Advanced Micro Devices - AHCI 1.3 Device
Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [83296] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:22 A . (.AMD Technologies Inc. - AMD Technology AHCI
Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [259424]
=>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:22 A . (.Advanced Micro Devices - Storage Filter
Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [26976] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:22 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03
Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [131936] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:22 A . (.Windows (R) Win 7 DDK provider - BCM Function 2
Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn.sys [9728] =>.Windows (R)
Win 7 DDK provider
O58 - SDL:2015/10/30 12:47:22 A . (.Windows (R) Win 7 DDK provider - BCM Function 2
Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R)
Win 7 DDK provider
O58 - SDL:2015/10/30 12:47:22 A . (.Broadcom Corporation - Broadcom NetXtreme II
GigE VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [531296] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:22 A . (.QLogic Corporation - QLogic 10 GigE VBD.) --
C:\WINDOWS\System32\drivers\evbda.sys [3436896] =>.Microsoft Windows®
O58 - SDL:2017/08/19 01:59:52 A . (.36IHD8 - .) --
C:\WINDOWS\System32\drivers\f34938c6ef5a3385e20d9c376e1fa34b.sys [77184]
=>PUP.Optional.Wajam
O58 - SDL:2017/08/24 12:32:42 A . (.© 2017 SurfRight B.V. - HitmanPro 3.7 Support
Driver.) -- C:\WINDOWS\System32\drivers\hitmanpro37.sys [55232] =>.SurfRight
B.V.®
O58 - SDL:2015/10/30 12:47:22 A . (.Hewlett-Packard Company - Smart Array SAS/SATA
Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [64352]
=>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:18 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C
Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R)
Corporation
O58 - SDL:2015/10/30 12:47:18 A . (.Intel Corporation - Intel(R) Serial IO I2C
Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165888] =>.Intel
Corporation
O58 - SDL:2015/10/30 12:47:18 A . (.Intel Corporation - Intel(R) Serial IO GPIO
Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128]
=>.Intel Corporation - Client Components Group®
O58 - SDL:2015/10/30 12:47:18 A . (.Intel Corporation - Intel(R) Serial IO I2C
Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152]
=>.Intel Corporation
O58 - SDL:2015/10/30 12:47:22 A . (.Intel Corporation - Intel(R) Rapid Storage
Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [673120]
=>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:22 A . (.Intel Corporation - Intel Matrix Storage
Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [412000]
=>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.Mellanox - InfiniBand Fabric Bus Driver.) --
C:\WINDOWS\System32\drivers\ibbus.sys [424800] =>.Microsoft Windows®
O58 - SDL:2013/06/17 14:04:04 A . (.Atheros Communications, Inc. - Atheros Security
NDIS 6.0 Filter Driver.) -- C:\WINDOWS\System32\drivers\jswpslwfx.sys [26624]
=>.Atheros Communications, Inc.
O58 - SDL:2016/07/13 03:52:31 N . (...) --
C:\WINDOWS\System32\drivers\lanmamaster.sys [1460328] =>PUP.Optional.ChinAd
O58 - SDL:2015/10/30 12:47:23 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver
(StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [108888] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.LSI Corporation - LSI SAS Gen2 Driver
(StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [104800] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.Avago Technologies - Avago SAS Gen3 Driver
(StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [99168] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver
(StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [82784] =>.Microsoft
Windows®
O58 - SDL:2016/03/10 14:08:54 A . (.Malwarebytes - Malwarebytes Anti-Malware.) --
C:\WINDOWS\System32\drivers\mbam.sys [27008] =>.Malwarebytes Corporation®
O58 - SDL:2016/03/10 14:08:58 A . (.Malwarebytes - Malwarebytes Chameleon
Protection Driver.) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [140672]
=>.Malwarebytes Corporation®
O58 - SDL:2015/10/30 12:47:23 A . (.Avago Technologies - MEGASAS RAID Controller
Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [59744]
=>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.LSI Corporation, Inc. - LSI MegaRAID Software
RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [575840] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.Mellanox - MLX4 Bus Driver.) --
C:\WINDOWS\System32\drivers\mlx4_bus.sys [705376] =>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.Marvell Semiconductor, Inc. - Marvell Flash
Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [63840]
=>.Microsoft Windows®
O58 - SDL:2016/03/10 14:09:10 A . (.Malwarebytes Corporation - Malwarebytes Web
Access Control.) -- C:\WINDOWS\System32\drivers\mwac.sys [65408] =>.Malwarebytes
Corporation®
O58 - SDL:2015/10/30 12:47:23 A . (.Mellanox - NetworkDirect Support Filter
Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [76128] =>.Microsoft Windows®
O58 - SDL:2013/09/06 20:48:02 A . (.Ralink Technology Corp. - Ralink 802.11n
Wireless Adapter Driver.) -- C:\WINDOWS\System32\drivers\netr28ux.sys [2457776]
=>.Mediatek Inc.®
O58 - SDL:2017/05/02 04:08:30 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.)
-- C:\WINDOWS\System32\drivers\nvhda64v.sys [218040] =>.NVIDIA Corporation®
O58 - SDL:2017/05/03 01:48:08 A . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode
Driver, Version.) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys [14456944]
=>.NVIDIA Corporation®
O58 - SDL:2015/10/30 12:47:23 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID
Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150368] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata
Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [166240]
=>.Microsoft Windows®
O58 - SDL:2017/04/26 11:07:51 A . (.NVIDIA Corporation - NVIDIA Virtual Audio
Driver.) -- C:\WINDOWS\System32\drivers\nvvad64v.sys [47736] =>.NVIDIA
Corporation®
O58 - SDL:2017/04/26 11:07:52 A . (.NVIDIA Corporation - Virtual USB Host
Controller driver.) -- C:\WINDOWS\System32\drivers\nvvhci.sys [57976] =>.NVIDIA
Corporation®
O58 - SDL:2015/10/30 12:47:23 A . (.LSI Corporation - MEGASAS RAID Controller
Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [58208]
=>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.Avago Technologies - MEGASAS RAID Controller
Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [58720]
=>.Microsoft Windows®
O58 - SDL:2017/06/23 20:12:36 A . (.The OpenVPN Project - TAP-Windows Virtual
Network Driver (NDIS 6..) -- C:\WINDOWS\System32\drivers\phantomtap.sys [45056]
=>.Avira Operations GmbH & Co. KG®
O58 - SDL:2015/10/30 12:47:23 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-
bit Dri.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [589824] =>.Realtek
O58 - SDL:2012/06/21 13:13:02 A . (.Realtek Semiconductor Corp. - Realtek(r) High
Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys
[4065296] =>.Realtek Semiconductor Corp®
O58 - SDL:2015/10/30 12:47:23 A . (.Silicon Integrated Systems Corp. - SiS RAID
Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [44896]
=>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.Silicon Integrated Systems - SiS AHCI Stor-
Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [81760]
=>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.Promise Technology, Inc. - Promise SuperTrak EX
Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [31072]
=>.Microsoft Windows®
O58 - SDL:2016/07/13 03:52:31 A . (...) --
C:\WINDOWS\System32\drivers\TMhardware.sys [210472] =>.SUP.SuspiciousCloud
O58 - SDL:2016/12/21 13:20:26 A . (.Apple, Inc. - Apple Mobile Device USB Driver.)
-- C:\WINDOWS\System32\drivers\usbaapl64.sys [54784] =>.Apple, Inc.
O58 - SDL:2015/10/30 12:47:23 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR
AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [166752] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.VIA Corporation - VIA StorX RAID Controller
Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305504] =>.Microsoft
Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.Mellanox - Kernel WinMad.) --
C:\WINDOWS\System32\drivers\winmad.sys [26976] =>.Microsoft Windows®
O58 - SDL:2015/10/30 12:47:23 A . (.Mellanox - Kernel WinVerbs.) --
C:\WINDOWS\System32\drivers\winverbs.sys [59232] =>.Microsoft Windows®
O58 - SDL:2013/09/06 20:48:02 A . (.Ralink Technology Corp. - Ralink 802.11n
Wireless Adapter Driver.) -- C:\WINDOWS\System32\netr28ux.sys [2457776]
=>.Mediatek Inc.®
---\\ Last modified or created user files (18) - 123s
O61 - LFC: 2017/08/21 23:57:56 A . (.TODO: <Company name>.) --
C:\Users\jayaraj\AppData\Local\Indigostrong.exe [2554368]
O61 - LFC: 2017/08/21 23:59:12 A . (..) --
C:\Users\jayaraj\AppData\Local\Lexistock.bin [278509]
O61 - LFC: 2017/08/24 12:31:36 A . (..) --
C:\Users\jayaraj\AppData\LocalLow\Mozilla\Temp-{35b2f45f-6b31-4018-b238-
afee9f78b62e}\NVIDIA
Corporation\NV_Cache\273aaf1bd7b47c04abc97ab4ab70202f_fce8395c8fd8a876_15f74c777768
9be5_0_0.bin [16384]
O61 - LFC: 2017/08/24 12:48:26 A . (..) --
C:\Users\jayaraj\AppData\LocalLow\Mozilla\Temp-{d5b3e883-d56b-4bc8-abb9-
3648751f6043}\NVIDIA
Corporation\NV_Cache\273aaf1bd7b47c04abc97ab4ab70202f_fce8395c8fd8a876_15f74c777768
9be5_0_0.bin [16384]
O61 - LFC: 2017/08/24 12:49:34 A . (..) --
C:\Users\jayaraj\AppData\LocalLow\Mozilla\Temp-{d5b3e883-d56b-4bc8-abb9-
3648751f6043}\NVIDIA
Corporation\NV_Cache\273aaf1bd7b47c04abc97ab4ab70202f_fce8395c8fd8a876_15f74c777768
9be5_1_0.bin [16384]
O61 - LFC: 2017/08/24 12:49:42 A . (..) --
C:\Users\jayaraj\AppData\LocalLow\Mozilla\Temp-{d5b3e883-d56b-4bc8-abb9-
3648751f6043}\NVIDIA
Corporation\NV_Cache\273aaf1bd7b47c04abc97ab4ab70202f_fce8395c8fd8a876_15f74c777768
9be5_1_1.bin [1048576]
O61 - LFC: 2017/08/24 10:43:04 A . (..) --
C:\Users\jayaraj\AppData\LocalLow\Mozilla\Temp-{e01b2326-0bd3-4d87-b7c7-
cd812b09379b}\NVIDIA
Corporation\NV_Cache\273aaf1bd7b47c04abc97ab4ab70202f_fce8395c8fd8a876_15f74c777768
9be5_0_0.bin [16384]
O61 - LFC: 2017/08/21 23:56:40 A . (..) --
C:\Users\jayaraj\AppData\LocalLow\Mozilla\Temp-{e37e0882-5003-4502-82e2-
2de03272f306}\NVIDIA
Corporation\NV_Cache\273aaf1bd7b47c04abc97ab4ab70202f_fce8395c8fd8a876_15f74c777768
9be5_0_0.bin [16384]
O61 - LFC: 2017/08/21 23:56:42 A . (..) --
C:\Users\jayaraj\AppData\LocalLow\Mozilla\Temp-{e37e0882-5003-4502-82e2-
2de03272f306}\NVIDIA
Corporation\NV_Cache\273aaf1bd7b47c04abc97ab4ab70202f_fce8395c8fd8a876_15f74c777768
9be5_1_0.bin [16384]
O61 - LFC: 2017/08/24 10:44:12 A . (..) --
C:\Users\jayaraj\AppData\LocalLow\Mozilla\Temp-{edd638e6-a5eb-4fd6-8ca6-
bac31cc05996}\NVIDIA
Corporation\NV_Cache\273aaf1bd7b47c04abc97ab4ab70202f_fce8395c8fd8a876_15f74c777768
9be5_0_0.bin [16384]
O61 - LFC: 2017/08/24 11:07:43 A . (..) --
C:\Users\jayaraj\AppData\LocalLow\Mozilla\Temp-{edd638e6-a5eb-4fd6-8ca6-
bac31cc05996}\NVIDIA
Corporation\NV_Cache\273aaf1bd7b47c04abc97ab4ab70202f_fce8395c8fd8a876_15f74c777768
9be5_0_1.bin [1048576]
O61 - LFC: 2017/08/21 23:56:58 A . (.2336.) --
C:\Users\jayaraj\AppData\Roaming\0erxqiidsmq\eeaymxtv0dp.exe [8192]
=>Adware.Wizzcaster
O61 - LFC: 2017/08/21 23:48:44 N . (..) --
C:\Users\jayaraj\AppData\Roaming\Decipher Media\zsqltmp\sqlite-3.16.1-a6db0caf-
f049-4c9e-8ffb-3adbf77a654b-sqlitejdbc.dll [882176]
O61 - LFC: 2017/08/20 20:25:18 A . (..) --
C:\Users\jayaraj\AppData\Roaming\msvcdata\msvc.exe [532992]
O61 - LFC: 2017/08/24 10:40:26 A . (..) --
C:\Users\jayaraj\AppData\Roaming\MuddyMeadow\cloudnet.exe [754176]
O61 - LFC: 2017/08/21 23:56:45 A . (.2336.) --
C:\Users\jayaraj\AppData\Roaming\nliv5o3vlkr\2iotuzmloyu.exe [8192]
=>Adware.Wizzcaster
O61 - LFC: 2017/08/21 23:56:42 A . (.2336.) --
C:\Users\jayaraj\AppData\Roaming\vih0i4ppomh\yj4xtnjdfxn.exe [8192]
=>Adware.Wizzcaster
O61 - LFC: 2017/08/21 19:37:00 A . (.Wide Angle Software Ltd.) --
C:\Users\jayaraj\Downloads\iBackupExtractor.exe [12535200]
{3B644EE550F19B61E16A55B9D77667FF}
---\\ File Associations Shell Spawning (11) - 1s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft
Corporation - Windows Control Panel.) -- C:\WINDOWS\System32\control.exe
=>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft
Corporation - Event Viewer Snapin Launcher.) -- C:\WINDOWS\System32\eventvwr.exe
=>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft
Corporation - Internet Explorer.) -- C:\Program Files\Internet
Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (...) -- %1" %*
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft
Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla
Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
=>.Mozilla Corporation®
---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla
Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) --
C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: <Google Chrome> <Google
Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program
Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet
Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.)
-- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla
Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox
Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla
Corporation
O68 - StartMenuInternet: <Google Chrome> <Google
Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) --
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet
Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-
User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft
Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla
Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox
Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla
Corporation
O68 - StartMenuInternet: <Google Chrome> <Google
Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) --
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet
Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-
User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft
Corporation
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla
Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox
Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla
Corporation
O68 - StartMenuInternet: <Google Chrome> <Google
Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) --
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet
Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-
User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft
Corporation
---\\ Search Browser Infection (2) - 0s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
(@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
---\\ Search Svchost Services (42) - 2s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation
- Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll
[192000] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation
- Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll
[192000] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft
Corporation - Server Service DLL.) -- C:\WINDOWS\System32\srvsvc.dll [283136]
=>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group
Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll [1339904] =>.Microsoft
Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE
extension.) -- C:\WINDOWS\System32\ikeext.dll [957952] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation -
Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll
[963072] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation -
Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [31232]
=>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation -
Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll [94720]
=>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI
Discovery service.) -- C:\WINDOWS\System32\iscsiexe.dll [151040] =>.Microsoft
Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation -
Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll [112640]
=>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task
Scheduler Service.) -- C:\WINDOWS\System32\schedsvc.dll [1001472] =>.Microsoft
Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.)
-- C:\WINDOWS\System32\wbem\WMIsvc.dll [225280] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation -
Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [134656]
=>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation -
ProfSvc.) -- C:\WINDOWS\System32\profsvc.dll [328192] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation -
Remote Desktop Configuration service.) -- C:\WINDOWS\System32\sessenv.dll
[372736] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft
Corporation - Problem Reports and Solutions.) --
C:\WINDOWS\System32\wercplsupport.dll [96256] =>.Microsoft Corporation
O83 - Search Svchost Services: DcpSvc (DcpSvc) . (.Microsoft Corporation - dcpsvc
Task.) -- C:\WINDOWS\System32\dcpsvc.dll [186880] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation -
Microsoft® Account Service.) -- C:\WINDOWS\System32\wlidsvc.dll [2057216]
=>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation -
Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll
[168960] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation
- Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll [207360]
=>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows
Shell Theme Service Dll.) -- C:\WINDOWS\System32\themeservice.dll [59392]
=>.Microsoft Corporation
O83 - Search Svchost Services: RetailDemo (RetailDemo) . (.Microsoft Corporation -
RDXService.) -- C:\WINDOWS\System32\RDXService.dll [1073152] =>.Microsoft
Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation -
Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll [27136] =>.Microsoft
Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote
Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [106496]
=>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote
Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [696320]
=>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft
Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\System32\mprdim.dll
[507904] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event
Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll [73216]
=>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft
Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll
[456704] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation -
Microsoft® Windows(TM) Telephony Server.) -- C:\WINDOWS\System32\tapisrv.dll
[311808] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation -
Windows Update Agent.) -- C:\WINDOWS\System32\wuaueng.dll [2280448] =>.Microsoft
Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background
Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll [1144320]
=>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft
Corporation - Windows Shell Services Dll.) -- C:\WINDOWS\System32\shsvcs.dll
[608768] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft
Corporation - dmwappushsvc.) -- C:\WINDOWS\System32\dmwappushsvc.dll [57856]
=>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE
Service.) -- C:\WINDOWS\System32\bdesvc.dll [361472] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft
Corporation - Xbox Live Networking Service.) --
C:\WINDOWS\System32\XboxNetApiSvc.dll [1035776] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update
Session Orchestrator Core.) -- C:\WINDOWS\System32\usocore.dll [379392]
=>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation
- Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll [1139712]
=>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft
Corporation - Windows Managent Service DLL.) --
C:\WINDOWS\System32\Windows.Internal.Management.dll [278016] =>.Microsoft
Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device
Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll [205824]
=>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation
- UserMgr.) -- C:\WINDOWS\System32\usermgr.dll [912384] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft
Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll
[948736] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation -
Software installation Service.) -- C:\WINDOWS\System32\appmgmts.dll [200192]
=>.Microsoft Corporation
---\\ Firewall Active Exception List (6) - 5s
O87 - FAEL: "{1B8015F1-FBCB-44C4-B1DD-2E9E37127F2C}" [In-None-P6-TRUE] .(...) --
C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator
O87 - FAEL: "{1C951997-46DD-48A4-98C9-9172B76A53A5}" [Out-None-P6-TRUE] .(...) --
C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator
O87 - FAEL: "TCP Query User{F117ECAB-6180-4219-9EAE-EF5EC8C8E2A7}C:\program files
(x86)\lonelyscreen\lonelyscreen.exe" [In-None-P6-TRUE] .(...) -- C:\program files
(x86)\lonelyscreen\lonelyscreen.exe
O87 - FAEL: "UDP Query User{FB04C966-466F-463D-B3EF-50726EE9A804}C:\program files
(x86)\lonelyscreen\lonelyscreen.exe" [In-None-P17-TRUE] .(...) -- C:\program files
(x86)\lonelyscreen\lonelyscreen.exe
O87 - FAEL: "{666A8190-16F6-48C9-98D8-3F344F00D1EA}" [In-None-P17-TRUE] .(...) --
C:\Users\jayaraj\AppData\Roaming\MuddyMeadow\muddymeadow.exe (.not file.)
O87 - FAEL: "{130BF135-9B58-4EA1-A6C9-64AF93D0FED8}" [In-None-P17-TRUE] .(...) --
C:\Users\jayaraj\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (.not file.)
=>Adware.MSIL
---\\ Additional Scan (O88) (77) - 1s
HKLM\SYSTEM\CurrentControlSet\Services\KMS-R@1n =>HackTool.WinActivator
C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator
C:\Users\jayaraj\AppData\Roaming\vih0i4ppomh\yj4xtnjdfxn.exe =>Adware.Wizzcaster
C:\Users\jayaraj\AppData\Roaming\nliv5o3vlkr\2iotuzmloyu.exe =>Adware.Wizzcaster
C:\Users\jayaraj\AppData\Roaming\0erxqiidsmq\eeaymxtv0dp.exe =>Adware.Wizzcaster
C:\Windows\Temp\gD8AD.tmp.exe =>Heuristic.Suspect
C:\Windows\KMS-R@1nHook.exe =>HackTool.AutoKMS
C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-
FAB622427F59} =>Adware.CloudAtlas
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] =>.SUP.Orphan
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9421DD08-935F-4701-A9CA-
22DF90AC4EA6}] =>.SUP.Orphan
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114} =>PUP.Optional.YouTubeAdBlock
HKLM\Software\WOW6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
=>PUP.Optional.YouTubeAdBlock
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-
31B81443A114} =>PUP.Optional.YouTubeAdBlock
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0D38E5A-7CF8-4105-
8FE8-31B81443A114} =>PUP.Optional.YouTubeAdBlock
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\332362554ef29ed673be2b7c
b227d9f1 =>PUP.Optional.Wajam
C:\ProgramData\WindowsReporting =>Trojan.GenericKD
C:\Users\jayaraj\AppData\Roaming\0erxqiidsmq\eeaymxtv0dp.exe
=>Heuristic.Wizzcaster
C:\Users\jayaraj\AppData\Roaming\0erxqiidsmq =>Heuristic.Wizzcaster
C:\Users\jayaraj\AppData\Roaming\EpicNet Inc =>Adware.MSIL
C:\Users\jayaraj\AppData\Roaming\nliv5o3vlkr\2iotuzmloyu.exe
=>Heuristic.Wizzcaster
C:\Users\jayaraj\AppData\Roaming\nliv5o3vlkr =>Heuristic.Wizzcaster
C:\Users\jayaraj\AppData\Roaming\vih0i4ppomh\yj4xtnjdfxn.exe
=>Heuristic.Wizzcaster
C:\Users\jayaraj\AppData\Roaming\vih0i4ppomh =>Heuristic.Wizzcaster
C:\WINDOWS\Prefetch\KMS-R@1NHOOK.EXE-95CFB3BC.pf =>HackTool.AutoKMS
C:\WINDOWS\Prefetch\YEADESKTOP.EXE-2B22185B.pf =>PUP.Optional.Zusy
C:\WINDOWS\Prefetch\YEADESKTOP.EXE-A25941B0.pf =>PUP.Optional.Zusy
C:\WINDOWS\Prefetch\YEADESKTOP.TMP-AA8EA153.pf =>PUP.Optional.Zusy
C:\WINDOWS\Prefetch\YEADESKTOP.TMP-F42D477D.pf =>PUP.Optional.Zusy
C:\WINDOWS\System32\drivers\f34938c6ef5a3385e20d9c376e1fa34b.sys
=>PUP.Optional.Wajam
C:\WINDOWS\System32\drivers\lanmamaster.sys =>PUP.Optional.ChinAd
C:\Users\jayaraj\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_cdncache-a.akamaihd.net_0.localstorage =>.SUP.AkamaiHD
C:\Users\jayaraj\AppData\Local\Google\Chrome\User Data\Default\Local
Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal =>.SUP.AkamaiHD
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D5
8C88912B64C1F984B8344EF09] =>PUM.Misplaced.Certificate [Comodo Security]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC11632810
85C6AF20528878103ACEFCAAB] =>PUM.Misplaced.Certificate [F-Secure]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFB
D0590E088715CC74BE4C60884] =>PUM.Misplaced.Certificate [FRISK]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06A
E997D234411F3FD72A677EECE] =>PUM.Misplaced.Certificate [Bitdefender]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB
753DF26CB3B7EEBE3E70BB2CF] =>PUM.Misplaced.Certificate [G-Data]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD7
46A132FA2AF995A2D3C941264] =>PUM.Misplaced.Certificate [Malwarebytes]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425
222C46D55C3CCA6BA12E54DAF] =>PUM.Misplaced.Certificate [Symantec]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7B
FEF766724394BE6112B4CA3F7] =>PUM.Misplaced.Certificate [Trend Micro]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F
23A701B9159E30CB6C22D4C59] =>PUM.Misplaced.Certificate [Webroot]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A
5D1EDD1F1585D5D25B39BEA1A] =>PUM.Misplaced.Certificate [SUPERAntiSpyware]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC
9F4829AE406BBF9C21E0DA87F] =>PUM.Misplaced.Certificate [Kaspersky]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC
122351EC29B55AB94F3BB03FC] =>PUM.Misplaced.Certificate [AVG Technologies]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15
149CEA8B38EEA1DA4F26BD159] =>PUM.Misplaced.Certificate [PC Tools]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1
B35AB53E1005FD9EDC9DE8F01] =>PUM.Misplaced.Certificate [K7 Computing]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11D
D0795BC15B7B0ABF090DC84DF] =>PUM.Misplaced.Certificate [Doctor Web]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C
9D85C5EAEDFA3B7F090FE5FFF] =>PUM.Misplaced.Certificate [Emsisoft]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B3
7900AC7712A3C6AE42F377C8C] =>PUM.Misplaced.Certificate [CheckPoint]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2
A13E9A004E6412061E28FA48D] =>PUM.Misplaced.Certificate [Emsisoft]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB
58B3858D6476889E3311E550E] =>PUM.Misplaced.Certificate [K7 Computing]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E1
2DFC5FE05DC57227C1AB00D29] =>PUM.Misplaced.Certificate [BullGuard]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15
B58BC02B184704332B97C3CAF] =>PUM.Misplaced.Certificate [McAfee]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C
3D1C6114CD6B221026D505EAB] =>PUM.Misplaced.Certificate [Comodo Security]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE2412687
2B33175D1778687B642323ACF] =>PUM.Misplaced.Certificate [McAfee]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E
01D52631690BE18EBC2347C1E] =>PUM.Misplaced.Certificate [Adaware Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0C
A2A02814D474A976CBFF6BDB1] =>PUM.Misplaced.Certificate [Safer Networking]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CC
A0888388BE3E5DBDDAAA3B361] =>PUM.Misplaced.Certificate [Webroot]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4
D486D4717B456C5554D4BCEB5] =>PUM.Misplaced.Certificate [ThreatTrack]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74
CA2F70C1E1859E798B7FC6B13] =>PUM.Misplaced.Certificate [CurioLab]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E
2ABB4B46ADCFA0B48C58B6E99] =>PUM.Misplaced.Certificate [Avira Operations]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407
DD7BF7DFE75460D9608FBC309] =>PUM.Misplaced.Certificate [BullGuard]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A
6FC33F7806945481A2D13CA2F] =>PUM.Misplaced.Certificate [ESET]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA
9EF5A6EEE7647748D4BA6B947] =>PUM.Misplaced.Certificate [AVG Technologies]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF
6C01840C20ABA344D7401209F] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379
D2E354660780C2067B81DA2E0] =>PUM.Misplaced.Certificate [Symantec]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F
51C96DB4D044586E2F4F8FD84] =>PUM.Misplaced.Certificate [Malwarebytes]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D
8F2610206AD397A45040326B8] =>PUM.Misplaced.Certificate [Trend Micro]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6
D3AE8ABFDDA7522BFB4CBD598] =>PUM.Misplaced.Certificate [Kaspersky]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE
525DC754A535CA2D6A9BD3D87] =>PUM.Misplaced.Certificate [ThreatTrack]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459
146748B667C97B185619251BA] =>PUM.Misplaced.Certificate [Avast Software]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E6
91C71DF248F12D27F96441C00] =>PUM.Misplaced.Certificate [Total Defense]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD
7C87E00BCA15C23AAB407FCEF] =>PUM.Misplaced.Certificate [AVG Technologies]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F7602
5598421BC1B00E24189E68D54] =>PUM.Misplaced.Certificate [Bitdefender]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F7
2CB5081F742164AD1B8D048C9] =>PUM.Misplaced.Certificate [ESET]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D57
0F2BF6F493D107A3255A9BB1A] =>PUM.Misplaced.Certificate [Panda Security]
[HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC
0D80527B524DD3F9FC172C138] =>PUM.Misplaced.Certificate [Doctor Web]
---\\ Summary of the elements found (16) - 1s
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/
=>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.Wizzcaster
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/08/10/adware-cloudatlas/ =>Adware.CloudAtlas
https://www.anti-malware.top/2016/08/02/superfluous-linkury/ =>.SUP.Linkury
https://nicolascoolman.eu/2017/06/26/trojan-certlock/ =>PUM.Misplaced.Certificate
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/
=>PUP.Optional.YouTubeAdBlock
https://nicolascoolman.eu/2017/02/24/pup-optional-wajam/ =>PUP.Optional.Wajam
https://www.nicolascoolman.com/fr/hijacker-trovigo/ =>PUP.Optional.SoftwareEngine
https://www.nicolascoolman.com/fr/trojan-msil/ =>Adware.MSIL
https://nicolascoolman.eu/2017/03/12/adware-installcore-2/ =>Adware.InstallCore
https://nicolascoolman.eu/2017/04/25/trojan-generickd/ =>Trojan.GenericKD
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/
=>Heuristic.Wizzcaster
https://www.anti-malware.top/2016/05/17/adware-zusy/ =>PUP.Optional.Zusy
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/
=>PUP.Optional.ChinAd
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.AkamaiHD
~ Unselected Options: O82,
~ End of the scan, 25562 items in 06mn15s (1216)(0)