Solved It's like a popup but...

  • Thread starter Thread starter GamerGirl74
  • Start date Start date
  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
G

GamerGirl74

I'm getting a weird flash like there's a popup that's trying to open. Happens every 5 to 10 minutes when I'm online or playing a game. Is there something going on or did I do something I shouldn't have? Here's a Hijack This log, hope it helps determine what's going on. Thanks.
Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 10 (Home), 10.0.15063 (ReleaseId: 1703), Service Pack: 0
Time: 05.06.2017 - 05:01
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Doneff Family (group: Administrator) on DESKTOP-DOB72OG

Chrome: 58.0.3029.110
Edge: 11.0.15063.250
Internet Explorer: 11.0.15063.0

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
7 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
1 C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
1 C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
1 C:\Program Files (x86)\Steam\Steam.exe
2 C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
2 C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\afwServ.exe
1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1 C:\Program Files\VoodooShield\VoodooShieldService.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
2 C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe
1 C:\Users\Doneff Family\Desktop\Toolbox\HiJackThis\HiJackThis.exe
1 C:\Users\Doneff Family\Desktop\Toolbox\HiJackThis\MemCompression
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SystemSettingsBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
73 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
1 C:\Windows\jmesoft\Service.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/p/?LinkId=255141
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes: DefaultScope = {D79BB3A3-DB24-49D3-A463-680951CD61C4} - Bing - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURL = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: SuggestionsURLFallback = http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - Google - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D79BB3A3-DB24-49D3-A463-680951CD61C4} - Bing - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
O2 - BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2-32 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2-32 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2-32 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2-32 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe /AUTO
O4 - HKCU\..\StartupApproved\Run: [Steam] (2017/05/25)C:\Program Files (x86)\Steam\steam.exe -silent --restore-last-session
O4 - HKLM\..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM\..\Run: [VoodooShield] C:\Program Files\VoodooShield\VoodooShield.exe
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] (2017/05/25)C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (HKLM)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (HKLM)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
O9-32 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9-32 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
O9-32 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9-32 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
O17 - DHCP DNS - 1: 209.18.47.61
O17 - DHCP DNS - 2: 209.18.47.62
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O22 - Task (Disabled): \Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - C:\WINDOWS\system32\usoclient.exe ScanInstallWait
O22 - Task (Ready): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): PrivaZer_SkipUAC - C:\Program Files (x86)\PrivaZer\PrivaZer.exe $(Arg0)
O22 - Task (Ready): SafeZone scheduled Autoupdate 1462830905 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
O22 - Task (Ready): \Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
O22 - Task (Ready): \Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
O22 - Task (Ready): \Microsoft\Office\OfficeBackgroundTaskHandlerLogon - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
O22 - Task (Ready): \Microsoft\Office\OfficeBackgroundTaskHandlerRegistration - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
O22 - Task (Ready): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file)
O22 - Task (Ready): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Cellular - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
O22 - Task (Ready): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask
O22 - Task (Ready): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Arg4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll
O22 - Task (Ready): \Microsoft\Windows\Subscription\EnableLicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe -e
O22 - Task (Ready): \Microsoft\Windows\UNP\RunCampaignManager - C:\WINDOWS\System32\UNP\UNPCampaignManager.exe
O22 - Task (Ready): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Avast Firewall Service - (avast! Firewall) - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service R2: FastbootService - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: JME Keyboard Driver - (JME Keyboard) - C:\Windows\jmesoft\Service.exe
O23 - Service R2: LenovoPortalService - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service R2: VoodooShieldService - C:\Program Files\VoodooShield\VoodooShieldService.exe
O23 - Service R2: ZAM Controller Service - (ZAMSvc) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service R3: Intel(R) Security Assist - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: Intel(R) Rapid Storage Technology - (IAStorDataMgrSvc) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service S2: Intel(R) Security Assist Helper - (isaHelperSvc) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service S2: System Interface Foundation Service - (ImControllerService) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service S3: LSCWinService - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service S3: ShareItSvc - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe
O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
O23 - Service S3: nProtect GameGuard Service - (npggsvc) - C:\WINDOWS\SysWow64\GameMon.des

--
End of file - Time spent: 13 sec. - 34820 bytes, CRC32: FFFFFFFF. Sign: ȝ묖
 
ZHP Diag Scan


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.

2. Click the Options button.

Click on Check All
Then Click Validate
Then click close.

upload_2017-4-26_17-16-39-png.2074





2. Click the Scanner button.

upload_2017-2-23_3-32-26-png.1647



When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.
 
~ ZHPDiag v2017.6.5.89 By Nicolas Coolman (2017/06/05)
~ Run by Doneff Family (Administrator) (2017/06/05 19:36:34)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Doneff Family\Desktop\ZHPDiag.txt
~ Report: C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Home, 64-bit (Build 15063) =>.Microsoft Corporation

---\\ Internet Browsers (2) - 0s
~ GCIE: Google Chrome v58.0.3029.110
~ MSIE: Internet Explorer v11.296.15063.0

---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK

---\\ System protection software (2) - 6s
Avast Internet Security v17.4.2294 (Protection)
Windows Defender (Deactivate)

---\\ System protection software (Superfluous) (1) - 6s
~ Zemana AntiMalware v2.72.0.388 (Superfluous)

---\\ Surveillance software (2) - 6s
~ Adobe Flash Player 25 PPAPI (Surveillance)
~ Adobe Acrobat Reader DC (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 12529.86 MB (65% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 773 GB (83%) free of 921 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-DOB72OG
~ User Name: Doneff Family
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 773 GB free of 921 GB (System)
~ Drive F: has 6 GB free of 57 GB

---\\ State of the Windows Security Center (7) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (24) - 3s
[MD5.6314A1E16B2B6D2E0E3FE65C9BA7BD73] - 18/05/2017 - (.Microsoft Corporation - Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4848440] =>.Microsoft Windows®
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
[MD5.9A4BA96E87A1FD69381249557BDE2BF0] - 18/03/2017 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
[MD5.2B1361AFBF330AF9A652A336EE77CBCB] - 18/05/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
[MD5.D0F1FB0E90BFBD14865B770E2567BE1D] - 18/05/2017 - (.Microsoft Corporation - Windows Logon Application.) -- C:\WINDOWS\System32\Winlogon.exe [707072] =>.Microsoft Corporation
[MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
[MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
[MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
[MD5.AC1928C2F7505BD556C552F153B062AB] - 18/03/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
[MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
[MD5.DD1A6F4998E7E21564FA9BAFE21C87ED] - 18/03/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
[MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
[MD5.30C2F67EC84EB11B22011620107E0325] - 18/03/2017 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
[MD5.731FD52461C8107E5B19B9AEDBB82BFB] - 18/03/2017 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2328480] =>.Microsoft Windows®
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 18/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
[MD5.2540384EF2EEE5BE930E3FB1061395DC] - 18/03/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [120224] =>.Microsoft Windows®
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (16) - 1s
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
O23 - Service: Avast Firewall Service (avast! Firewall) . (.AVAST Software - Avast firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
O23 - Service: FastbootService (FastbootService) . (.Lenovo - RapidBoot HDD Accelerator Service.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
O23 - Service: System Interface Foundation Service (ImControllerService) . (.Copyright © 2015 - Lenovo.Modern.ImController.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe =>.LENOVO®
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O23 - Service: JME Keyboard Driver (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe =>.JMESoft
O23 - Service: LenovoPortalService (LenovoPortalService) . (.Copyright © 2012 - LenovoPortalService.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Intel(R) Local Management Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation - NVIDIA Container.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®
O23 - Service: VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC - VoodooShield.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®
O23 - Service: ZAM Controller Service (ZAMSvc) . (.Copyright 2017. - ZAM.) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

---\\ Services not Microsoft (SR=Run, SS=Stop) (23) - 22s
SR - Auto [18/05/2017] [ 2246256] Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
SR - Demand [09/05/2017] [ 7346208] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
SR - Auto [09/05/2017] [ 263304] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
SR - Auto [09/05/2017] [ 310496] Avast Firewall Service (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
SR - Auto [08/09/2015] [ 288768] FastbootService (FastbootService) . (.Lenovo.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
SS - Auto [14/06/2016] [ 154440] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [14/06/2016] [ 154440] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Auto [23/06/2015] [ 18856] Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
SS - Auto [16/07/2015] [ 30624] System Interface Foundation Service (ImControllerService) . (.Copyright © 2015.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe =>.LENOVO®
SS - Demand [22/05/2015] [ 881152] Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe =>.Intel® Trusted Connect Service®
SR - Demand [19/05/2015] [ 335872] Intel(R) Security Assist (Intel(R) Security Assist) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe =>.Intel Corporation
SS - Auto [19/05/2015] [ 7680] Intel(R) Security Assist Helper (isaHelperSvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
SR - Auto [11/07/2015] [ 223520] Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
SR - Auto [16/08/2011] [ 32768] JME Keyboard Driver (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe =>.JMESoft
SR - Auto [08/09/2015] [ 24312] LenovoPortalService (LenovoPortalService) . (.Copyright © 2012.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
SR - Auto [11/07/2015] [ 415520] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
SS - Demand [01/07/2015] [ 271296] LSCWinService (LSCWinService) . (.Lenovo.) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe =>.LENOVO®
SR - Auto [09/05/2017] [ 4470736] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SR - Auto [29/12/2016] [ 458176] NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe =>.NVIDIA Corporation®
SS - Demand [31/03/2016] [ 31704] ShareItSvc (ShareItSvc) . (.SHAREit Technologies Co.Ltd.) - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe =>.LENOVO®
SR - Demand [01/06/2017] [ 1607968] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®
SR - Auto [01/05/2017] [ 129360] VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®
SR - Auto [03/04/2017] [14522512] ZAM Controller Service (ZAMSvc) . (.Copyright 2017..) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®

---\\ Task Planned Automatically (13) - 9s
[MD5.866FF7A49542CDBBF7EE0FD4FD0ADC02] [APT] [Avast Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2326672] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.E5550587CC154E805433DFC99CE7937E] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [7619288] (.Activate.) =>.Piriform Ltd®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
[MD5.BDD7B0DEE5A5B880FD522B1780C01FD3] [APT] [PrivaZer_SkipUAC] (.Goversoft LLC.) -- C:\Program Files (x86)\PrivaZer\PrivaZer.exe [15056648] (.Activate.) =>.Goversoft®
[MD5.F485EE3C484D9874E9DD75E6B4FEE332] [APT] [SafeZone scheduled Autoupdate 1462830905] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [927264] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.283E10FD63971145CC1E750FFA46180E] [APT] [AVAST Software\Avast settings backup] (.AVAST Software.) -- C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [826808] (.Activate.) =>.AVAST Software s.r.o.®
O39 - APT: Avast Emergency Update - (.AVAST Software.) -- C:\WINDOWS\System32\Tasks\Avast Emergency Update [4268] =>.AVAST Software s.r.o.®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [2886] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore [3120] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA [3344] =>.Google Inc®
O39 - APT: PrivaZer_SkipUAC - (.Goversoft LLC.) -- C:\WINDOWS\System32\Tasks\PrivaZer_SkipUAC [3204] =>.Goversoft®
O39 - APT: SafeZone scheduled Autoupdate 1462830905 - (.Avast Software.) -- C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1462830905 [3370] =>.AVAST Software s.r.o.®

---\\ Auto loading programs from Registry and folders (10) - 0s
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) -- C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
O4 - HKLM\..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) -- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®
O4 - HKLM\..\Run: [VoodooShield] . (.VoodooSoft, LLC - VoodooShield.) -- C:\Program Files\VoodooShield\VoodooShield.exe =>.VoodooSoft, LLC®
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - HKCU\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe =>.Superfluous.AkamaiHD
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle America, Inc.®
O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe =>.Superfluous.AkamaiHD

---\\ Process running (26) - 2s
[MD5.E2CFDA7E9606FD5ECAB93E4817414661] - (...) -- C:\Windows\jmesoft\Service.exe [32768] [PID.3084] =>.JMESoft
[MD5.B09F2F6281571FBA7387164DE91A24E2] - (.Copyright © 2012 - LenovoPortalService.) -- C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312] [PID.3104] =>.LENOVO®
[MD5.2328568EE63439A4A11F9DC0692E5527] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176] [PID.3176] =>.NVIDIA Corporation®
[MD5.CD4546A3ECA0DD8534A6097DF7C2028E] - (.Lenovo - RapidBoot HDD Accelerator Service.) -- C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768] [PID.3184] =>.Lenovo
[MD5.A3B07B40F7AA4A39B202D14BCD72678C] - (.Copyright 2017. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512] [PID.3252] =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
[MD5.D76E56108E6482905D3FAEA0649919E4] - (.Malwarebytes - Malwarebytes Service.) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736] [PID.3656] =>.Malwarebytes Corporation®
[MD5.93A49F8ECC625EE8FD3BFC3C5FEB8D47] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1285568] [PID.4336] =>.NVIDIA Corporation®
[MD5.CE9DB06643313387C4E71678880D0412] - (...) -- C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe [74752] [PID.6052] =>.Skype Technologies
[MD5.33E6E5822E22A5E1DEA523C06155FD07] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe [288848] [PID.8436] =>.Google Inc®
[MD5.8FE697AB8A4C28D79C1CDB97C6FB1A17] - (.AVAST Software - Avast Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [8470464] [PID.9068] =>.AVAST Software s.r.o.®
[MD5.27BEAF3F308ED2276F3863C2F2597556] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe [366672] [PID.2252] =>.Google Inc®
[MD5.DE70C5C10803C700DC1CFDE2D5CF207A] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520] [PID.6272] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
[MD5.1CE3A27B6B0658F4242AB2DECE69704E] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520] [PID.6288] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
[MD5.9C8F57D022F39AD1FF1B07C51A20B562] - (.VoodooSoft, LLC - VoodooShield.) -- C:\Program Files\VoodooShield\VoodooShieldService.exe [129360] [PID.9292] =>.VoodooSoft, LLC®
[MD5.8213094EA736A9C575AB0E22AD09B0BA] - (.Intel Corporation - Intel(R) Security Assist.) -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872] [PID.1896] =>.Intel Corporation
[MD5.078B785A7533B7059A236017B3B060A4] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256] [PID.916] =>.Adobe Systems Incorporated®
[MD5.612354D351683C76C5728A5A9A858090] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe [1870928] [PID.8728] =>.Adobe Systems, Incorporated®
[MD5.7F3D0BC2FE61C249302E0515989C59E2] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe [4490200] [PID.7244] =>.Superfluous.AkamaiHD
[MD5.A3B07B40F7AA4A39B202D14BCD72678C] - (.Copyright 2017. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512] [PID.7924] =>.Zemana Bilişim Teknolojileri Sanayi Ticaret Limited Şirketi®
[MD5.7FF7826FC27B9DBAF53098DBA207845C] - (...) -- C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe [3982336] [PID.10788] =>.Microsoft Corporation
[MD5.BA7BFDCD603A7392521E4A688DD40358] - (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe [3042592] [PID.11512] =>.Valve®
[MD5.0E5DE4D8B1E4272B172A82D5E3CE4316] - (.Valve Corporation - Steam Client WebHelper.) -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [2419488] [PID.12012] =>.Valve®
[MD5.507367443C3A2D4BA115FE48B96A7D4B] - (.Valve Corporation - Steam Client Service.) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1607968] [PID.12528] =>.Valve®
[MD5.0E5DE4D8B1E4272B172A82D5E3CE4316] - (.Valve Corporation - Steam Client WebHelper.) -- C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe [2419488] [PID.11412] =>.Valve®
[MD5.7F3D0BC2FE61C249302E0515989C59E2] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe [4490200] [PID.12016] =>.Superfluous.AkamaiHD
[MD5.9BE10B7D1BD613A3270C75CA0863ED0B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe [2734592] [PID.14716] =>.Nicolas Coolman

---\\ Google Chrome, Start,Search,Extensions (22) - 0s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://cdnjs.cloudflare.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://connect.facebook.net =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://nicolascoolman.eu =>.Nicolas Coolman
G0 - GCSP: Preferences [User Data\Default][HomePage] http://scontent-iad3-1.xx.fbcdn.net
G0 - GCSP: Preferences [User Data\Default][HomePage] http://staticxx.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.paypalobjects.com
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com/ =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [iahecghojagkcoehfhfknajofkokndjm] Tab Cookies
G2 - GCE: Preference [User Data\Default] [ifmhoabcaeehkljcfclfiieohkohdgbb] Social Fixer for Facebook
G2 - GCE: Preference [User Data\Default] [lgblnfidahcdcjddiepkckcfdhpknnjh]
G2 - GCE: Preference [User Data\Default] [nmkinhboiljjkhaknpaeaicmdjhagpep] F.B.(FluffBusting)Purity
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Internet Explorer Extensions, Start, Search (18) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =





















R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKEY_USERS\S-1-5-21-113026621-1705679920-3439515112-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (9) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Browser Helper Object (BHO) (4) - 0s
O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} (.Orphan.)
O2 - BHO: Adobe Acrobat Create PDF Helper [64Bits] - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll =>.Adobe Systems, Incorporated®
O2 - BHO: Microsoft OneDrive for Business Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} (.Orphan.)
O2 - BHO: SmartSelect [64Bits] - {F4971EE7-DAA0-4053-9964-665D8EE6A077} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll =>.Adobe Systems, Incorporated®

---\\ Global shortcuts Startup (47) - 2s
O4 - GS\Desktop [Administrator]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\Desktop [Administrator]: Fonts - Shortcut.lnk . (...) C:\Windows\Fonts
O4 - GS\Desktop [Administrator]: Tennafa - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Default" =>.Google Inc®
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\Desktop [Doneff Family]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\Desktop [Doneff Family]: Fonts - Shortcut.lnk . (...) C:\Windows\Fonts
O4 - GS\Desktop [Doneff Family]: Tennafa - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Default" =>.Google Inc®
O4 - GS\Desktop [Doneff Family]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Doneff Family]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
O4 - GS\sendTo [Doneff Family]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Doneff Family]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Doneff Family]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Doneff Family]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\Desktop [Guest]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\Desktop [Guest]: Fonts - Shortcut.lnk . (...) C:\Windows\Fonts
O4 - GS\Desktop [Guest]: Tennafa - Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Default" =>.Google Inc®
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\CommonDesktop [Public]: e-Sword.lnk . (.Rick Meyers - e-Sword.exe.) C:\Program Files (x86)\e-Sword\e-Sword.exe
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: REACHit.lnk . (.Lenovo - REACHit Agent.) C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe =>.LENOVO®
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Access 2016.lnk . (.Microsoft Corporation - Microsoft Access.) C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Excel 2016.lnk . (.Microsoft Corporation - Microsoft Excel.) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: OneNote 2016.lnk . (.Microsoft Corporation - Microsoft OneNote.) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Outlook 2016.lnk . (.Microsoft Corporation - Microsoft Outlook.) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: PowerPoint 2016.lnk . (.Microsoft Corporation - Microsoft PowerPoint.) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
O4 - GS\ProgramsCommon [Public]: Publisher 2016.lnk . (.Microsoft Corporation - Microsoft Publisher.) C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Word 2016.lnk . (.Microsoft Corporation - Microsoft Word.) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE =>.Microsoft Corporation®

---\\ Lop.com/Domain Hijackers (3) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC
O17 - HKLM\System\CCS\Services\Tcpip\..\{22bd1248-b385-4563-bcc2-6588c77ea58a}: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC
O17 - HKLM\System\CCS\Services\Tcpip\..\{e6e4a17a-d400-42d1-acf0-634be7a09268}: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC

---\\ Extra protocols (26) - 0s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: mso-minsb-roaming.16 [64Bits] - {83C25742-A9F7-49FB-9138-434302C88D07} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: mso-minsb.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf-roaming.16 [64Bits] - {42089D2D-912D-4018-9087-2B87803E93FB} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: osf.16 [64Bits] - {5504BE45-A83B-4808-900A-3A5C36E7F77A} . (.Microsoft Corporation - Microsoft Office 2016 component.) -- C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation

---\\ Software installed (82) - 5s
O42 - Logiciel: Adobe Acrobat DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-1033-FFFF-7760-0C0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Flash Player 25 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player PPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824225037} =>.Adobe Systems Incorporated
O42 - Logiciel: Aion - (.NC Interactive, LLC.) [HKLM][64Bits] -- {B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB} =>.NC Interactive, LLC
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU][64Bits] -- Akamai =>.Superfluous.AkamaiHD
O42 - Logiciel: Avast Internet Security - (.AVAST Software.) [HKLM][64Bits] -- Avast Antivirus =>.AVAST Software s.r.o.®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {AF312B06-5C5C-468E-89B3-BE6DE2645722} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F} =>.Cisco Systems, Inc.
O42 - Logiciel: Components - (.Lenovo.) [HKLM][64Bits] -- {1720B0E0-C520-43A6-B677-97A1D80F3B99} =>.Lenovo
O42 - Logiciel: Driver and Application Installation - (.Lenovo.) [HKLM][64Bits] -- {6EC299C6-074C-4529-8D5F-2798584BB27B} =>.LENOVO®
O42 - Logiciel: Echo of Soul - (..) [HKLM][64Bits] -- Echo of Soul
O42 - Logiciel: e-Sword - (.Rick Meyers.) [HKLM][64Bits] -- {463178C4-E707-41EE-BE8A-080C62BF526D}
O42 - Logiciel: Fiesta Online NA version 1.0 - (.gamigo AG.) [HKLM][64Bits] -- Fiesta Online NA_is1 =>.gamigo AG
O42 - Logiciel: Genesys USB Mass Storage Device - (.Genesys Logic.) [HKLM][64Bits] -- {959B7F35-2819-40C5-A0CD-3C53B5FCC935} =>.Genesys Logic
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel Corporation.) [HKLM][64Bits] -- {8C91A5EB-2C62-4A6D-8802-CC79FD2ED390} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {3D6D679B-3ECE-48DD-85D6-8ECE8D497080} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {BCD55758-61DB-426D-BC56-72C9ADB2092F} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {DD20EECC-5CAA-4658-B15D-2A5DCE686321} =>.Intel Corporation
O42 - Logiciel: Intel(R) ME UninstallLegacy - (.Intel Corporation.) [HKLM][64Bits] -- {D2E7A6EE-AB1A-4D68-8E1C-FFE2B4B5429B} =>.Intel Corporation
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {205AE40D-8AD7-4F29-A430-DD2168DA562D} =>.Intel Corporation
O42 - Logiciel: Intel® Security Assist - (.Intel Corporation.) [HKLM][64Bits] -- {4B230374-6475-4A73-BA6E-41015E9C5013} =>.Intel Corporation
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {7D84E343-A23D-451C-B123-0195B2D903A6} =>.Intel Corporation
O42 - Logiciel: Java 8 Update 131 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F32180131F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: Lenovo Accelerator Application - (.Lenovo.) [HKLM][64Bits] -- {10672FE6-3D50-4F79-B0C7-A5573A5D415D} =>.LENOVO®
O42 - Logiciel: Lenovo Blacksilk USB Keyboard Driver - (.Lenovo.) [HKLM][64Bits] -- {B266E062-D6C5-485B-B426-51B152B041A6} =>.Lenovo
O42 - Logiciel: Lenovo Experience Improvement - (.Lenovo.) [HKLM][64Bits] -- LenovoExperienceImprovement =>.LENOVO®
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- {40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] -- {B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo QuickOptimizer - (.Lenovo.) [HKLM][64Bits] -- {8D2C871B-1B9F-45AC-9C43-2BB18089CDFA} =>.Lenovo
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] -- {46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo Solution Center - (.Lenovo.) [HKLM][64Bits] -- {A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35} =>.Lenovo
O42 - Logiciel: Lenovo System Interface Foundation - (.Lenovo.) [HKLM][64Bits] -- {C2E5CA37-C862-4A69-AC6D-24F450A20C16} =>.Lenovo
O42 - Logiciel: Malwarebytes version 3.1.2.1733 - (.Malwarebytes.) [HKLM][64Bits] -- {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1 =>.Malwarebytes Corporation®
O42 - Logiciel: Manual - (.Lenovo.) [HKLM][64Bits] -- {693F92E5-37D1-46B7-A0D6-19A74A2FD0EC} =>.LENOVO®
O42 - Logiciel: Metric Collection SDK - (.Lenovo Group Limited.) [HKLM][64Bits] -- {DDAA788F-52E6-44EA-ADB8-92837B11BF26} =>.Lenovo Group Limited
O42 - Logiciel: Metric Collection SDK 35 - (.Lenovo Group Limited.) [HKLM][64Bits] -- {C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} =>.Lenovo Group Limited
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- OneDriveSetup.exe =>.Microsoft Windows®
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: NCSOFT Game Launcher - (.NCSOFT.) [HKLM][64Bits] -- NCLauncher_NCWest =>.NCsoft Corp.®
O42 - Logiciel: NVIDIA 3D Vision Driver 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Control Panel 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Container - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Display Container LS - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Graphics Driver 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA HD Audio Driver 1.3.34.17 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.15.0428 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo =>.NVIDIA Corporation®
O42 - Logiciel: Office 16 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0000-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Extensibility Component 64-bit Registration - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-00DD-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008F-0000-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Office 16 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90160000-008C-0409-0000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: PrivaZer - (.Goversoft LLC.) [HKLM][64Bits] -- PrivaZer =>.Goversoft®
O42 - Logiciel: REACHit - (.Lenovo.) [HKLM][64Bits] -- {4532E4C5-C84D-4040-A044-ECFCC5C6995B} =>.Lenovo
O42 - Logiciel: REALTEK Bluetooth Filter Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9D3D8C60-A5EF-4123-B2B9-172095903AD} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek Ethernet Controller All-In-One Windows Driver - (.Realtek.) [HKLM][64Bits] -- {F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F} =>.Realtek
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9DAABC60-A5EF-41FF-B2B9-17329590CD5} =>.Realtek Semiconductor Corp®
O42 - Logiciel: SafeZone Stable 3.55.2393.596 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 3.55.2393.596 =>.AVAST Software s.r.o.®
O42 - Logiciel: SHAREit - (.Lenovo.) [HKLM][64Bits] -- SHAREit_is1 =>.Lenovo
O42 - Logiciel: SoftMaker FreeOffice 2016 - (.SoftMaker Software GmbH.) [HKLM][64Bits] -- {8EBB8452-274B-465D-8324-00B0832FBB05} =>.SoftMaker Software GmbH
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- Steam =>.Valve®
O42 - Logiciel: Team Fortress 2 - (.Valve.) [HKLM][64Bits] -- Steam App 440 =>.Valve®
O42 - Logiciel: VoodooShield version 3.59 - (.VoodooSoft, LLC.) [HKLM][64Bits] -- {A8644328-A66F-490E-B8FA-901FF649189D}_is1 =>.VoodooSoft, LLC
O42 - Logiciel: Wheel Of Fortune - (..) [HKLM][64Bits] -- Wheel Of Fortune
O42 - Logiciel: Windows 10 Update and Privacy Settings - (.Microsoft Corporation.) [HKLM][64Bits] -- {293F2009-0145-450B-B4AA-063D43FB368C} =>.Microsoft Corporation
O42 - Logiciel: Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) - (.Genesys Logic.) [HKLM][64Bits] -- AE2E6FAB44844413B4C6F53C908EACC8AFC838F0 =>.Genesys Logic
O42 - Logiciel: Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.53 - (.NVIDIA.) [HKLM][64Bits] -- 81C36D5B443FFB6F528F76BD424D750C53ADF10E =>.NVIDIA
O42 - Logiciel: Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/16/2015 1.3. - (.NVIDIA Corporation.) [HKLM][64Bits] -- E1EF4D4E1E41BA85DB6DA51424B73AE1B3F0056A =>.NVIDIA Corporation
O42 - Logiciel: Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.20 - (.Realtek.) [HKLM][64Bits] -- 6A304520C2F25CD034E477A379C47308AA84A2DC =>.Realtek
O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetoot - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- 604A7B07184AD24892732BED4543610976632257 =>.Realtek Semiconductor Corp.
O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/ - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- 5D078DEFD18360A7A64D38392C9F1007DC86AE23 =>.Realtek Semiconductor Corp.
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] -- {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.

---\\ HKCU & HKLM Software Keys (91) - 5s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\Adware Removal Tool by TSA =>.TSA Softwares
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\AROnline =>.AROnline
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\Corel =>.Corel
HKLM\SOFTWARE\Wow6432Node\CyberLink =>.CyberLink Corporation
HKLM\SOFTWARE\Wow6432Node\FFOnline
HKLM\SOFTWARE\Wow6432Node\Gameforge =>.Gameforge
HKLM\SOFTWARE\Wow6432Node\Genesys Logic =>.Genesys Logic
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Hasbro Interactive
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Lake =>.Lake Sofware
HKLM\SOFTWARE\Wow6432Node\Lenovo =>.Lenovo
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\MAXSOFT-OCRON =>.Maxsoft-Ocron, Inc
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\NC Interactive, LLC =>.NC Interactive, LLC
HKLM\SOFTWARE\Wow6432Node\NCWest
HKLM\SOFTWARE\Wow6432Node\Network Associates =>.Network Associates
HKLM\SOFTWARE\Wow6432Node\NSCPID =>.NetRatings
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\PlayNC
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\RtWLan =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\SHAREit =>.Lenovo Group Limited
HKLM\SOFTWARE\Wow6432Node\SoftMaker Software GmbH =>.SoftMaker Software GmbH
HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.TrendMicro
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Zemi Interactive =>.Zemi Interactive
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\9-lab =>.9-lab
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Aeria Games =>.Aeria Games
HKCU\SOFTWARE\Aion =>.NCsoft Corporation, Ltd.
HKCU\SOFTWARE\Akamai =>.Superfluous.AkamaiHD
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\Corel =>.Corel
HKCU\SOFTWARE\CyberLink =>.CyberLink Corporation
HKCU\SOFTWARE\ElswordINT =>.ElswordINT
HKCU\SOFTWARE\Gameforge4d =>.ZemiInteractive Ltd
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\HngSync =>.Reto-Moto Aps
HKCU\SOFTWARE\INCAInternet =>.INCAInternet
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\Jasc =>.Jasc
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\lenovo =>.Lenovo
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\MakeMusic =>.MakeMusic
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\MyComGames =>.MyComGames
HKCU\SOFTWARE\nester
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\plaync
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\SHAREit =>.Lenovo Group Limited
HKCU\SOFTWARE\SoftMaker Software GmbH =>.SoftMaker Software GmbH
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\tfdfu =>.Electronic Arts, Inc.
HKCU\SOFTWARE\TrioSeq
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation
HKCU\SOFTWARE\Viena
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft

---\\ Contents of the Common Files folders (182) - 11s
O43 - CFD: 25/05/2017 - [] D -- C:\Program Files\9-lab =>.9-lab
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 26/05/2017 - [] AD -- C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files\DIFX =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files\Lenovo =>.Lenovo
O43 - CFD: 23/05/2017 - [] D -- C:\Program Files\Malwarebytes =>.Malwarebytes
O43 - CFD: 12/06/2016 - [] D -- C:\Program Files\Microsoft Office 15 =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] AD -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 11/05/2017 - [] AD -- C:\Program Files\UNP =>.Microsoft Corporation
O43 - CFD: 26/05/2017 - [] AD -- C:\Program Files\VoodooShield
O43 - CFD: 18/03/2017 - [] RD -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\Windows Security =>.Unknow
O43 - CFD: 18/03/2017 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 02/06/2017 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 21/02/2017 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 25/05/2017 - [] D -- C:\Program Files (x86)\Adware Removal Tool by TSA =>.TSA Softwares
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 03/06/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Cyberlink =>.CyberLink Corporation
O43 - CFD: 18/06/2016 - [] AD -- C:\Program Files (x86)\e-Sword
O43 - CFD: 17/05/2017 - [] D -- C:\Program Files (x86)\gamigo =>.gamigo AG®
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Genesyslogic =>.Microsoft Windows Hardware Compatibility Publisher®
O43 - CFD: 14/06/2016 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 13/02/2017 - [] D -- C:\Program Files (x86)\Hasbro Interactive =>.Hasbro Interactive
O43 - CFD: 08/06/2016 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 26/05/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 25/05/2017 - [] D -- C:\Program Files (x86)\Java =>.Oracle
O43 - CFD: 20/06/2016 - [] D -- C:\Program Files (x86)\Lenovo =>.Lenovo
O43 - CFD: 03/06/2017 - [] AD -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 13/04/2017 - [] AD -- C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 08/06/2016 - [] D -- C:\Program Files (x86)\NCSOFT =>.NCSOFT
O43 - CFD: 08/06/2016 - [] D -- C:\Program Files (x86)\NCWest =>.NCWest
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 05/06/2017 - [] AD -- C:\Program Files (x86)\PrivaZer =>.Goversoft LLC
O43 - CFD: 09/05/2016 - [] AD -- C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 09/05/2016 - [] AD -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver =>.Realtek Semiconductor Corp.
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 04/06/2017 - [] AD -- C:\Program Files (x86)\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
O43 - CFD: 04/06/2017 - [] D -- C:\Program Files (x86)\Steam =>.Steam Games
O43 - CFD: 18/05/2017 - [] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 25/05/2017 - [] AD -- C:\Program Files (x86)\Zemana AntiMalware =>.Zemana
O43 - CFD: 31/05/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo =>.gamigo
O43 - CFD: 03/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools =>.Microsoft Corporation
O43 - CFD: 04/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
O43 - CFD: 28/05/2017 - [] D -- C:\ProgramData\9-lab =>.9-lab
O43 - CFD: 26/05/2017 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 27/05/2017 - [] D -- C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 23/05/2017 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 05/06/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 26/05/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 26/05/2017 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 05/06/2017 - [] D -- C:\ProgramData\privazer =>.Goversoft LLC
O43 - CFD: 03/06/2017 - [] AD -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 04/06/2017 - [] D -- C:\ProgramData\SoftMaker =>.SoftMaker
O43 - CFD: 26/05/2017 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 26/05/2017 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 04/06/2017 - [] D -- C:\ProgramData\VoodooShield
O43 - CFD: 27/05/2017 - [] AD -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 13/04/2017 - [] D -- C:\Program Files (x86)\Common Files\AV =>.Avast
O43 - CFD: 03/06/2017 - [] AD -- C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
O43 - CFD: 18/06/2016 - [] AD -- C:\Program Files (x86)\Common Files\EzTools
O43 - CFD: 23/03/2017 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Common Files\Intel Corporation =>.Intel Corporation
O43 - CFD: 26/05/2017 - [] D -- C:\Program Files (x86)\Common Files\Java =>.Oracle
O43 - CFD: 03/06/2017 - [] AD -- C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Program Files (x86)\Common Files\PostureAgent =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 01/06/2017 - [] D -- C:\Program Files (x86)\Common Files\Steam =>.Steam Games
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 24/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\.huntedcowcache
O43 - CFD: 20/11/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\.mono =>.Legitimate
O43 - CFD: 25/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\9-lab =>.9-lab
O43 - CFD: 21/02/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 29/12/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Advanced Mario Sequencer
O43 - CFD: 24/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Audacity =>.Audacity
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 02/06/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\FiestaOnline
O43 - CFD: 26/04/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Google =>.Google
O43 - CFD: 05/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Hecatu
O43 - CFD: 23/12/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\HeroesAndGeneralsDesktop =>.Reto-Moto
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Intel Corporation =>.Intel Corporation
O43 - CFD: 05/02/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Jasc =>.Jasc
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Lenovo =>.Lenovo
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\LSC =>.LSC
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 10/11/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\MakeMusic =>.MakeMusic
O43 - CFD: 31/05/2017 - [] SD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/11/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\NCH Software =>.NCH Software
O43 - CFD: 05/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\NVIDIA =>.nVidia Corporation
O43 - CFD: 20/11/2016 - [] AD -- C:\Users\Doneff Family\AppData\Roaming\Pokémon Trading Card Game Online =>.The Pokémon Company
O43 - CFD: 26/11/2016 - [0] D -- C:\Users\Doneff Family\AppData\Roaming\PokΘmon Trading Card Game Online
O43 - CFD: 26/08/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Skype =>.Skype
O43 - CFD: 04/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\SoftMaker =>.SoftMaker
O43 - CFD: 06/12/2016 - [0] D -- C:\Users\Doneff Family\AppData\Roaming\Splitscreen Studios
O43 - CFD: 13/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Sun =>.Oracle
O43 - CFD: 13/02/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\SynthFont
O43 - CFD: 05/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 09/05/2016 - [0] D -- C:\Users\Doneff Family\AppData\Local\ActiveSync =>.Microsoft Corporation
O43 - CFD: 21/02/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Adobe =>.Adobe
O43 - CFD: 28/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Akamai =>.Superfluous.AkamaiHD
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Doneff Family\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 11/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Audacity =>.Audacity
O43 - CFD: 23/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\CEF =>.CEF
O43 - CFD: 14/08/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 20/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 01/06/2017 - [0] D -- C:\Users\Doneff Family\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] D -- C:\Users\Doneff Family\AppData\Local\DBG =>.DBG
O43 - CFD: 08/05/2017 - [0] D -- C:\Users\Doneff Family\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 18/06/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 30/10/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Google =>.Google
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Doneff Family\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 10/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Lenovo =>.Lenovo
O43 - CFD: 18/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [0] D -- C:\Users\Doneff Family\AppData\Local\NetworkTiles =>.NetworkTiles
O43 - CFD: 18/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Power2Go =>.Power2Go
O43 - CFD: 05/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\PrivaZer =>.Goversoft LLC
O43 - CFD: 16/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 20/06/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\SHAREit =>.Lenovo Group Limited
O43 - CFD: 06/07/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\speech =>.Microsoft Corporation
O43 - CFD: 19/12/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\Steam =>.Steam Games
O43 - CFD: 05/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Doneff Family\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 23/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\TERA =>.Gameforge Productions GmbH
O43 - CFD: 11/08/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\TianTianData
O43 - CFD: 09/05/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 11/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\UNP =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 25/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Zemana =>.Zemana
O43 - CFD: 05/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 16/05/2016 - [0] D -- C:\Users\Doneff Family\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 21/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
O43 - CFD: 18/03/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 26/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer =>.Goversoft LLC
O43 - CFD: 18/05/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 23/05/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 18/03/2017 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 26/05/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 18/05/2017 - [0] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\DBG =>.DBG
O43 - CFD: 19/05/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 25/05/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Zemana =>.Zemana

---\\ ShellIconOverlayIdentifiers (SIOI) (8) - 1s
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: ReadOnlyOverlayHandler Class [ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
O106 - SIOI: avast [00avast] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®

---\\ Image File Execution Options (18) - 0s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\MRT.exe - (.Microsoft Corporation - Microsoft Windows Malicious Software Remova.) [CFGOptions\\1] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation

---\\ System Drivers List (83) - 9s
O58 - SDL:2017/03/18 16:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) -- C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [311808] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) -- C:\WINDOWS\System32\drivers\aswbidsha.sys [190256] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - Logging Driver.) -- C:\WINDOWS\System32\drivers\aswbloga.sys [334576] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software s.r.o. - Universal Driver.) -- C:\WINDOWS\System32\drivers\aswbuniva.sys [49016] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast HWID.) -- C:\WINDOWS\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/05/09 17:08:56 A . (.AVAST Software - Avast Keyboard Filter Driver.) -- C:\WINDOWS\System32\drivers\aswKbd.sys [32600] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast File System Minifilter for Windows 20.) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [128648] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:08:53 A . (.AVAST Software - Avast Firewall Driver.) -- C:\WINDOWS\System32\drivers\aswNetSec.sys [507928] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast WFP Redirect Driver.) -- C:\WINDOWS\System32\drivers\aswRdr2.sys [101152] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast Revert.) -- C:\WINDOWS\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/05/09 17:08:56 A . (.AVAST Software - Avast Virtualization Driver.) -- C:\WINDOWS\System32\drivers\aswSnx.sys [1007160] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [569192] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/12 17:09:39 A . (.AVAST Software - Stream Filter.) -- C:\WINDOWS\System32\drivers\aswstm.sys [158880] =>.AVAST Software s.r.o.®
O58 - SDL:2017/05/09 17:09:12 A . (.AVAST Software - Avast VM Monitor.) -- C:\WINDOWS\System32\drivers\aswVmm.sys [339696] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/03/18 16:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
O58 - SDL:2017/06/05 18:40:18 A . (.Malwarebytes - Malwarebytes Anti-Ransomware Protection.) -- C:\WINDOWS\System32\drivers\farflt.sys [113592] =>.Malwarebytes Corporation®
O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - HDD Accelerator Driver.) -- C:\WINDOWS\System32\drivers\Fastboot.sys [67608] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - fsmon driver.) -- C:\WINDOWS\System32\drivers\FBFsmon.sys [39448] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - Network throttling driver.) -- C:\WINDOWS\System32\drivers\FBNetFlt.sys [32792] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/07/15 06:54:02 A . (.GenesysLogic - GeneStor.) -- C:\WINDOWS\System32\drivers\GeneStor.sys [115704] =>.GENESYS LOGIC, INC.®
O58 - SDL:2017/03/18 16:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2017/03/18 16:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2015/06/23 18:58:58 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver -.) -- C:\WINDOWS\System32\drivers\iaStorA.sys [1455552] =>.Intel Corporation - Rapid Storage Technology®
O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
O58 - SDL:2017/06/05 18:39:57 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\mbae64.sys [77376] =>.Malwarebytes Corporation®
O58 - SDL:2017/06/05 18:40:17 A . (.Malwarebytes - Malwarebytes Real-Time Protection.) -- C:\WINDOWS\System32\drivers\mbam.sys [44960] =>.Malwarebytes Corporation®
O58 - SDL:2017/06/05 18:40:19 A . (.Malwarebytes - Malwarebytes Chameleon.) -- C:\WINDOWS\System32\drivers\MBAMChameleon.sys [188312] =>.Malwarebytes Corporation®
O58 - SDL:2017/06/05 18:40:16 A . (.Malwarebytes - Malwarebytes SwissArmy.) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
O58 - SDL:2017/06/05 18:40:23 A . (.Malwarebytes - Malwarebytes Web Protection.) -- C:\WINDOWS\System32\drivers\mwac.sys [93600] =>.Malwarebytes Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/01/17 06:55:40 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\WINDOWS\System32\drivers\nvhda64v.sys [221640] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
O58 - SDL:2016/02/24 04:43:34 A . (.NVIDIA Corporation - Stereoscopic 3D USB controller driver.) -- C:\WINDOWS\System32\drivers\nvstusb.sys [452240] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:26 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Dri.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [604160] =>.Realtek
O58 - SDL:2015/06/15 18:37:26 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth Filter Driver.) -- C:\WINDOWS\System32\drivers\RtkBtfilter.sys [598784] =>.Realtek Semiconductor Corp®
O58 - SDL:2015/09/30 13:58:16 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys [4608280] =>.Realtek Semiconductor Corp®
O58 - SDL:2017/03/18 16:56:20 A . (.Realtek Semiconductor Corporation - Realtek PCIE NDIS Driver 47528 20362.) -- C:\WINDOWS\System32\drivers\rtwlane.sys [6320640] =>.Realtek Semiconductor Corporation
O58 - SDL:2017/03/18 16:56:26 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
O58 - SDL:2015/09/04 13:29:06 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [195336] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2017/05/24 18:17:04 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\TrueSight.sys [28272] =>.Adlice®
O58 - SDL:2017/03/18 16:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
O58 - SDL:2016/08/18 18:17:00 A . (.VoodooSoft, LLC - VSScanner Filter driver.) -- C:\WINDOWS\System32\drivers\vsscanner.sys [29808] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2017/03/18 16:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®
O58 - SDL:2012/06/13 20:10:32 A . (."CyberLink - Cyberlink Virtual Disk Driver.) -- C:\WINDOWS\System32\drivers\wsvd.sys [102376] =>.CyberLink®
O58 - SDL:2017/05/25 00:53:11 A . (.Zemana Ltd. - ZAM.) -- C:\WINDOWS\System32\drivers\zam64.sys [203680] =>.Zemana Ltd.®
O58 - SDL:2017/05/25 00:53:11 A . (.Zemana Ltd. - ZAM.) -- C:\WINDOWS\System32\drivers\zamguard64.sys [203680] =>.Zemana Ltd.®

---\\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

---\\ Search Browser Infection (5) - 0s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKCU] {D79BB3A3-DB24-49D3-A463-680951CD61C4} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.

---\\ Search Svchost Services (46) - 1s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [303616] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\WINDOWS\System32\wercplsupport.dll [91648] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [199168] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) -- C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll [1013248] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\Windows\System32\Windows.Internal.Management.dll [536064] =>.Microsoft Corporation
O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) -- C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) -- C:\Windows\System32\TokenBroker.dll [1054208] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [871936] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\WINDOWS\system32\wuaueng.dll [2443776] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) -- C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) -- C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation

---\\ Firewall Active Exception List (2) - 1s
O87 - FAEL: "{CBA50C44-7642-4E11-A8A5-009022E5EFB1}" [In-None-P6-TRUE] .(...) -- C:\AeriaGames\TwinSaga\game.bin (.not file.)
O87 - FAEL: "{796D6EBD-9B17-4BAC-AD36-F091845E643B}" [In-None-P17-TRUE] .(...) -- C:\AeriaGames\TwinSaga\game.bin (.not file.)

---\\ List of CD/DVD Emulators (MBR Hook) (2) - 0s
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FiestaOnlineDownloader_US_RASAPI32 =>PUP.Optional.SoftwareEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FiestaOnlineDownloader_US_RASMANCS =>PUP.Optional.SoftwareEngine

---\\ Additional Scan (O88) (10) - 1s
C:\Users\Doneff Family\AppData\Local\Akamai\netsession_win.exe =>.Superfluous.AkamaiHD
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} =>.Superfluous.Orphan
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan
C:\Users\Doneff Family\AppData\Local\Akamai =>.Superfluous.AkamaiHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FiestaOnlineDownloader_US_RASAPI32 =>PUP.Optional.SoftwareEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FiestaOnlineDownloader_US_RASMANCS =>PUP.Optional.SoftwareEngine
C:\WINDOWS\Installer\MSIA5B3.tmp =>.Superfluous.Elex
C:\WINDOWS\Installer\MSIB03.tmp =>.Superfluous.Elex
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic

---\\ Summary of the elements found (4) - 0s
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.AkamaiHD
https://www.nicolascoolman.com/fr/hijacker-trovigo/ =>PUP.Optional.SoftwareEngine
https://nicolascoolman.eu/2017/03/28/superfluous-elex/ =>.Superfluous.Elex
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Generic

~ Unselected Options:
~ End of the scan, 25498 items in 02mn22s (940)(0)
 
We need you to run ESET Online Scanner to check and report on your PC.

As Eset may take an extended time to run it is important to ensure your PC does not enter Sleep Mode. See HERE if you are not sure how to disable sleep mode.

Click HERE to download ESET Online Scanner and save it to your desktop.
Disable all Antivirus/Antimalware software. If you are unsure how to do this please ask?
Right click on the downloaded Esetonlinescanner_enu.exe desktop icon and select "Run as Administrator" from the drop down menu.
If you receive any security warnings you can safely allow Eset to run.
On the opening screen click on Accept to agree with the Terms of Use.
As per picture below

  1. Click "Enable detection of potentially unsafe applications"
  2. Click the Advanced settings link.
  3. Ensure all options shown ticked here are selected.
  4. Click "Scan".
vqE2ZEA.png


Eset will download a virus signature database and commence the scan. Depending on the amount of data on your PC this may take some time, please be patient.
At the completion of the scan Eset will display a results dialogue:

fm7QxeE.png


  1. Click "Save to text file" Another box will open and ask you to name it and also where to save it. Suggest call it Eset.txt and save it to the Desktop.
  2. Then choose "Select all".
  3. Finally "Clean all".
Another dialogue box will open where you can select Finish to complete the scan and clean.

Please Copy and paste the contents of the new Eset.txt file in your next reply
clear.png



AdsFix Scan and clean.
  • Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
  • Save AdsFix to your desktop.
  • Right Click & Run As Administrator.
  • With an infected machine, it could take several seconds to be charged.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
2017-04-06_08h45_40-png.1937


  • Click Options then select Unlock the deletion.
  • Then click on clean.
  • Enter your country
  • Don’t use the machine while scanning and be patient
  • Once the scan has completed, please copy and paste the report in your next reply.
  • The report will be C:\AdsFix_date_hour.txt or on your desktop with the same name.
 
I'm not sure I'm doing this right. Can you give instruction on disabling everything I need to disable before running these scans? I have a Windows 10 Home edition.
 
ESet scan didn't create a text file.
AdsFix has done something to my system and I can't open my start menu anymore. An error message came up and I can't post it because I can't open any program to paste it into so I can post the print screen I captured. Can I remove these programs and restore my system a few days? Please don't ask me to retry AdsFix, I don't know what it has done to my system but it certainly isn't helping anything.
 
GamerGirl74 said:
Please don't ask me to retry AdsFix, I don't know what it has done to my system but it certainly isn't helping anything.
Click to expand...


Apologize for that, I would restore the system to a few days ago, then please post a new ZHP Diag Log. Also, I will let the developer know about the issue.
 
ZHPDiag3 program isn't working on my system now. I think maybe disabling my firewall and antivirus opened me up to some bigger nasties than I had before I started. Please advise on what to do. Program won't work for left clicking OR right clicking and run as admin.

Resetting resolved issues, no response to this post is needed. Please see the following posts for relevant information. Thanks.
 
Last edited by a moderator:
Reset my system, here is a list of items removed when the reset took place. Other than my games and antivirus, which ones should I reinstall?
Apps removed while resetting your PC
App name Publisher Version
Adobe Acrobat DC Adobe Systems Incorporated 17.009.20044
Adobe Acrobat Reader DC Adobe Systems Incorporated 17.009.20044
Adobe Flash Player 25 PPAPI Adobe Systems Incorporated 25.0.0.171
Aion NC Interactive, LLC 4.0.0.3
Akamai NetSession Interface Akamai Technologies, Inc
Avast Internet Security AVAST Software 17.4.2294
CCleaner Piriform 5.30
Echo of Soul
e-Sword Rick Meyers 10.04.0000
Fiesta Online NA version 1.0 gamigo AG 1.0
Google Chrome Google Inc. 58.0.3029.110
Java 8 Update 131 Oracle Corporation 8.0.1310.11
Malwarebytes version 3.1.2.1733 Malwarebytes 3.1.2.1733
Microsoft Office 365 - en-us Microsoft Corporation 16.0.8067.2115
Microsoft OneDrive Microsoft Corporation 17.3.6816.0313
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 10.0.40219
NCSOFT Game Launcher NCSOFT
NVIDIA 3D Vision Driver 376.54 NVIDIA Corporation 376.54
NVIDIA Graphics Driver 376.54 NVIDIA Corporation 376.54
NVIDIA HD Audio Driver 1.3.34.17 NVIDIA Corporation 1.3.34.17
PrivaZer Goversoft LLC 3.0.22.0
SoftMaker FreeOffice 2016 SoftMaker Software GmbH 1.0.3815
Steam Valve Corporation 2.10.91.91
Team Fortress 2 Valve
VoodooShield version 3.59 VoodooSoft, LLC 3.59
Wheel Of Fortune
Windows 10 Update and Privacy Settings Microsoft Corporation 1.0.13.0
Zemana AntiMalware Zemana Ltd. 2.72.0.388
Thursday, June 8, 2017 4:13 PM
 
~ ZHPDiag v2017.6.8.94 By Nicolas Coolman (2017/06/08)
~ Run by Doneff Family (Administrator) (2017/06/08 21:51:30)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version KO
~ Mode: Scan
~ Report: C:\Users\Doneff Family\Desktop\ZHPDiag.txt
~ Report: C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Home, 64-bit (Build 15063) =>.Microsoft Corporation

---\\ Internet Browsers (3) - 0s
~ GCIE: Google Chrome v59.0.3071.86
~ MSIE: Microsoft Edge v40
~ MSIE: Internet Explorer v11.0.15063.0

---\\ Windows Product Information (3) - 3s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK

---\\ System protection software (2) - 2s
Avast Internet Security v17.4.2294 (Protection)
Windows Defender (Deactivate)

---\\ Surveillance software (2) - 3s
~ Adobe Flash Player 25 PPAPI (Surveillance)
~ Adobe Reader X (Surveillance)

---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 12529.86 MB (84% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 807 GB (87%) free of 921 GB : OK =>.Disk Space

---\\ Connection to the system mode (3) - 0s
~ Computer Name: DESKTOP-DOB72OG
~ User Name: Doneff Family
~ Logged in as Administrator

---\\ Enumeration of the disk units (2) - 0s
~ Drive C: has 807 GB free of 921 GB (System)
~ Drive F: has 6 GB free of 57 GB

---\\ State of the Windows Security Center (7) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Search Generic System Files (24) - 5s
[MD5.4E09D16BD3D98831C42CFD59E88E5807] - 08/06/2017 - (.Microsoft Corporation - Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4847928] =>.Microsoft Windows®
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - 18/03/2017 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [68608] =>.Microsoft Corporation
[MD5.9A4BA96E87A1FD69381249557BDE2BF0] - 18/03/2017 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [318232] =>.Microsoft Windows Publisher®
[MD5.032BB369103DAC02606FB919F6658F3C] - 08/06/2017 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [3307008] =>.Microsoft Corporation
[MD5.47FF22F309A19C495E6BDD90DFA92A95] - 08/06/2017 - (.Microsoft Corporation - Windows Logon Application.) -- C:\WINDOWS\System32\Winlogon.exe [707584] =>.Microsoft Corporation
[MD5.50CDF68A8EA8A2A9165CD573FA6C42D8] - 18/03/2017 - (.Microsoft Corporation - Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [414208] =>.Microsoft Corporation
[MD5.0F9FA6A2D4EAE50393DCE473759A9845] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [661224] =>.Microsoft Windows®
[MD5.3F969D5ADEAB3284ABD500B37D74A8F8] - 18/03/2017 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [508344] =>.Microsoft Windows®
[MD5.AC1928C2F7505BD556C552F153B062AB] - 18/03/2017 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [610712] =>.Microsoft Windows®
[MD5.01733BEEE02E51F712330D5909BD701C] - 18/03/2017 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [29088] =>.Microsoft Windows®
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - 18/03/2017 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [93184] =>.Microsoft Corporation
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - 18/03/2017 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [160256] =>.Microsoft Corporation
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - 18/03/2017 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [150528] =>.Microsoft Corporation
[MD5.DD1A6F4998E7E21564FA9BAFE21C87ED] - 18/03/2017 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [86528] =>.Microsoft Corporation
[MD5.C6C8315E3262FAE460529C6DA2951682] - 18/03/2017 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [115200] =>.Microsoft Corporation
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - 18/03/2017 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [214528] =>.Microsoft Corporation
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - 18/03/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [467352] =>.Microsoft Windows®
[MD5.30C2F67EC84EB11B22011620107E0325] - 18/03/2017 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [305152] =>.Microsoft Corporation
[MD5.731FD52461C8107E5B19B9AEDBB82BFB] - 18/03/2017 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2328480] =>.Microsoft Windows®
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - 18/03/2017 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [97792] =>.Microsoft Corporation
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - 18/03/2017 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [107008] =>.Microsoft Corporation
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - 18/03/2017 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [183296] =>.Microsoft Corporation
[MD5.2540384EF2EEE5BE930E3FB1061395DC] - 18/03/2017 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [120224] =>.Microsoft Windows®
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - 18/03/2017 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [397216] =>.Microsoft Windows®

---\\ Non Microsoft non disabled Windows Services (16) - 5s
O23 - Service: McAfee Application Installer Cleanup (0234331496953170) (0234331496953170mcinstcleanup) . (...) - C:\WINDOWS\TEMP\023433~1.EXE (.not file.)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
O23 - Service: Avast Firewall Service (avast! Firewall) . (.AVAST Software - Avast firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
O23 - Service: FastbootService (FastbootService) . (.Lenovo - RapidBoot HDD Accelerator Service.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
O23 - Service: System Interface Foundation Service (ImControllerService) . (.Copyright © 2015 - Lenovo.Modern.ImController.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe =>.LENOVO®
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O23 - Service: JME Keyboard Driver (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe =>.JMESoft
O23 - Service: LenovoPortalService (LenovoPortalService) . (.Copyright © 2012 - LenovoPortalService.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Intel(R) Local Management Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 353.6.) - C:\Windows\system32\nvvsvc.exe =>.NVIDIA Corporation
O23 - Service: Unchecky (Unchecky) . (.RaMMicHaeL - Unchecky Service.) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe =>.Reason Software Company Inc.®
O23 - Service: Update Agent (UpdateAgentService) . (.Copyright (C) 2015 - UpdateAgent Application.) - C:\Program Files\update\UpdateAgent.exe =>.LENOVO®

---\\ Services not Microsoft (SR=Run, SS=Stop) (20) - 23s
SR - Auto [24/09/2015] [ 81088] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SS - Demand [08/06/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\syswow64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
SS - Demand [08/06/2017] [ 7346208] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
SR - Auto [08/06/2017] [ 263304] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
SR - Auto [08/06/2017] [ 310496] Avast Firewall Service (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
SR - Auto [08/09/2015] [ 288768] FastbootService (FastbootService) . (.Lenovo.) - C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe =>.Lenovo
SS - Auto [08/06/2017] [ 154440] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [08/06/2017] [ 154440] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Auto [23/06/2015] [ 18856] Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Rapid Storage Technology®
SS - Auto [16/07/2015] [ 30624] System Interface Foundation Service (ImControllerService) . (.Copyright © 2015.) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe =>.LENOVO®
SS - Demand [22/05/2015] [ 881152] Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe =>.Intel® Trusted Connect Service®
SS - Demand [19/05/2015] [ 335872] Intel(R) Security Assist (Intel(R) Security Assist) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe =>.Intel Corporation
SR - Auto [19/05/2015] [ 7680] Intel(R) Security Assist Helper (isaHelperSvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe =>.Intel Corporation
SR - Auto [11/07/2015] [ 223520] Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
SR - Auto [16/08/2011] [ 32768] JME Keyboard Driver (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe =>.JMESoft
SR - Auto [08/09/2015] [ 24312] LenovoPortalService (LenovoPortalService) . (.Copyright © 2012.) - C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe =>.LENOVO®
SR - Auto [11/07/2015] [ 415520] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
SR - Auto [22/07/2015] [ 937800] NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe =>.NVIDIA Corporation®
SR - Auto [08/06/2017] [ 304408] Unchecky (Unchecky) . (.RaMMicHaeL.) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe =>.Reason Software Company Inc.®
SR - Auto [08/09/2015] [ 226216] Update Agent (UpdateAgentService) . (.Copyright (C) 2015.) - C:\Program Files\update\UpdateAgent.exe =>.LENOVO®

---\\ Task Planned Automatically (27) - 10s
[MD5.6DC44621EA6A06A7EC2F71C5D788FF3F] [APT] [Adobe Flash Player PPAPI Notifier] (.Adobe Systems Incorporated.) -- C:\Windows\syswow64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [1278456] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.99CE7A1C3AB82125EE3FDB446418865B] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\syswow64\Macromed\Flash\FlashPlayerUpdateService.exe [271864] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.866FF7A49542CDBBF7EE0FD4FD0ADC02] [APT] [Avast Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2326672] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
[MD5.0A7AF85A818C667B72178FF58013D181] [APT] [PDVDServ12 Task] (.CyberLink Corp..) -- C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432] (.Activate.) =>.CyberLink Corp.®
[MD5.BDD7B0DEE5A5B880FD522B1780C01FD3] [APT] [PrivaZer_SkipUAC] (.Goversoft LLC.) -- C:\Program Files (x86)\PrivaZer\PrivaZer.exe [15056648] (.Activate.) =>.Goversoft®
[MD5.F485EE3C484D9874E9DD75E6B4FEE332] [APT] [SafeZone scheduled Autoupdate 1496953941] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [927264] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.B20E17DEF5802E4282713D07599FE881] [APT] [Lenovo\Experience Improvement] (.Lenovo.) -- C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [287688] (.Activate.) =>.LENOVO®
[MD5.5165E05EFBC79CEB537E45B54E2DD9D3] [APT] [Lenovo\Lenovo Solution Center Launcher] (.Copyright © 2017.) -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264000] (.Activate.) {0ADB0F98F5501B90B7DC533E7F44BCD0}
[MD5.182160D3B3F70D8D57CBFD5EF1777F7F] [APT] [Lenovo\QuickOptimizer] (.Lenovo.) -- C:\Program Files\Lenovo\QuickOptimizer\QuickOptimizerIcon.exe [1149344] (.Activate.) =>.LENOVO®
[MD5.2AD4632906268AA23F2E52792A5580EB] [APT] [Lenovo\REACHit Agent Startup] (.Lenovo.) -- C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664] (.Activate.) =>.LENOVO®
[MD5.2AD4632906268AA23F2E52792A5580EB] [APT] [Lenovo\REACHit Agent Update] (.Lenovo.) -- C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664] (.Activate.) =>.LENOVO®
[MD5.AB66299C019B066CD65D3A0F0EB18634] [APT] [Lenovo\SHPrompt] (.Copyright © 2015.) -- C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [829344] (.Activate.) =>.LENOVO®
[MD5.02621F924B63C85E8CBE119452F450AB] [APT] [Lenovo\SHUpdate] (.Copyright © 2015.) -- C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [808352] (.Activate.) =>.LENOVO®
[MD5.9945D817B19B26FB6CB91235678DD86C] [APT] [Lenovo\LSC\Lenovo Solution Center Notifications] (.Lenovo.) -- C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321280] (.Activate.) {0ADB0F98F5501B90B7DC533E7F44BCD0} =>.Lenovo
[MD5.7B15688A2AB515FA6D07A360E117B1E4] [APT] [Lenovo\LSC\LSCHardwareScan] (.Lenovo.) -- C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10175808] (.Activate.) {0ADB0F98F5501B90B7DC533E7F44BCD0} =>.Lenovo
O39 - APT: Adobe Flash Player PPAPI Notifier - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier [4606] =>.Adobe Systems Incorporated®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater [4412] =>.Adobe Systems Incorporated®
O39 - APT: Avast Emergency Update - (.AVAST Software.) -- C:\WINDOWS\System32\Tasks\Avast Emergency Update [3994] =>.AVAST Software s.r.o.®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore [3292] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA [3416] =>.Google Inc®
O39 - APT: Unknown - (.Microsoft Corporation.) -- C:\WINDOWS\System32\Tasks\OFFICE2013ACT [2740] =>.Microsoft Corporation
O39 - APT: Unknown - (.Microsoft Corporation.) -- C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 [3306] =>.Microsoft Corporation
O39 - APT: PDVDServ12 Task - (.CyberLink Corp..) -- C:\WINDOWS\System32\Tasks\PDVDServ12 Task [2212] =>.CyberLink Corp.®
O39 - APT: PrivaZer_SkipUAC - (.Goversoft LLC.) -- C:\WINDOWS\System32\Tasks\PrivaZer_SkipUAC [3204] =>.Goversoft®
O39 - APT: SafeZone scheduled Autoupdate 1496953941 - (.Avast Software.) -- C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1496953941 [4022] =>.AVAST Software s.r.o.®

---\\ Auto loading programs from Registry and folders (15) - 5s
O4 - HKLM\..\Run: [SecurityHealth] . (.Microsoft Corporation - Windows Defender notification icon.) -- C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Windows®
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM\..\Run: [RtHDVBg_LENOVO_MICPKEY] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe =>.Intel Corporation
O4 - HKLM\..\Run: [UMonit] . (.Copyright (C) 2008 - ChangeIcon MFC Application.) -- C:\Windows\syswow64\UMonit64.exe =>.Microsoft Windows Hardware Compatibility Publisher®
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) -- C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
O4 - HKCU\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems, Incorporated®
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe =>.CyberLink®
O4 - HKLM\..\Wow6432Node\Run: [jmekey] . (.Lenovo - Lenovo Black Silk USB Keyboard.) -- C:\Windows\jmesoft\hotkey.exe =>.Lenovo
O4 - HKLM\..\Wow6432Node\Run: [jmesoft] . (...) -- C:\Windows\jmesoft\ServiceLoader.exe =>.Lenovo Group Limited
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe =>.CyberLink®
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\syswow64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\syswow64\OneDriveSetup.exe =>.Microsoft Windows®
O4 - HKUS\S-1-5-21-113026621-1705679920-3439515112-1001\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®

---\\ Process running (28) - 4s
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 353.6.) -- C:\Windows\system32\nvvsvc.exe [0] [PID.1936] =>.NVIDIA Corporation
[MD5.93A49F8ECC625EE8FD3BFC3C5FEB8D47] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1285568] [PID.2152] =>.NVIDIA Corporation®
[MD5.00000000000000000000000000000000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 353.6.) -- C:\WINDOWS\system32\nvvsvc.exe [0] [PID.2228] =>.NVIDIA Corporation
[MD5.1DFC3CCA51785254C5604238BB1A5467] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680] [PID.3440] =>.Intel Corporation
[MD5.E2CFDA7E9606FD5ECAB93E4817414661] - (...) -- C:\Windows\jmesoft\Service.exe [32768] [PID.3448] =>.JMESoft
[MD5.B09F2F6281571FBA7387164DE91A24E2] - (.Copyright © 2012 - LenovoPortalService.) -- C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312] [PID.3480] =>.LENOVO®
[MD5.20A45C0EBFABDCAF6FB3BCF6867EB145] - (.RaMMicHaeL - Unchecky Service.) -- C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408] [PID.3488] =>.Reason Software Company Inc.®
[MD5.C04364B8E131D84F0624F1D88FCD2BCC] - (.Copyright (C) 2015 - UpdateAgent Application.) -- C:\Program Files\update\UpdateAgent.exe [226216] [PID.3500] =>.LENOVO®
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.3524] =>.Adobe Systems, Incorporated®
[MD5.CD4546A3ECA0DD8534A6097DF7C2028E] - (.Lenovo - RapidBoot HDD Accelerator Service.) -- C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768] [PID.3752] =>.Lenovo
[MD5.D3590D0F65BBD8A61C814360B5E8AF48] - (.RaMMicHaeL - Unchecky Background Process.) -- C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [624920] [PID.6000] =>.Reason Software Company Inc.®
[MD5.0A7AF85A818C667B72178FF58013D181] - (.CyberLink Corp. - PowerDVD Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432] [PID.7320] =>.CyberLink Corp.®
[MD5.182160D3B3F70D8D57CBFD5EF1777F7F] - (.Lenovo - QuickOptimizerIcon.exe.) -- C:\Program Files\Lenovo\QuickOptimizer\QuickOptimizerIcon.exe [1149344] [PID.7328] =>.LENOVO®
[MD5.5E22E4A24B7F269A7483F346FCE83B15] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952] [PID.7584] =>.Realtek Semiconductor Corp®
[MD5.C22B91B0326ED4B288920B3D849B1E9A] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1413384] [PID.7652] =>.Realtek Semiconductor Corp®
[MD5.EDBD0648A97D4485E24F21C50F9FCB49] - (.Copyright (C) 2008 - ChangeIcon MFC Application.) -- C:\Windows\syswow64\UMonit64.exe [53832] [PID.7768] =>.Microsoft Windows Hardware Compatibility Publisher®
[MD5.8FE697AB8A4C28D79C1CDB97C6FB1A17] - (.AVAST Software - Avast Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [8470464] [PID.7828] =>.AVAST Software s.r.o.®
[MD5.0B427D9943C838620AFA30CBB24A6D77] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720] [PID.7976] =>.CyberLink®
[MD5.17716C3DD52BF815291D80FAAF329AC7] - (.Lenovo - Lenovo Black Silk USB Keyboard.) -- C:\Windows\jmesoft\hotkey.exe [118784] [PID.8020] =>.Lenovo
[MD5.CB0B43F1D326AFFA5AA54954B2001233] - (.版权所有 (C) 2011 - Lenovo_LOAD.) -- C:\Windows\jmesoft\JME_LOAD.exe [24576] [PID.8176]
[MD5.8F9FC35D5BF32D39B26ECAE4052E3D62] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472] [PID.6980] =>.Intel Corporation - Rapid Storage Technology®
[MD5.DE70C5C10803C700DC1CFDE2D5CF207A] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520] [PID.7820] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
[MD5.1CE3A27B6B0658F4242AB2DECE69704E] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520] [PID.6912] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
[MD5.9945D817B19B26FB6CB91235678DD86C] - (.Lenovo - Lenovo Solution Center Notifications.) -- C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321280] [PID.11992] {0ADB0F98F5501B90B7DC533E7F44BCD0} =>.Lenovo
[MD5.FFB9D0049B03ABEF69E271D21FCDE496] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Doneff Family\Desktop\ZHPDiag3.exe [2741760] [PID.10824] =>.Nicolas Coolman
[MD5.7B15688A2AB515FA6D07A360E117B1E4] - (.Lenovo - Lenovo Solution Center.) -- C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10175808] [PID.1428] {0ADB0F98F5501B90B7DC533E7F44BCD0} =>.Lenovo
[MD5.BC986F83A536E0BF70DD62EB17F89755] - (.Copyright © 2017 - LSC.ModulesController.Proxy.) -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.ModulesController.Proxy.exe [268104] [PID.11560] {0ADB0F98F5501B90B7DC533E7F44BCD0}
[MD5.3E398D5C6B4301EA8D7DD90A32EF126D] - (...) -- C:\Program Files\Lenovo\Lenovo Solution Center\QtWebEngineProcess.exe [15360] [PID.10604]

---\\ Google Chrome, Start,Search,Extensions (24) - 2s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://app.standsapp.org
G0 - GCSP: Preferences [User Data\Default][HomePage] http://cdnjs.cloudflare.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://connect.facebook.net =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://nicolascoolman.eu =>.Nicolas Coolman
G0 - GCSP: Preferences [User Data\Default][HomePage] http://stands-app
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.paypalobjects.com
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com/ =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [dcnofaichneijfbkdkghmhjjbepjmble] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [lgblnfidahcdcjddiepkckcfdhpknnjh] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [nmkinhboiljjkhaknpaeaicmdjhagpep] F.B.(FluffBusting)Purity
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pifnaclcibjejklkfjegfcbagcdkidim] Gir Theme
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

---\\ Internet Explorer Extensions, Start, Search (16) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo15.msn.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =





















R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

---\\ Internet Explorer, Proxy Management (3) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft

---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=

---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (60)

---\\ Global shortcuts Startup (57) - 15s
O4 - GS\Desktop [Administrator]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\Desktop [Administrator]: Fonts - Shortcut.lnk . (...) C:\Windows\Fonts
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\Desktop [Doneff Family]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\Desktop [Doneff Family]: Fonts - Shortcut.lnk . (...) C:\Windows\Fonts
O4 - GS\Desktop [Doneff Family]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Doneff Family]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
O4 - GS\sendTo [Doneff Family]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Doneff Family]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Doneff Family]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Doneff Family]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Doneff Family]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\Desktop [Guest]: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) C:\Users\Doneff Family\Desktop\JJ Doneff\Audacity\audacity.exe =>.The Audacity Team
O4 - GS\Desktop [Guest]: Fonts - Shortcut.lnk . (...) C:\Windows\Fonts
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: Lenovo Solution Center.lnk . (.Lenovo - .) C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe =>.Lenovo
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Windows®
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Adobe Reader X.lnk . (...) C:\WINDOWS\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico =>.Adobe Inc.
O4 - GS\ProgramsCommon [Public]: AION Free-to-Play.lnk . (.NCSOFT Corporation - NCLauncher Module.) C:\Program Files (x86)\Gameforge\NCLauncher\NCLauncher.exe /LauncherID:"GameForge" /CompanyID:"11" /GameID:"AION-LIVE" /LUpdateAddr:"update.aion.gfsrv.net" {366C2B10328E277287161D1967E68BB5} =>.NCSOFT Corporation
O4 - GS\ProgramsCommon [Public]: Avast Internet Security.lnk . (.AVAST Software - Avast Antivirus.) C:\Program Files\AVAST Software\Avast\AvastUI.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office.) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) C:\Program Files (x86)\PrivaZer\PrivaZer.exe =>.Goversoft®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation

---\\ Lop.com/Domain Hijackers (2) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC
O17 - HKLM\System\CCS\Services\Tcpip\..\{55cca939-eda2-47d0-8952-4a628b980a60}: DhcpNameServer = 209.18.47.61 209.18.47.62 =>.USA Rochester Time Warner Cable Internet LlC

---\\ Extra protocols (22) - 2s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\syswow64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\syswow64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\syswow64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\syswow64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\syswow64\itss.dll =>.Microsoft Corporation
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\syswow64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\syswow64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\syswow64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\syswow64\tbauth.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\syswow64\mscoree.dll =>.Microsoft Corporation

---\\ Software installed (64) - 16s
O42 - Logiciel: Adobe Flash Player 25 PPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player PPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Reader X (10.1.16) MUI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-FFFF-7B44-AA0000000001} =>.Adobe Systems Incorporated
O42 - Logiciel: Aion - (.NC Interactive, LLC.) [HKLM][64Bits] -- {B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB} =>.NC Interactive, LLC
O42 - Logiciel: AION Free-to-Play - (.Gameforge 4D GmbH.) [HKLM][64Bits] -- {82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1 {49D80AD8998E76D517F144E117F53BE1} =>.Gameforge 4D GmbH
O42 - Logiciel: Avast Internet Security - (.AVAST Software.) [HKLM][64Bits] -- Avast Antivirus =>.AVAST Software s.r.o.®
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {AF312B06-5C5C-468E-89B3-BE6DE2645722} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F} =>.Cisco Systems, Inc.
O42 - Logiciel: Components - (.Lenovo.) [HKLM][64Bits] -- {1720B0E0-C520-43A6-B677-97A1D80F3B99} =>.Lenovo
O42 - Logiciel: Driver and Application Installation - (.Lenovo.) [HKLM][64Bits] -- {6EC299C6-074C-4529-8D5F-2798584BB27B} =>.LENOVO®
O42 - Logiciel: Fiesta Online NA version 1.0 - (.gamigo AG.) [HKLM][64Bits] -- Fiesta Online NA_is1 =>.gamigo AG
O42 - Logiciel: Genesys USB Mass Storage Device - (.Genesys Logic.) [HKLM][64Bits] -- {959B7F35-2819-40C5-A0CD-3C53B5FCC935} =>.Genesys Logic
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] -- Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel Corporation.) [HKLM][64Bits] -- {8C91A5EB-2C62-4A6D-8802-CC79FD2ED390} =>.Intel Corporation
O42 - Logiciel: Intel(R) Chipset Device Software - (.Intel(R) Corporation.) [HKLM][64Bits] -- {60c073df-e736-4210-9c3a-5fc2b651cef3} =>.Intel Corporation - Software and Firmware Products®
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {1CEAC85D-2590-4760-800F-8DE5E91F3700} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {3D6D679B-3ECE-48DD-85D6-8ECE8D497080} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {BCD55758-61DB-426D-BC56-72C9ADB2092F} =>.Intel Corporation
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {DD20EECC-5CAA-4658-B15D-2A5DCE686321} =>.Intel Corporation
O42 - Logiciel: Intel(R) ME UninstallLegacy - (.Intel Corporation.) [HKLM][64Bits] -- {D2E7A6EE-AB1A-4D68-8E1C-FFE2B4B5429B} =>.Intel Corporation
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {205AE40D-8AD7-4F29-A430-DD2168DA562D} =>.Intel Corporation
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {409CB30E-E457-4008-9B1A-ED1B9EA21140} =>.Intel Corporation
O42 - Logiciel: Intel® Security Assist - (.Intel Corporation.) [HKLM][64Bits] -- {4B230374-6475-4A73-BA6E-41015E9C5013} =>.Intel Corporation
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {7D84E343-A23D-451C-B123-0195B2D903A6} =>.Intel Corporation
O42 - Logiciel: Lenovo Accelerator Application - (.Lenovo.) [HKLM][64Bits] -- {10672FE6-3D50-4F79-B0C7-A5573A5D415D} =>.LENOVO®
O42 - Logiciel: Lenovo Blacksilk USB Keyboard Driver - (.Lenovo.) [HKLM][64Bits] -- {B266E062-D6C5-485B-B426-51B152B041A6} =>.Lenovo
O42 - Logiciel: Lenovo Experience Improvement - (.Lenovo.) [HKLM][64Bits] -- LenovoExperienceImprovement =>.LENOVO®
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- {40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] -- {B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo PowerDVD12 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo QuickOptimizer - (.Lenovo.) [HKLM][64Bits] -- {8D2C871B-1B9F-45AC-9C43-2BB18089CDFA} =>.Lenovo
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] -- {46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink Corp.®
O42 - Logiciel: Lenovo Solution Center - (.Lenovo.) [HKLM][64Bits] -- {7BB9AAFD-3350-49C8-92D1-833AAFF9E74E} =>.Lenovo
O42 - Logiciel: Lenovo System Interface Foundation - (.Lenovo.) [HKLM][64Bits] -- {C2E5CA37-C862-4A69-AC6D-24F450A20C16} =>.Lenovo
O42 - Logiciel: Manual - (.Lenovo.) [HKLM][64Bits] -- {693F92E5-37D1-46B7-A0D6-19A74A2FD0EC} =>.LENOVO®
O42 - Logiciel: Metric Collection SDK 35 - (.Lenovo Group Limited.) [HKLM][64Bits] -- {C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} =>.Lenovo Group Limited
O42 - Logiciel: Microsoft OneDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- OneDriveSetup.exe =>.Microsoft Windows®
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: NCSOFT Game Launcher - (.NCSOFT.) [HKLM][64Bits] -- NCLauncher_NCWest =>.NCsoft Corp.®
O42 - Logiciel: NVIDIA Control Panel 376.54 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Graphics Driver 353.62 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA HD Audio Driver 1.3.34.3 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA Install Application - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer =>.NVIDIA Corporation
O42 - Logiciel: NVIDIA PhysX System Software 9.15.0428 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX =>.NVIDIA Corporation
O42 - Logiciel: PrivaZer - (.Goversoft LLC.) [HKLM][64Bits] -- PrivaZer =>.Goversoft®
O42 - Logiciel: REACHit - (.Lenovo.) [HKLM][64Bits] -- {4532E4C5-C84D-4040-A044-ECFCC5C6995B} =>.Lenovo
O42 - Logiciel: REALTEK Bluetooth Filter Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9D3D8C60-A5EF-4123-B2B9-172095903AD} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek Ethernet Controller All-In-One Windows Driver - (.Realtek.) [HKLM][64Bits] -- {F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F} =>.Realtek
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9DAABC60-A5EF-41FF-B2B9-17329590CD5} =>.Realtek Semiconductor Corp®
O42 - Logiciel: SafeZone Stable 3.55.2393.596 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 3.55.2393.596 =>.AVAST Software s.r.o.®
O42 - Logiciel: SHAREit - (.Lenovo.) [HKLM][64Bits] -- SHAREit_is1 =>.LENOVO®
O42 - Logiciel: SoftMaker FreeOffice 2016 - (.SoftMaker Software GmbH.) [HKLM][64Bits] -- {8EBB8452-274B-465D-8324-00B0832FBB05} =>.SoftMaker Software GmbH
O42 - Logiciel: Unchecky v1.0.2 - (.RaMMicHaeL.) [HKLM][64Bits] -- Unchecky =>.Reason Software Company Inc.®
O42 - Logiciel: Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) - (.Genesys Logic.) [HKLM][64Bits] -- AE2E6FAB44844413B4C6F53C908EACC8AFC838F0 =>.Genesys Logic
O42 - Logiciel: Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.53 - (.NVIDIA.) [HKLM][64Bits] -- 81C36D5B443FFB6F528F76BD424D750C53ADF10E =>.NVIDIA
O42 - Logiciel: Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/16/2015 1.3. - (.NVIDIA Corporation.) [HKLM][64Bits] -- E1EF4D4E1E41BA85DB6DA51424B73AE1B3F0056A =>.NVIDIA Corporation
O42 - Logiciel: Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.20 - (.Realtek.) [HKLM][64Bits] -- 6A304520C2F25CD034E477A379C47308AA84A2DC =>.Realtek
O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetoot - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- 604A7B07184AD24892732BED4543610976632257 =>.Realtek Semiconductor Corp.
O42 - Logiciel: Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/ - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- 5D078DEFD18360A7A64D38392C9F1007DC86AE23 =>.Realtek Semiconductor Corp.
O42 - Logiciel: WinRAR 5.40 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH®

---\\ HKCU & HKLM Software Keys (49) - 16s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\CyberLink =>.CyberLink Corporation
HKLM\SOFTWARE\Wow6432Node\Gameforge =>.Gameforge
HKLM\SOFTWARE\Wow6432Node\Genesys Logic =>.Genesys Logic
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Lake =>.Lake Sofware
HKLM\SOFTWARE\Wow6432Node\Lenovo =>.Lenovo
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\NC Interactive, LLC =>.NC Interactive, LLC
HKLM\SOFTWARE\Wow6432Node\NCWest
HKLM\SOFTWARE\Wow6432Node\Network Associates =>.Network Associates
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.nVidia Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\PlayNC
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\RtWLan =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\SoftMaker Software GmbH =>.SoftMaker Software GmbH
HKLM\SOFTWARE\Wow6432Node\SRS Labs =>.SRS Labs
HKLM\SOFTWARE\Wow6432Node\Unchecky =>.RaMMicHaeL
HKLM\SOFTWARE\Wow6432Node\WinRAR =>.WinRAR
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Aion =>.NCsoft Corporation, Ltd.
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\CyberLink =>.CyberLink Corporation
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\lenovo =>.Lenovo
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\NVIDIA Corporation =>.nVidia Corporation
HKCU\SOFTWARE\plaync
HKCU\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\SoftMaker Software GmbH =>.SoftMaker Software GmbH
HKCU\SOFTWARE\Unchecky =>.RaMMicHaeL
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.RarLab
HKCU\SOFTWARE\WOW6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

---\\ Contents of the Common Files folders (162) - 26s
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\DIFX =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Lenovo =>.Lenovo
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\mcafee =>.McAfee
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\mcafee.com =>.McAfee Inc.
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Realtek =>.Realtek
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\update =>.Unknown
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\Windows Security =>.Unknown
O43 - CFD: 08/06/2017 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Cyberlink =>.CyberLink Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Gameforge {366C2B10328E277287161D1967E68BB5} =>.Gameforge
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\gamigo =>.gamigo AG®
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Genesyslogic =>.Microsoft Windows Hardware Compatibility Publisher®
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 08/06/2017 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Lenovo =>.Lenovo
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\McAfee =>.McAfee
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\NCSOFT =>.NCSOFT
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\NCWest =>.NCWest
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\PrivaZer =>.Goversoft LLC
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver =>.Realtek Semiconductor Corp.
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Unchecky =>.RaMMicHaeL
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\WinRAR =>.win.rar GmbH®
O43 - CFD: 08/09/2015 - [] RAD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] RAD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - [] RAD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo =>.gamigo
O43 - CFD: 08/06/2017 - [] AD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel =>.Intel Corporation
O43 - CFD: 08/06/2017 - [] AD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo =>.Lenovo
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] AD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT =>.NCSOFT
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest =>.NCWest
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker FreeOffice 2016 =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] RAD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 10/07/2015 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky =>.RaMMicHaeL
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Lenovo =>.Lenovo
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 08/06/2017 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\NVIDIA =>.nVidia Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\NVIDIA Corporation =>.nVidia Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Office2013 =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\OneKey Recovery =>.Lenovo Group Limited
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\privazer =>.Goversoft LLC
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Realtek =>.Realtek
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] D -- C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] D -- C:\ProgramData\SWCUTemp
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Temp =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\Unchecky =>.RaMMicHaeL
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\WindowsHolographicDevices
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\Intel Corporation =>.Intel Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\LENOVO =>.Lenovo
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\McAfee =>.McAfee
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\PostureAgent =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Google =>.Google
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Intel Corporation =>.Intel Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Lenovo =>.Lenovo
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\LSC =>.LSC
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 08/06/2017 - [] SD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\SoftMaker =>.SoftMaker
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 08/06/2017 - [0] D -- C:\Users\Doneff Family\AppData\Local\Adobe =>.Adobe
O43 - CFD: 08/06/2017 - [0] SHD -- C:\Users\Doneff Family\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\CEF =>.CEF
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Google =>.Google
O43 - CFD: 08/06/2017 - [0] SHD -- C:\Users\Doneff Family\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Lenovo =>.Lenovo
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Power2Go =>.Power2Go
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\PrivaZer =>.Goversoft LLC
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] SHD -- C:\Users\Doneff Family\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] D -- C:\Users\Doneff Family\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 08/06/2017 - [0] D -- C:\Users\Doneff Family\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer =>.Goversoft LLC
O43 - CFD: 08/06/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
O43 - CFD: 08/06/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] RD -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 08/06/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [0] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\DBG =>.DBG
O43 - CFD: 08/06/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/06/2017 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft Corporation

---\\ ShellIconOverlayIdentifiers (SIOI) (7) - 0s
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: ReadOnlyOverlayHandler Class [ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll =>.Microsoft Windows®
O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) -- C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®

---\\ Image File Execution Options (17) - 1s
O50 - IFEO:C:\Windows\System32\cscript.exe - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\dllhost.exe - (.Microsoft Corporation - COM Surrogate.) [DisableExceptionChainValidation\\3] =>.Microsoft Windows®
O50 - IFEO:C:\WINDOWS\System32\drvinst.exe - (.Microsoft Corporation - Driver Installation Module.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\ie4uinit.exe - (.Microsoft Corporation - IE Per-User Initialization Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\ieUnatt.exe - (.Microsoft Corporation - IE 7.0 Unattended Install Utility.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mmc.exe - (.Microsoft Corporation - Microsoft Management Console.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\msfeedssync.exe - (.Microsoft Corporation - Microsoft Feeds Synchronization.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\mshta.exe - (.Microsoft Corporation - Microsoft (R) HTML Application host.) [MitigationOptions\\256] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\PresentationHost.exe - (.Microsoft Corporation - Windows Presentation Foundation Host.) [MitigationOptions\\1118481] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\PrintIsolationHost.exe - (.Microsoft Corporation - PrintIsolationHost.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\rundll32.exe - (.Microsoft Corporation - Windows host process (Rundll32).) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\runtimebroker.exe - (.Microsoft Corporation - Runtime Broker.) [MitigationOptions\\4294967296] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\searchprotocolhost.exe - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation
O50 - IFEO:C:\WINDOWS\System32\spoolsv.exe - (.Microsoft Corporation - Spooler SubSystem App.) [MitigationOptions\\2097152] =>.Microsoft Corporation
O50 - IFEO:C:\Windows\System32\svchost.exe - (.Microsoft Corporation - Host Process for Windows Services.) [MinimumStackCommitInBytes\\32768] =>.Microsoft Windows Publisher®
O50 - IFEO:C:\Windows\System32\wscript.exe - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) [DisableExceptionChainValidation\\3] =>.Microsoft Corporation

---\\ System Drivers List (75) - 8s
O58 - SDL:2017/03/18 16:56:25 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [107424] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [1135512] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [83352] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [259488] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [27040] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [132000] =>.Microsoft Windows®
O58 - SDL:2017/06/08 16:29:12 A . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) -- C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [311808] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:13 A . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) -- C:\WINDOWS\System32\drivers\aswbidsha.sys [190256] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:13 A . (.AVAST Software s.r.o. - Logging Driver.) -- C:\WINDOWS\System32\drivers\aswbloga.sys [334576] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:13 A . (.AVAST Software s.r.o. - Universal Driver.) -- C:\WINDOWS\System32\drivers\aswbuniva.sys [49016] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:46 A . (.AVAST Software - Avast HWID.) -- C:\WINDOWS\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/06/08 16:31:29 A . (.AVAST Software - Avast Keyboard Filter Driver.) -- C:\WINDOWS\System32\drivers\aswKbd.sys [32600] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:47 A . (.AVAST Software - Avast File System Minifilter for Windows 20.) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [128648] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:14 A . (.AVAST Software - Avast Firewall Driver.) -- C:\WINDOWS\System32\drivers\aswNetSec.sys [507928] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:46 A . (.AVAST Software - Avast WFP Redirect Driver.) -- C:\WINDOWS\System32\drivers\aswRdr2.sys [101152] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:47 A . (.AVAST Software - Avast Revert.) -- C:\WINDOWS\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/06/08 16:29:19 A . (.AVAST Software - Avast Virtualization Driver.) -- C:\WINDOWS\System32\drivers\aswSnx.sys [1007160] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:47 A . (.AVAST Software - Avast self protection module.) -- C:\WINDOWS\System32\drivers\aswSP.sys [569192] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:30:32 A . (.AVAST Software - Stream Filter.) -- C:\WINDOWS\System32\drivers\aswstm.sys [158880] =>.AVAST Software s.r.o.®
O58 - SDL:2017/06/08 16:29:47 A . (.AVAST Software - Avast VM Monitor.) -- C:\WINDOWS\System32\drivers\aswVmm.sys [339696] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/03/18 16:56:25 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [9728] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [533920] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys [102816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys [347032] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys [2104224] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:23 A . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys [3419040] =>.Microsoft Windows®
O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - HDD Accelerator Driver.) -- C:\WINDOWS\System32\drivers\Fastboot.sys [67608] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - fsmon driver.) -- C:\WINDOWS\System32\drivers\FBFsmon.sys [39448] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/09/08 09:04:16 A . (.Windows (R) Win 7 DDK provider - Network throttling driver.) -- C:\WINDOWS\System32\drivers\FBNetFlt.sys [32792] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/07/15 06:54:02 A . (.GenesysLogic - GeneStor.) -- C:\WINDOWS\System32\drivers\GeneStor.sys [115704] =>.GENESYS LOGIC, INC.®
O58 - SDL:2017/03/18 16:56:25 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys [33280] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [81408] =>.Intel(R) Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:28 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448] =>.Intel Corporation
O58 - SDL:2017/03/18 16:56:23 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128] =>.Intel Corporation - Client Components Group®
O58 - SDL:2017/03/18 16:56:19 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152] =>.Intel Corporation
O58 - SDL:2015/06/23 18:58:58 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver -.) -- C:\WINDOWS\System32\drivers\iaStorA.sys [1455552] =>.Intel Corporation - Rapid Storage Technology®
O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [673184] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [412064] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys [526240] =>.Microsoft Windows®
O58 - SDL:2017/06/08 16:30:32 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\lpsport.sys [61304] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [123808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [103328] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [82848] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [59808] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys [64416] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [575904] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys [842656] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [63904] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [108960] =>.Microsoft Windows®
O58 - SDL:2017/01/17 06:55:40 A . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\WINDOWS\System32\drivers\nvhda64v.sys [221640] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150432] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [166304] =>.Microsoft Windows®
O58 - SDL:2017/01/17 06:56:56 A . (.NVIDIA Corporation - Stereoscopic 3D USB controller driver.) -- C:\WINDOWS\System32\drivers\nvstusb.sys [478272] =>.NVIDIA Corporation®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [58784] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [61848] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:26 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Dri.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [604160] =>.Realtek
O58 - SDL:2015/06/15 18:37:26 A . (.Realtek Semiconductor Corporation - Realtek Bluetooth Filter Driver.) -- C:\WINDOWS\System32\drivers\RtkBtfilter.sys [598784] =>.Realtek Semiconductor Corp®
O58 - SDL:2015/09/30 13:58:16 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys [4608280] =>.Realtek Semiconductor Corp®
O58 - SDL:2017/03/18 16:56:20 A . (.Realtek Semiconductor Corporation - Realtek PCIE NDIS Driver 47528 20362.) -- C:\WINDOWS\System32\drivers\rtwlane.sys [6320640] =>.Realtek Semiconductor Corporation
O58 - SDL:2017/03/18 16:56:26 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\SDFRd.sys [31128] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [44960] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [81824] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [31136] =>.Microsoft Windows®
O58 - SDL:2015/09/04 13:29:06 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [195336] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2016/08/16 03:18:34 A . (.MBB - USB Modem/Serial Device Driver.) -- C:\WINDOWS\System32\drivers\usb2ser.sys [159936] =>.NGO®
O58 - SDL:2017/03/18 16:56:25 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [166816] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [305568] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys [32160] =>.Microsoft Windows®
O58 - SDL:2017/03/18 16:56:25 A . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys [64920] =>.Microsoft Windows®
O58 - SDL:2012/06/13 20:10:32 A . (."CyberLink - Cyberlink Virtual Disk Driver.) -- C:\WINDOWS\System32\drivers\wsvd.sys [102376] =>.CyberLink®

---\\ Last modified or created user files (3) - 6s
O61 - LFC: 2017/06/08 01:10:46 A . (..) -- C:\Users\Doneff Family\Desktop\Games\ProjectGorgonLauncherWin\ProjectGorgonLauncherWin.exe [16834560]
O61 - LFC: 2017/06/08 01:10:46 A . (..) -- C:\Users\Doneff Family\Desktop\Games\ProjectGorgonLauncherWin\ProjectGorgonLauncherWin_Data\Managed\Assembly-CSharp.dll [58880]
O61 - LFC: 2017/06/08 01:10:46 A . (..) -- C:\Users\Doneff Family\Desktop\Games\ProjectGorgonLauncherWin\ProjectGorgonLauncherWin_Data\Managed\UnityEngine.dll [972800]

---\\ File Associations Shell Spawning (10) - 1s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S

---\\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <SafeZoneStable> <SafeZone Stable>[HKLM\..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

---\\ Search Browser Infection (2) - 0s
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {D79BB3A3-DB24-49D3-A463-680951CD61C4} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com

---\\ Search Svchost Services (47) - 1s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [189952] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [303616] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll [1269248] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\WINDOWS\System32\ikeext.dll [934912] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll [996864] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [31232] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll [138752] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\WINDOWS\system32\iscsiexe.dll [150016] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll [108032] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\WINDOWS\system32\schedsvc.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [221696] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [133120] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\WINDOWS\system32\profsvc.dll [413696] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\WINDOWS\System32\wercplsupport.dll [91648] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\WINDOWS\system32\WpnService.dll [276480] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) -- C:\WINDOWS\system32\flightsettings.dll [699904] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
O83 - Search Svchost Services: TokenBroker (TokenBroker) . (.Microsoft Corporation - Token Broker.) -- C:\Windows\System32\TokenBroker.dll [1054720] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxGipSvc (XboxGipSvc) . (.Microsoft Corporation - Xbox Gip Management Service.) -- C:\WINDOWS\System32\XboxGipSvc.dll [18944] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll [233984] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\WINDOWS\system32\themeservice.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: xbgm (xbgm) . (.Microsoft Corporation - Xbox Game Monitoring Service.) -- C:\WINDOWS\System32\xbgmsvc.dll [301216] =>.Microsoft Windows Publisher®
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll [261632] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\WINDOWS\System32\bdesvc.dll [385536] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\WINDOWS\System32\usermgr.dll [877568] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [199168] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll [167424] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\WINDOWS\system32\wlidsvc.dll [2155008] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll [1135104] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\Windows\System32\Windows.Internal.Management.dll [536064] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll [1013248] =>.Microsoft Corporation
O83 - Search Svchost Services: NaturalAuthentication (NaturalAuthentication) . (.Microsoft Corporation - Natural Authentication Service.) -- C:\WINDOWS\System32\NaturalAuth.dll [723968] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\WINDOWS\system32\usocore.dll [681984] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll [43520] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\WINDOWS\System32\irmon.dll [24576] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [104448] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [871936] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [490496] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll [69632] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll [537600] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [306688] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\WINDOWS\system32\wuaueng.dll [2443264] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll [1159680] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [612864] =>.Microsoft Corporation

---\\ List of CD/DVD Emulators (MBR Hook) (2) - 0s
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FiestaOnlineDownloader_US_RASAPI32 =>PUP.Optional.SoftwareEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FiestaOnlineDownloader_US_RASMANCS =>PUP.Optional.SoftwareEngine

---\\ Additional Scan (O88) (4) - 1s
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FiestaOnlineDownloader_US_RASAPI32 =>PUP.Optional.SoftwareEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FiestaOnlineDownloader_US_RASMANCS =>PUP.Optional.SoftwareEngine
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet

---\\ Summary of the elements found (2) - 0s
https://www.nicolascoolman.com/fr/hijacker-trovigo/ =>PUP.Optional.SoftwareEngine
https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.Superfluous.CloudfrontNet

~ Unselected Options:
~ End of the scan, 18939 items in 03mn30s (850)(0)
 
Some malicious items have returned with the system restore, I will answer your question about the programs in my next post.

Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all other the running programs
  • Disable ALL Antivirus -- Antimalware -- Applications.
  • Right Click Rogue Killer and Run as Administrator.
  • Click the Start Scan button.
  • Allow the scan to run -- it can take ten minutes or more.
  • Once the scan is complete check All items for removal.
  • upload_2017-2-23_10-55-54-png.1658

  • After All items are checked then press Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on open report -- then open txt
  • Copy the content of the report and paste it here in your next reply.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Malwarebytes.
  • Download MalwareBytes Anti-Malware : https://www.malwarebytes.com/mwb-download/ take the free version ( on the left )
  • Perform the installation
  • Uncheck "Enable Free Trial of Malwarebytes Anti-Malware Premium" if it's asked
  • Malwarebytes will update, let this update,
  • Click on the "Settings" tab and then on the "Detection and Protection" tab, Check the box "Search for Rootkits"
  • Click on the "Analysis" tab and then on "Start analysis"
  • Once the review is complete, check that all detections are checked and then click [Delete Selection]
  • If Malwarebytes asks you to restart your PC, click "Yes"
  • When restarting your PC, restarts Malwarebytes
  • Opens the "History" tab and then "Application logs"
  • Double click on the last Scan Log in date (the one above)
  • At the bottom click [Export] -> select "Text file (* .txt)"
  • In the explorer selects the desktop, name it mbam.txt, click [Save]
 
RogueKiller V12.11.1.0 (x64) [Jun 4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Doneff Family [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/09/2017 20:48:23 (Duration : 00:19:18)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0234331496953170mcinstcleanup (C:\WINDOWS\TEMP\023433~1.EXE -cleanup -nolog) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-113026621-1705679920-3439515112-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo15.msn.com/?pc=LCTE -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Tr.Gen][Folder] C:\Program Files\update -> Removed at reboot [91]
[Tr.Gen][File] C:\Program Files\update\msvcm90.dll -> Deleted
[Tr.Gen][File] C:\Program Files\update\msvcp90.dll -> Deleted
[Tr.Gen][File] C:\Program Files\update\msvcr90.dll -> Deleted
[Tr.Gen][File] C:\Program Files\update\reaper.dll -> Deleted
[Tr.Gen][File] C:\Program Files\update\run.bat -> Deleted
[Tr.Gen][File] C:\Program Files\update\ua.log -> Removed at reboot [20]
[Tr.Gen][File] C:\Program Files\update\UpdateAgent.exe -> Removed at reboot [5]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.4loot.com/] -> Deleted
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [http://www.forsyth.cc/library/|http://co-davidson-nc.beta.libguides.com/lexingtonpubliclibrary] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1ER162 +++++
--- User ---
[MBR] ce72b05d37d96c5a7c152999e6eaedf1
[BSP] 62b7f321b219208eac246c5e77b206b7 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 921260 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1887537152 | Size: 1000 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1889585152 | Size: 30720 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1952499712 | Size: 500 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG SV0602H USB Device +++++
--- User ---
[MBR] d6f4c328bfe13e036b6e0982f8a5c63f
[BSP] a41170e66910ca5b7ad7aff948443128 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 57275 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Doneff Family (Administrator) on Fri 06/09/2017 at 21:14:57.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_DDF34A59040FF57D719F4EF1CA2787C3 (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/09/2017 at 21:20:40.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v6.047 - Logfile created 09/06/2017 at 21:30:11
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-10.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Doneff Family - DESKTOP-DOB72OG
# Running from : C:\Users\Doneff Family\Desktop\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage
[-] File deleted: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal
[-] File deleted: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage
[-] File deleted: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: literaturepage.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: search.yahoo.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: search.conduit.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 4\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2988 Bytes] - [09/06/2017 21:30:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [3395 Bytes] - [09/06/2017 21:25:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3134 Bytes] ##########


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/9/17
Scan Time: 9:37 PM
Log File: malwarebytes scan results.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2126
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-DOB72OG\Doneff Family

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365845
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 7 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
GamerGirl74 said:
Other than my games and antivirus, which ones should I reinstall?
Click to expand...

These, the rest is up to you.


CCleaner
NVIDIA Graphics Driver 376.54 NVIDIA Corporation 376.54
NVIDIA HD Audio Driver 1.3.34.17 NVIDIA Corporation 1.3.34.17
PrivaZer Goversoft LLC 3.0.22.0


ZHP Diag Fix.


ZHP Fix
4bd9Ugb.png

  • Disable your antivirus prior to this fix!
  • Download ZHP-Fix from here.
  • UnZip it to your desktop -- Tool Here if needed.... 7-Zip
  • Install it.
  • Click Suivant 5 Times.
  • Then Installer.
  • Then Terminer.
  • Then right clcick the ZHP Fix icon Run as admin.
  • Copy the entire content of the code box below, the next step will grab it from your clipboard.
  • Then click on import.
  • Then click GO.
  • If you see any Prompts like the one below, select Oui. = Yes in French.
  • upload_2017-5-24_21-17-40-png.2248

  • Allow completion.
  • A log file will appear on your desktop.
  • Post it here in your next reply.
Code: 
Script ZhpFix
SysRestore
EmptyFlash
ProxyFix
EmptyCLSID
O23 - Service: McAfee Application Installer Cleanup (0234331496953170) (0234331496953170mcinstcleanup) . (...) - C:\WINDOWS\TEMP\023433~1.EXE (.not file.)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: Update Agent (UpdateAgentService) . (.Copyright (C) 2015 - UpdateAgent Application.) - C:\Program Files\update\UpdateAgent.exe =>.LENOVO®
C:\Program Files\update
SS - Demand [08/06/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\syswow64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated®
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater [4412] =>.Adobe Systems Incorporated®
O39 - APT: Unknown - (.Microsoft Corporation.) -- C:\WINDOWS\System32\Tasks\OFFICE2013ACT [2740] =>.Microsoft Corporation
O39 - APT: Unknown - (.Microsoft Corporation.) -- C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 [3306] =>.Microsoft Corporation
G0 - GCSP: Preferences [User Data\Default][HomePage] http://app.standsapp.org
G0 - GCSP: Preferences [User Data\Default][HomePage] http://cdnjs.cloudflare.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://connect.facebook.net =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://nicolascoolman.eu =>.Nicolas Coolman
G0 - GCSP: Preferences [User Data\Default][HomePage] http://stands-app
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.paypalobjects.com
G2 - GCE: Preference [User Data\Default] [nmkinhboiljjkhaknpaeaicmdjhagpep] F.B.(FluffBusting)Purity
G2 - GCE: Preference [User Data\Default] [pifnaclcibjejklkfjegfcbagcdkidim] Gir Theme
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.
O42 - Logiciel: Intel® Security Assist - (.Intel Corporation.) [HKLM][64Bits] -- {4B230374-6475-4A73-BA6E-41015E9C5013} =>.Intel Corporation
O42 - Logiciel: Lenovo Experience Improvement - (.Lenovo.) [HKLM][64Bits] -- LenovoExperienceImprovement =>.LENOVO®
HKCU\SOFTWARE\Chromium =>.Chromium
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\mcafee =>.McAfee
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\mcafee.com =>.McAfee Inc.
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files\update =>.Unknown
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\McAfee =>.McAfee
O43 - CFD: 08/06/2017 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 08/06/2017 - [] D -- C:\Program Files (x86)\Common Files\McAfee =>.McAfee
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [55296] =>.Microsoft Corporation
C:\WINDOWS\system32\dmwappushsvc.dll
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
O43 - CFD: 11/08/2016 - [] D -- C:\Users\Doneff Family\AppData\Local\TianTianData
HKLM\SOFTWARE\Wow6432Node\kpzs
EmptyTemp


ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png


The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png


Hit Ok.

sYFsqHx.png


Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.




Security Check Scan.

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
 
Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by Doneff Family at 6/10/2017 4:37:22 PM
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (15063)

Recycle Bin emptied (15mn AMs)

========== Memory modules ==========
REMOVES Reboot: Memory Module: C:\WINDOWS\system32\dmwappushsvc.dll

========== Registry keys ==========
REMOVES: Service: AdobeARMservice
REMOVES: Service: UpdateAgentService
REMOVES: HKCU\SOFTWARE\Chromium
REMOVES: Services Svchost: dmwappushservice

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Preferences browser ==========
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://app.standsapp.org
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://cdnjs.cloudflare.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://connect.facebook.net
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://fonts.googleapis.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://fonts.gstatic.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://nicolascoolman.eu
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://stands-app
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.facebook.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.google-analytics.com
NOW Chrome File: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.paypalobjects.com
REMOVES Folder Chrome: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifnaclcibjejklkfjegfcbagcdkidim
REMOVES Folder Chrome: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifnaclcibjejklkfjegfcbagcdkidim
REMOVES: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
REMOVES: C:\Program Files\mcafee
REMOVES: C:\Program Files\mcafee.com
REMOVES: C:\Program Files (x86)\McAfee
REMOVES: C:\ProgramData\McAfee
REMOVES: C:\Program Files (x86)\Common Files\McAfee
Deletes temporary Windows (0)

========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
REMOVES Reboot: c:\windows\system32\tasks\adobe flash player updater
REMOVES Reboot: c:\windows\system32\tasks\office2013act
REMOVES Reboot: c:\windows\system32\tasks\onedrive standalone update task v2
Deletes temporary Windows (0) (0 octets)

========== System restore ==========
The system successfully created restore point


========== Summary ==========
1 : Memory modules
4 : Registry keys
6 : Registry values
9 : Folders
6 : Files
22 : Preferences browser
1 : System restore


End of clean in 11mn AMs

========== Path to file report ==========
C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPFix[R1].txt - 6/10/2017 4:42:37 PM [3848]


~ ZHPCleaner v2017.6.10.96 by Nicolas Coolman (2017/06/10)
~ Run by Doneff Family (Administrator) (10/06/2017 16:51:42)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Doneff Family\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Doneff Family\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 15063)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (60)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (6)
MOVED file: C:\Windows\Installer\wix{7D84E343-A23D-451C-B123-0195B2D903A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI267E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI28F1.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI8E0.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI98D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF8DA.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Summary of the elements found (1)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty


---\\ Other deletions. (19)
~ Registry Keys Tracing deleted (19)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 498
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 6


~ End of clean in 00h00mn02s
~====================
ZHPCleaner-[R]-10062017-16_51_44.txt
ZHPCleaner--10062017-16_50_56.txt


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2017_06_10_16_52_19
OS: Windows 10 Home - x64 Bit
Account Name: Doneff Family
Adware Definition: 06102017
Elapsed time: 06:51
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> File ->> C:\Users\Doneff Family\Appdata\Local\Google\Chrome\User Data\Profile 1\Extensions\bonccgihhlgaimmpbjfciihkgkoaplkb\0.634.10.28842_0\shared\MindsparkGlobal.js

[-] Deleted ->> File ->> C:\Users\Doneff Family\Appdata\Local\Google\Chrome\User Data\Profile 1\Extensions\bonccgihhlgaimmpbjfciihkgkoaplkb\0.634.10.28842_0\shared\MindsparkGlobal.unitTest.js

[-] Repaired ->> File ->> C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data

[-] Repaired ->> File ->> C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences


SecurityCheck by glax24 & Severnyj v.1.4.0.50 [06.06.17]
WebSite: www.safezone.cc
DateLog: 10.06.2017 17:01:53
Path starting: C:\Users\Doneff Family\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Doneff Family
VersionXML: 4.35is-08.06.2017
___________________________________________________________________________

Windows 10(6.3.15063) (x64) Core Release: 1703 Lang: English(0409)
Installation date OS: 08.06.2017 20:16:25
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_SubTrial5 edition Windows is in Notification mode
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [899.7 Gb] Used: [131.6 Gb] Free: [768.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.296.15063.0 [+]
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4693.1005
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (disabled and out of date)
Windows Defender (disabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Avast Antivirus (disabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
Avast Antivirus (disabled and out of date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Internet Security v.17.4.2294
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.1.2.1733 v.3.1.2.1733
VoodooShield version 3.59 v.3.59
Unchecky v1.0.2 v.1.0.2
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 17.00 beta (x64) v.17.00 beta [+]
Microsoft Silverlight v.5.1.50906.0
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 25 PPAPI v.25.0.0.171
Adobe Reader X (10.1.16) MUI v.10.1.16 Warning! This software is no longer supported. Please uninstall it and use Adobe Reader XI or Adobe Acrobat Reader DC.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.59.0.3071.86
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.4.3482.0
aswbIDSAgent (aswbIDSAgent) - The service has stopped
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.17.4.3482.0
C:\Program Files\AVAST Software\Avast\afwServ.exe v.17.4.3482.0
Avast Firewall Service (avast! Firewall) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1068
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.479
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service has stopped
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2017_06_10_16_52_19
OS: Windows 10 Home - x64 Bit
Account Name: Doneff Family
Adware Definition: 06102017
Elapsed time: 06:51
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

File Found : PUP.MindSpark : C:\Users\Doneff Family\Appdata\Local\Google\Chrome\User Data\Profile 1\Extensions\bonccgihhlgaimmpbjfciihkgkoaplkb\0.634.10.28842_0\shared\MindsparkGlobal.js
File Found : PUP.MindSpark : C:\Users\Doneff Family\Appdata\Local\Google\Chrome\User Data\Profile 1\Extensions\bonccgihhlgaimmpbjfciihkgkoaplkb\0.634.10.28842_0\shared\MindsparkGlobal.unitTest.js
Browser: Chrome Found : Adware.Conduit : C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data
Browser: Chrome Found : Adware.ask.com : C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences
 
Status
Not open for further replies.
Top Bottom