Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirecting to ads

Started by ExaBast , Jul 07 2015 09:53 AM

  • Please log in to reply

#1
ExaBast
Posted 07 July 2015 - 09:53 AM

ExaBast

    Member

  • Member
  • PipPip
  • 11 posts

Hello, since this morning as soon as I go on Youtube i get redirected to this website: http://slickcart.net/camera/

I have adblocker, i ran CCleaner and deleted my cookies, history, cache, everything. I also used malwarebytes and it found nothing

By the way, I'm using chrome and have a 64bit system. I hope someone can help me with this issue.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Admin (administrator) on ADMIN-PC on 07-07-2015 17:47:01
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Akamai Technologies, Inc.) C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Corsair Components, Inc.) D:\Corsair Vengeance\HeadsetControlPanel.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8458968 2015-02-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-19] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => D:\Corsair Vengeance\HeadsetControlPanel.exe [2918152 2014-08-18] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2015-03-18] (BitTorrent, Inc.)
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-04] (Dropbox, Inc.)
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\MountPoints2: {eaa0a848-6013-11e4-b500-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
AppInit_DLLs-x32: C:/PROGRA~3/{2D71C~1/sosa.dll => C:\ProgramData\{2D71C5B2-7DF3-1434-CC75-64B61CF7B738}\sosa.dll [634880 2014-12-20] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk [2015-01-13]
ShortcutTarget: iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Panneau de commande du casque de jeu Corsair.lnk [2015-01-21]
ShortcutTarget: Panneau de commande du casque de jeu Corsair.lnk -> D:\Corsair Vengeance\HeadsetControlPanel.exe (Corsair Components, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk [2015-01-30]
ShortcutTarget: iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-19] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-ch/?ocid=iehp
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.ch/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-19] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-19] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{266A8366-DE48-4B0D-8EE3-7002960FABB8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6A5AA21C-3F9A-4766-925E-C94C3D20D181}: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2015994361-3734334988-1783566280-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-03]
 
Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-05-19]
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-30]
CHR Extension: (Torrent Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2014-11-09]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-30]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-30]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-30]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-30]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-30]
CHR Extension: (Youtube-to-MP3 GOLD) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcmlonfegmnhinnopgjhibfghbgpeoc [2015-04-22]
CHR Extension: (Avast SafePrice) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-09]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-30]
CHR Extension: (Click&Clean) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-11-03]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-03]
CHR Extension: (Downloads) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2014-11-03]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2015-06-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-30]
CHR Extension: (Click&Clean App) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-11-09]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-30]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]
CHR Extension: (Avast SafePrice) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-13]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]
CHR HKLM\...\Chrome\Extension: [aaaaajhmeplfccacopbgpfaibalfnhcb] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaajhmeplfccacopbgpfaibalfnhcb.crx [2014-09-22]
CHR HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaajhmeplfccacopbgpfaibalfnhcb] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaajhmeplfccacopbgpfaibalfnhcb.crx [2014-09-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-20] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-19] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-06-29] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-06-20] ()
S3 Survarium-Steam Update Service; D:\Jeux\JeuxSteam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [75384 2015-04-24] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-19] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-19] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-19] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-19] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-19] ()
R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
R3 SaiK1705; C:\Windows\System32\DRIVERS\SaiK1705.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1705; C:\Windows\System32\DRIVERS\SaiU1705.sys [47208 2012-09-20] (Saitek)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-07 17:47 - 2015-07-07 17:47 - 00026843 _____ C:\Users\Admin\Desktop\FRST.txt
2015-07-07 17:46 - 2015-07-07 17:47 - 00000000 ____D C:\FRST
2015-07-07 17:46 - 2015-07-07 17:46 - 02112512 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-07-07 17:42 - 2015-07-07 17:42 - 00000000 _____ C:\Windows\setuperr.log
2015-07-07 17:42 - 2015-07-07 17:42 - 00000000 _____ C:\Windows\setupact.log
2015-07-07 17:34 - 2015-07-07 17:34 - 01845248 _____ C:\Users\Admin\Downloads\ZHPCleaner-2015.7.5.290.exe
2015-07-07 17:34 - 2015-07-07 17:34 - 00000037 _____ C:\Users\Admin\ZHPCleaner.exe
2015-07-07 17:34 - 2015-07-07 17:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ZHP
2015-07-07 17:23 - 2015-07-07 17:23 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-07 17:23 - 2015-07-07 17:23 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-07 17:23 - 2015-07-07 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-07 17:23 - 2015-07-07 17:23 - 00000000 ____D C:\Program Files\CCleaner
2015-07-07 17:22 - 2015-07-07 17:22 - 06565736 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup507.exe
2015-07-07 17:22 - 2015-07-07 17:22 - 06565736 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup507 (1).exe
2015-07-07 13:25 - 2015-07-07 13:31 - 00000000 ____D C:\Users\Admin\Desktop\Prison.Break.S03.FRENCH.720p.BluRay.x264-NoTag
2015-07-07 13:25 - 2015-07-07 13:25 - 00924646 _____ C:\Users\Admin\Downloads\Prison.Break.S03.FRENCH.720p.BluRay.x264-NoTag.torrent
2015-07-04 11:41 - 2015-07-07 17:46 - 00001196 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2015994361-3734334988-1783566280-1000UA.job
2015-07-04 11:41 - 2015-07-07 11:46 - 00001144 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2015994361-3734334988-1783566280-1000Core.job
2015-07-04 11:41 - 2015-07-04 11:41 - 00004170 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2015994361-3734334988-1783566280-1000UA
2015-07-04 11:41 - 2015-07-04 11:41 - 00003774 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2015994361-3734334988-1783566280-1000Core
2015-07-04 11:41 - 2015-07-04 11:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-04 11:41 - 2015-07-04 11:41 - 00000000 ____D C:\Users\Admin\AppData\Local\Dropbox
2015-07-04 11:41 - 2015-07-04 11:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-04 11:35 - 2015-07-04 12:49 - 00000000 ___RD C:\Users\Admin\Dropbox
2015-07-03 15:23 - 2015-07-07 15:02 - 00000000 ____D C:\Users\Admin\Desktop\Prison.Break.S02.FRENCH.720p.BluRay.x264-NoTag
2015-06-30 20:16 - 2015-06-30 20:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-28 14:25 - 2015-06-28 14:25 - 00001175 _____ C:\Users\Public\Desktop\Sonic Radar II.lnk
2015-06-28 14:25 - 2015-06-28 14:25 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-06-28 14:25 - 2015-06-28 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Radar II
2015-06-28 14:25 - 2015-06-28 14:25 - 00000000 ____D C:\Program Files\Realtek
2015-06-28 14:25 - 2015-02-11 12:32 - 04417112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-06-28 14:25 - 2015-02-11 12:16 - 01893595 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-06-28 14:25 - 2015-02-09 09:38 - 02909552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-06-28 14:25 - 2015-02-09 09:38 - 02814320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-06-28 14:25 - 2015-01-27 05:37 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-06-28 14:25 - 2015-01-26 10:46 - 01708248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-06-28 14:25 - 2015-01-19 12:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-06-28 14:25 - 2014-12-24 13:02 - 01298136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-06-28 14:25 - 2014-12-02 12:42 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-06-28 14:25 - 2014-11-11 07:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-06-28 14:25 - 2014-10-24 04:12 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-06-28 14:25 - 2014-10-24 04:12 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-06-28 14:25 - 2014-05-22 10:24 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2015-06-28 14:25 - 2013-06-21 05:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-06-28 14:25 - 2011-12-20 09:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-06-28 14:25 - 2011-11-22 10:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-06-28 14:25 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-06-28 13:20 - 2015-06-28 13:20 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-06-28 13:20 - 2015-06-28 13:20 - 00000000 ____D C:\Program Files\Speccy
2015-06-28 13:19 - 2015-06-28 13:20 - 05127432 _____ (Piriform Ltd) C:\Users\Admin\Downloads\spsetup128.exe
2015-06-28 12:54 - 2015-06-28 12:55 - 131494359 _____ (Realtek Semiconductor Corp.) C:\Users\Admin\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe
2015-06-28 12:28 - 2015-06-28 12:28 - 10475360 _____ (Akamai Technologies, Inc.) C:\Users\Admin\Downloads\AsusInstaller.exe
2015-06-28 12:28 - 2015-06-28 12:28 - 00000000 ____D C:\Users\Admin\AppData\Local\Akamai
2015-06-28 12:24 - 2015-06-28 12:25 - 216613190 _____ C:\Users\Admin\Downloads\Audio_Realtek_Win7_64_VER6017487.zip
2015-06-26 22:15 - 2015-06-26 22:15 - 00015312 _____ C:\Users\Admin\Downloads\Jurassic.Park.III.2001.DVDRip{x264+AVC.AC3}{Fr-Eng}{Sub.Fr}[XCT].mkv.torrent
2015-06-26 19:56 - 2015-06-26 19:56 - 00024060 _____ C:\Users\Admin\Downloads\Jurassic.Park.III.2001.MULTi.720p.HDTV.x264.AC3.torrent
2015-06-26 16:35 - 2015-06-26 16:35 - 00010987 _____ C:\Users\Admin\Downloads\Jurassic Park (1993) 720p x264 AAC 5.1 MULTI [NOEX].mkv.torrent
2015-06-26 15:56 - 2015-06-26 15:56 - 00012793 _____ C:\Users\Admin\Downloads\Le Monde Perdu - Jurassic Park.torrent
2015-06-21 17:57 - 2015-06-26 19:24 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2015-06-21 17:57 - 2015-06-21 17:58 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-06-21 17:57 - 2015-06-21 17:57 - 09056456 _____ (Cheat Engine ) C:\Users\Admin\Downloads\CheatEngine64.exe
2015-06-21 17:57 - 2015-06-21 17:57 - 00001089 _____ C:\Users\Admin\Desktop\Cheat Engine.lnk
2015-06-21 17:57 - 2015-06-21 17:57 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-06-21 17:57 - 2015-06-21 17:57 - 00000000 ____D C:\Users\Admin\Documents\My Cheat Tables
2015-06-21 17:57 - 2015-06-21 17:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TuneUp Software
2015-06-21 17:57 - 2015-06-21 17:57 - 00000000 ____D C:\Users\Admin\AppData\Local\TuneUp Software
2015-06-21 17:57 - 2015-06-21 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-06-21 14:08 - 2015-06-21 14:08 - 00000000 ____D C:\Users\Admin\Documents\Battlefield 3
2015-06-21 14:06 - 2015-06-21 14:06 - 00000000 ____D C:\ProgramData\EA Core
2015-06-20 15:04 - 2015-06-24 21:41 - 00000000 ____D C:\Users\Admin\Documents\Euro Truck Simulator 2
2015-06-19 16:23 - 2015-06-19 16:23 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-19 16:23 - 2015-06-19 16:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-17 17:34 - 2015-06-17 17:34 - 00011718 _____ C:\Users\Admin\Downloads\Skyfall.2012.1080p.HDrip.Multi French.x264.Multi sub (by kimo).mkv.torrent
2015-06-17 14:11 - 2015-06-17 14:12 - 00000048 _____ C:\Users\Admin\Desktop\Jeux.txt
2015-06-16 21:14 - 2015-06-21 14:26 - 00348672 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-06-16 21:14 - 2015-06-16 21:16 - 00000000 ____D C:\Users\Admin\Documents\BFBC2
2015-06-16 20:55 - 2015-06-16 20:55 - 01640768 _____ C:\Users\Admin\Downloads\battlelog-web-plugins_2.7.1_162.exe
2015-06-15 21:25 - 2015-06-15 21:25 - 02434856 _____ C:\Windows\SysWOW64\pbsvc_bc2.exe
2015-06-10 12:54 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 12:54 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 12:54 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 12:54 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 12:54 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 12:54 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 12:54 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 12:54 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 12:54 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 12:54 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 12:54 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 12:54 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 12:54 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 12:54 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 12:54 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 12:54 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 12:54 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 12:54 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 12:54 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 12:54 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 12:54 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 12:54 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 12:54 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 12:54 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 12:54 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 12:54 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 12:54 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 12:54 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 12:54 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 12:54 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 12:54 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 12:54 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 12:54 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 12:54 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 12:54 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 12:54 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 12:54 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 12:54 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 12:54 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 12:54 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 12:54 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 12:54 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 12:54 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 12:54 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 12:54 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 12:54 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 12:54 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 12:54 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 12:54 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 12:54 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 12:54 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 12:54 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 12:54 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 12:54 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 12:54 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 12:54 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 12:54 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 12:54 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 12:54 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 12:54 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 12:54 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 12:54 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 12:54 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 12:54 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 12:54 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 12:54 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 12:54 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 12:54 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 12:54 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 12:54 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 12:54 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 12:54 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 12:54 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 12:54 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 12:54 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 12:54 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 12:54 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 12:54 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 12:54 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 12:54 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 12:54 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 12:54 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 12:54 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 12:54 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 12:54 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 12:54 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 12:54 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 12:54 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 12:54 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 12:54 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 12:54 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 12:54 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 12:54 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 12:54 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 12:54 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 12:54 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 12:54 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 12:54 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 12:54 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 12:54 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 12:54 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 12:54 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 12:54 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 12:54 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 12:54 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 12:54 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 12:54 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 12:54 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 12:54 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 12:54 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 12:54 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 12:54 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 12:54 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 12:54 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-09 11:20 - 2015-06-09 11:20 - 00021815 _____ C:\Users\Admin\Downloads\Les Rues de San Francisco - Saison 2 (1973-74) (1).torrent
2015-06-09 11:19 - 2015-06-09 11:19 - 00021815 _____ C:\Users\Admin\Downloads\Les Rues de San Francisco - Saison 2 (1973-74).torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-07 17:45 - 2014-11-03 22:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2015-07-07 17:35 - 2014-11-03 22:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2015-07-07 17:34 - 2014-11-12 22:41 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-07-07 17:34 - 2014-10-30 14:33 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
2015-07-07 17:34 - 2014-10-30 14:33 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
2015-07-07 17:34 - 2014-10-30 11:09 - 00000000 ____D C:\Users\Admin
2015-07-07 17:33 - 2014-10-30 16:19 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-07 17:24 - 2014-11-03 21:24 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-07 17:22 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-07 17:22 - 2009-07-14 06:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-07 17:19 - 2011-04-12 11:16 - 00748358 _____ C:\Windows\system32\perfh00C.dat
2015-07-07 17:19 - 2011-04-12 11:16 - 00150380 _____ C:\Windows\system32\perfc00C.dat
2015-07-07 17:19 - 2009-07-14 07:13 - 01671678 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 17:18 - 2014-10-30 11:09 - 01535141 ____N C:\Windows\WindowsUpdate.log
2015-07-07 17:15 - 2014-10-30 16:19 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-07 17:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-07 17:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2015-07-07 17:08 - 2015-03-04 23:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-07 17:08 - 2015-03-04 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-07 17:08 - 2015-03-04 23:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-07 16:53 - 2014-10-30 16:22 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-07 16:10 - 2014-10-30 11:44 - 00003936 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{20AA0E9F-357E-4EEC-97B5-F675ED286504}
2015-07-07 15:14 - 2014-11-05 21:20 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-07-07 15:14 - 2014-11-05 21:20 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-07-07 15:12 - 2014-11-04 20:42 - 00000000 ____D C:\ProgramData\Origin
2015-07-07 15:02 - 2014-10-30 16:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2015-07-04 12:49 - 2014-11-03 21:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2015-07-01 14:31 - 2014-11-03 22:37 - 00000000 ____D C:\ProgramData\Skype
2015-06-29 20:26 - 2014-11-04 20:42 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-28 14:25 - 2014-10-30 11:25 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-28 14:25 - 2014-10-30 11:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-28 14:25 - 2014-10-30 11:21 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-28 14:22 - 2014-10-30 11:29 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-06-27 13:18 - 2015-01-07 14:09 - 00000961 _____ C:\Users\Admin\Desktop\Films.txt
2015-06-26 22:06 - 2014-11-04 21:41 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-26 16:23 - 2014-11-03 20:57 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-23 17:34 - 2014-10-30 16:19 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-21 14:08 - 2014-11-06 22:38 - 00000000 ____D C:\Users\Admin\AppData\Local\PunkBuster
2015-06-21 12:10 - 2014-11-06 22:48 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-06-20 16:42 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-20 16:41 - 2014-11-05 21:20 - 00075136 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-06-19 16:23 - 2014-11-03 21:05 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-19 16:23 - 2014-11-03 20:57 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-19 16:23 - 2014-11-03 20:57 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-19 16:23 - 2014-11-03 20:57 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-19 16:23 - 2014-11-03 20:57 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-19 16:23 - 2014-11-03 20:57 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-19 16:23 - 2014-11-03 20:57 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-19 16:23 - 2014-11-03 20:57 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-16 20:55 - 2014-11-05 21:20 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-13 15:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 17:25 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-11 17:25 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-11 17:25 - 2009-07-14 06:45 - 00272160 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 17:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 22:24 - 2014-10-30 11:54 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 22:23 - 2014-10-30 11:54 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 21:31 - 2014-11-04 20:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Origin
 
==================== Files in the root of some directories =======
 
2015-02-01 16:42 - 2015-02-01 16:42 - 0000099 _____ () C:\Users\Admin\AppData\Roaming\LauncherSettings_live.cfg
2015-02-01 16:37 - 2015-02-01 16:37 - 0008152 _____ () C:\Users\Admin\AppData\Roaming\TheHunterSettings_live.bin
2015-02-01 16:35 - 2015-02-01 16:35 - 0000040 _____ () C:\Users\Admin\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-04-02 21:12 - 2015-04-02 21:12 - 0018669 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
 
Files to move or delete:
====================
C:\Users\Admin\ZHPCleaner.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-04 12:16
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Admin at 2015-07-07 17:47:16
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-2015994361-3734334988-1783566280-1000 - Administrator - Enabled) => C:\Users\Admin
Administrateur (S-1-5-21-2015994361-3734334988-1783566280-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2015994361-3734334988-1783566280-1002 - Limited - Enabled)
Invité (S-1-5-21-2015994361-3734334988-1783566280-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 15 Pepper (HKLM-x32\...\Adobe Flash Player Pepper) (Version: 15.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32 bits) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin’s Creed Unity (HKLM-x32\...\Steam App 289650) (Version:  - Ubisoft)
Assassin's Creed Chronicles China (HKLM-x32\...\Uplay Install 1651) (Version:  - Ubisoft)
ASUS PCE-N15 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.1.0 - ASUS)
Asus Sonic Suite Plugins (x32 Version: 2.1.1901 - ASUSTeKcomputer.Inc) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bêta de Battlefield™ Hardline (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.2 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Far Cry 4 (HKLM-x32\...\Steam App 298110) (Version:  - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\{22ACCF34-7FF3-3990-B0DA-697C8A16F121}) (Version: 66.19.16495 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Reloaded Games)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Launcher Warface (Bêta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Logiciel de casque de jeu Corsair (HKLM-x32\...\{E962D35F-37E9-498A-9D76-9E3ACAAD2EF6}) (Version: 2.0.35 - Corsair)
Logiciel pour périphérique à chipset Intel® (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mises à jour NVIDIA 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NahimicSettingsConfigurator (Version: 2.1.1901 - ASUSTeKcomputer.Inc) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.7 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Pilote 3D Vision 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA Pilote graphique 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Panneau de configuration NVIDIA 344.60 (Version: 344.60 - NVIDIA Corporation) Hidden
Popcorn Time (HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\Popcorn Time) (Version:  - Popcorn Official)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7450 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM-x32\...\{4254522D-5350-006A-76A7-A75C790C1101}) (Version: 12.17.1.2468 - APN, LLC) <==== ATTENTION
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{87062E99-EBC9-48CA-8D68-EA1D5BD9DA9F}) (Version: 7.0.27.13 - Mad Catz)
Sonic Radar II (HKLM\...\{47CBA8D8-BE35-4278-B1EA-FCCFB80902ED}) (Version: 2.1.1901 - ASUSTeKcomputer.Inc)
Sonic Studio Plugin (Version: 2.1.1901 - ASUSTeKcomputer.Inc) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Survarium (HKLM-x32\...\Steam App 355840) (Version:  - Vostok Games)
Survarium-Steam (HKLM-x32\...\{A3D9343D-77CD-4bf4-A47A-F87B3BE985B4}_is1) (Version: 0.27d - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
Unity Web Player (HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2015994361-3734334988-1783566280-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
07-07-2015 11:26:30 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2015-07-07 17:31 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2637A3E5-0E2A-418D-AE62-73C0F0E1AA83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-04] (Adobe Systems Incorporated)
Task: {5076FCA4-A391-4B26-9F7D-AF7438F5C63A} - System32\Tasks\{471489AE-379E-4ED7-A4D8-4B2CCD1686F1} => C:\Program Files (x86)\Origin\Origin.exe [2015-06-29] (Electronic Arts)
Task: {546D792B-BAB1-49E0-BF3E-E725BBED5F71} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2015994361-3734334988-1783566280-1000Core => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-04] (Dropbox, Inc.)
Task: {6B243F1F-B557-4ADE-B31B-67E5FE32EC38} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7EA79ED1-3A07-450B-9223-559A05DC8BE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {8D2247AA-B4D9-4DAD-B1A3-193EBCE11EBE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2015994361-3734334988-1783566280-1000UA => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-04] (Dropbox, Inc.)
Task: {8EBA8B4B-F18F-4531-AC4F-78DEA6B92AF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {C8322878-49EF-4392-8DDE-4A4F35F058DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-19] (Avast Software s.r.o.)
Task: {D40DE19D-5B6F-4515-B33E-128041D9A09F} - System32\Tasks\{ADDF92AE-1266-457E-8FD0-9959675CAECE} => C:\Program Files (x86)\Origin\Origin.exe [2015-06-29] (Electronic Arts)
Task: {EA17A14D-E9CC-4C06-887E-5A61D8C48D96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {EAB51824-06A1-4323-B4C9-20B3A92C7337} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2015994361-3734334988-1783566280-1000Core.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2015994361-3734334988-1783566280-1000UA.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-30 11:29 - 2014-01-28 05:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-06-28 14:22 - 2014-04-24 08:29 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2014-11-06 22:48 - 2015-06-21 12:10 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-06-28 14:25 - 2013-06-21 05:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-06-28 14:25 - 2014-05-22 10:24 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-06-01 19:28 - 2015-06-01 19:28 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll
2015-06-19 16:23 - 2015-06-19 16:23 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-19 16:23 - 2015-06-19 16:23 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-07 11:23 - 2015-07-07 11:23 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070700\algo.dll
2014-10-30 11:29 - 2015-07-07 17:15 - 00043152 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-10-30 11:29 - 2014-01-28 05:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-06-19 16:23 - 2015-06-19 16:23 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-12-20 00:07 - 2014-12-20 00:07 - 00634880 _____ () C:\ProgramData\{2D71C5B2-7DF3-1434-CC75-64B61CF7B738}\sosa.dll
2015-06-23 17:34 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-23 17:34 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-23 17:34 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A0543F87-3D9F-40C1-914E-62D564E9C92D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{50EC5274-908E-4DFC-AD6F-AF1C2FD303FB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1112A992-8756-4BB8-BB17-95F7ADB758B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E971227D-6B3E-4D6E-9D48-BD675DE31FB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3624DB4C-D1E5-407A-8F35-9762C243F7D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{77C93F6C-FDD8-4B91-B4F6-23CB2F88CF65}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C2583F81-DB8B-4FCC-98C3-03771554DC89}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F3E8626E-7ED6-4A81-BB34-23BE8FDCC056}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8214D8EB-26FC-47DC-ADFC-DB7F729F84B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{83DDE4E2-DDEE-46D6-9FE2-0171E874F24E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9421B25-70E0-4060-928E-E654B7C62EAF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A02DE773-4BBF-4C31-8F02-919D98306D03}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D927A626-2092-45A3-A3A2-7C3EED089879}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4496CD01-C851-4C9D-8687-3B9DEE38D6D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A22AC63-060C-4F0F-B3C9-DCCD15AA6696}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA372119-6009-4F09-9B7E-3BB4E7E0EB09}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{97C62E9B-20CB-44F7-A0BD-83FFC0B460E3}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3B5F00A5-6E62-4999-9D41-94A5C93677A2}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{9807DF99-4BC8-4651-9A98-44D3F5E763A5}] => (Allow) D:\JeuxSteam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{15012D7C-B1E8-445C-AE54-AE73EA1AE567}] => (Allow) D:\JeuxSteam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{01345D85-1F1D-40AE-B9F4-F9749E5C5A7D}D:\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{E63DDE72-7E05-4798-9E70-9C82F5B392BB}D:\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{99A15353-3A75-4FD9-A88B-9075076AA1E3}D:\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{F350CB13-58FC-45BA-A2DE-3C2E4C761277}D:\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{F0BEB279-02FD-4B68-97D0-44485143A1DF}] => (Allow) D:\JeuxSteam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{104A118C-CBCF-46E0-82BA-DE82FBC9031D}] => (Allow) D:\JeuxSteam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [TCP Query User{15D1CA14-8B9E-4470-8377-21A29D88D5E2}D:\jeuxsteam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\jeuxsteam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{AD8DEA6A-7AE2-4FA3-95F8-FEBCBD612316}D:\jeuxsteam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\jeuxsteam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{A21B7FE1-1A0E-41D0-B12F-82A45B6B8954}] => (Allow) D:\JeuxSteam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{84EE189D-6E80-4A75-8942-90D6A7A5124E}] => (Allow) D:\JeuxSteam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{82D58FEF-935D-4483-BA1D-6EB657D64F09}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7691080B-4BEB-4C2C-9822-267BBC71DF41}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{C7411793-3461-4262-BA40-4A6E42831784}] => (Allow) D:\JeuxSteam\SteamApps\common\Assassin's Creed Unity\ACU.exe
FirewallRules: [{3C160A3E-C893-424A-B5D7-915C71EF8F53}] => (Allow) D:\JeuxSteam\SteamApps\common\Assassin's Creed Unity\ACU.exe
FirewallRules: [{71F6A03D-9830-412C-9B3F-222C6AA42E64}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{F934328F-0957-42DA-8D90-F7EE1ED9F306}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{C0E01DD1-ED25-4C29-8E9A-79B6F81A00CD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{AFCA2507-39F2-4B65-9145-3CD7125E602C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{15639565-7C9C-4E0D-BDAD-FF05E47E7C05}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0A9A4350-1527-42DC-ACC1-A793F92EFFCD}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3B287220-E180-4CC4-A820-3CD5D821DB27}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{8AC02084-4099-4136-8A48-D25E905B5816}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{E163D771-A028-4698-AFD6-5AD595CDE3D1}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{C2B36198-6D05-470A-A6A9-5CEB9381629B}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{A3A391B5-515F-40F4-BE3E-EB4EF1650A3F}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{1819D537-1BD4-4FAF-B41B-274ADCCB02FC}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{9E21B575-A6D5-4494-B48F-212013F2B1FA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{220D0AA6-3426-4251-A098-B716F45F18E0}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{12580806-F832-47F0-8680-59037D1648EF}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{456B0F5D-EE02-4405-9BC0-DBB72F7548F2}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{F7019A42-24F9-478F-ACE2-AF3882E4DA07}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{55B73E05-86AE-44C2-8D3E-06E5B1C17DB4}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{41696D45-2573-4543-9D9F-5AEE3B53C018}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [TCP Query User{548A4108-5D8C-4874-9F96-C9BFFA4E8DA2}D:\jeux\jeuxsteam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) D:\jeux\jeuxsteam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [UDP Query User{72B3F68B-8582-4E73-AE8F-F268D00E9FB5}D:\jeux\jeuxsteam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) D:\jeux\jeuxsteam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [TCP Query User{05C952CE-5B40-4EDE-8C24-30A8C2960D48}D:\jeux\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\jeux\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{BAA3551E-CC85-4CB4-AAFB-40F18422F0F6}D:\jeux\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\jeux\jeuxsteam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{D3D4447A-A53C-49CA-A974-40A3B106DF49}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{E4522AA1-2261-4EFD-BC88-F9F3326E7DC2}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{8EA3BFC9-215F-4FD2-9369-BF0007A23AAB}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{A7B4E15D-62B5-4BF7-99CC-6DB543156283}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{D1CB0E5D-AFA7-4987-A699-6D9D5EBA0AE0}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta 2\bfh.exe
FirewallRules: [{30DA5DBE-2CD9-4DFE-B689-34D3DFDD6A22}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta 2\bfh.exe
FirewallRules: [{F3604B0A-56C7-42E0-98CA-7E0625940D24}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F7C60C6D-C811-4B54-A103-F7D849EC82C2}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7B7BCF81-58D9-46E1-B93F-DD905BA28F82}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{0C926FBF-F041-4CB6-A5F1-44D6C07D46DC}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{C673A3E0-3BA4-4C80-8F87-01335A2D23E7}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{0533F8A9-9237-4835-9604-F935AEE7054A}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{262822AC-7A72-4421-AFB0-683F7EB679EE}D:\jeux\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\jeux\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{91F44E4C-EE08-40BB-B00B-B5ECD1FC40B3}D:\jeux\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\jeux\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E83C9F30-2676-4FE4-B46E-F42171709E55}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{62CAF77B-7D1D-4476-B965-938000BE8D17}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3E674554-5472-46CB-B9BF-82C664AF42EF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{46103662-9E81-46AE-8EFE-36BC95475753}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{58D66B6A-F76E-4963-94BC-8C2AC727EDE3}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{47589E7D-7CF8-4336-A83E-9989BD2C6480}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{7AE93022-357D-4AC2-8E65-D4D73D66E699}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [TCP Query User{757ED5BF-D2D6-487B-8AB9-8E73E53A8068}C:\users\admin\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\admin\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{B04E7F70-CD94-498E-B904-88E9B34B94D5}C:\users\admin\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\admin\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{57528B16-C426-432A-AE18-B99D9BA9A52B}C:\users\admin\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\admin\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{64409740-B473-4187-A409-D71BF815CE22}C:\users\admin\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\admin\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{50E103F5-EED2-45CF-893A-3FC4B7A3060F}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{4D521F66-0E00-406C-9BC1-C405682E1BC0}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{6A5D57CD-E9EB-4E76-BA75-57AB99BADDAB}] => (Allow) D:\Jeux\JeuxSteam\steamapps\common\Survarium\temp\survarium_launcher.exe
FirewallRules: [{65D295FF-50A3-4118-B650-4FBA7C4D18D7}] => (Allow) D:\Jeux\JeuxSteam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{A52631FC-2234-441A-96C3-62970829F1B7}] => (Allow) D:\Jeux\JeuxSteam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{500C73D2-0989-42F5-8477-63977BE05EB0}] => (Allow) D:\Jeux\JeuxSteam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{55A1A80B-971D-497B-AFC3-9BFAD58B5219}] => (Allow) D:\Jeux\JeuxSteam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{DD4C63F5-2967-425C-97A9-D42B968E4BCE}] => (Allow) D:\Jeux\JeuxSteam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{82F39512-73AA-4C34-9706-70165758219B}] => (Allow) D:\Jeux\JeuxSteam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{C7B53F2C-08DD-41CA-AF35-5AC30DDC8DBD}D:\jeux\jeuxsteam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) D:\jeux\jeuxsteam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [UDP Query User{B6D2D066-ADD2-456C-9E9C-35396EE3FD74}D:\jeux\jeuxsteam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) D:\jeux\jeuxsteam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [{4F2E0C0A-8406-4B12-9B8E-86D91915631A}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Assassin's Creed Unity\ACU.exe
FirewallRules: [{47F5F6DF-5B56-49DD-A64E-A9F28BE2E1E6}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Assassin's Creed Unity\ACU.exe
FirewallRules: [{5096EEED-1E5B-407F-AD64-F07DF12D470E}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{D810A8DA-6DCF-4C4D-AA68-502906C72BF7}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{57623AF5-8056-49C0-B446-4014D90C9927}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{0E4BBCDB-C17B-4CD4-AC81-378E17F173B1}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{038457CC-C3F2-46A8-9B99-EC2A7741F516}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{E2EF950C-07B9-41DE-8B94-8B24BB237A8F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{65080BCE-25D3-48D7-80F7-F829C3EF816E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{C2FC7FFA-5AC0-45E9-B5C6-75A1A945A35D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{59E3D82E-9727-4DEE-8411-19B55532C511}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{8FBFD2DB-B2A6-4D16-9125-25695820F3DE}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{51330835-975D-4D52-9840-80469AD2B6BF}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C2FB561A-C639-4AD5-A4A8-E5DF60E32C85}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{0965D412-A914-4F1A-9AA1-4A0FD96FAEEE}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{6891BACD-A70D-4F0B-8425-50F104CE753C}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{D9EFBEFA-EA49-404B-810E-EC0375CCB86A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E68B79EC-47A7-4CA0-8046-DBA9AF247665}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8E7EB00C-434A-48DC-9074-CE4EAB53C6CC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7A931563-8248-4E8A-973A-880FE1C210DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A305382E-D8E5-40DE-AF10-9296A488964F}] => (Allow) D:\Jeux\Battlefield\Battlefield 3\bf3.exe
FirewallRules: [{6A46B8D1-898B-4F7A-9BF7-B6E9A44BFBA0}] => (Allow) D:\Jeux\Battlefield\Battlefield 3\bf3.exe
FirewallRules: [{DA5395DA-BAC2-4372-941D-A2FCC8859424}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{EE49BFE5-BEDD-47A8-B31B-B5BBE831A624}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{8F722C24-14A8-4C9E-9B83-B17B5B5CA06A}C:\users\admin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\admin\appdata\local\akamai\netsession_win.exe
FirewallRules: [{BD9A76B6-1C2D-4576-A745-A75FFECBE2BF}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{2CF0CEA7-0243-4AED-8644-3EB3A9418F82}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{48E3B531-B1A8-4568-97DF-33A169A302F6}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Warface\live\nw.exe
FirewallRules: [{40CF2881-F9BC-4C29-BED0-2A4532970AD5}] => (Allow) D:\Jeux\JeuxSteam\SteamApps\common\Warface\live\nw.exe
FirewallRules: [{C203137E-16FF-4ACD-98FC-E8D08844CCCB}] => (Allow) LPort=49277
FirewallRules: [{DEAAAFC5-54F8-44BD-9BFF-FF101D52CA34}] => (Allow) LPort=5000
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/07/2015 05:15:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2015 11:22:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/06/2015 11:19:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/05/2015 09:00:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (07/05/2015 09:00:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (07/05/2015 09:00:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/05/2015 09:00:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error: (07/05/2015 09:00:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
 
Error: (07/05/2015 09:00:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/05/2015 09:00:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
 
 
System errors:
=============
Error: (07/07/2015 05:15:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN n’a pas pu démarrer.
 
Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll
Code d’erreur : 126
 
Error: (07/07/2015 05:13:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (07/07/2015 11:22:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN n’a pas pu démarrer.
 
Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll
Code d’erreur : 126
 
Error: (07/06/2015 06:32:39 PM) (Source: Schannel) (EventID: 4119) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été reçue : 40.
 
Error: (07/06/2015 11:19:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN n’a pas pu démarrer.
 
Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll
Code d’erreur : 126
 
Error: (07/05/2015 00:15:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN n’a pas pu démarrer.
 
Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll
Code d’erreur : 126
 
Error: (07/05/2015 00:07:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (07/04/2015 11:32:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN n’a pas pu démarrer.
 
Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll
Code d’erreur : 126
 
Error: (07/03/2015 00:38:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN n’a pas pu démarrer.
 
Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll
Code d’erreur : 126
 
Error: (07/02/2015 02:15:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN n’a pas pu démarrer.
 
Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll
Code d’erreur : 126
 
 
Microsoft Office:
=========================
Error: (07/07/2015 05:15:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2015 11:22:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/06/2015 11:19:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/05/2015 09:00:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (07/05/2015 09:00:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (07/05/2015 09:00:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/05/2015 09:00:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error: (07/05/2015 09:00:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
 
Error: (07/05/2015 09:00:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/05/2015 09:00:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 17%
Total physical RAM: 16326.89 MB
Available physical RAM: 13411.53 MB
Total Virtual: 32651.99 MB
Available Virtual: 29465.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.88 GB) (Free:26.18 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.41 GB) (Free:511.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5A1B5B0D)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5A1B5B75)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 


  • 0

Advertisements

#2
ruggie_uk
Posted 07 July 2015 - 10:04 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.png Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work
 

Just going through your logs now :)


  • 1

#3
ruggie_uk
Posted 07 July 2015 - 10:21 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

noentry32.png P2P WARNING!

It appears that there is at least one Peer to Peer(P2P) program on your computer:

uTorrent

Whilst some P2P programs themselves may be harmless, we at GeeksToGo do not recommend their use due to the extremely high likelyhood of obtaining an infection from files that have been downloaded. This may range from annoying adware to malicious trojans stealing your passwords and other personal information.

There is also the risk of inadvertently sharing information that wasn't intended due to incorrectly configured software.

It is highly likely that this is the source of the issue that brought you here today. And if not, probably what will bring you back at a later date.

Here are some useful links regarding the dangers of P2P software.



Step 1

We need to uninstall some programs.

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select the following programs from the list below, one at a time and click Uninstall.
 


  • Search App by Ask

The following are optional to uninstall but it is HIGHLY recommended that you do.


  • µTorrent

Step 2

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.



  • Download the attached Attached File  fixlist.txt   472bytes   173 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.


Step 3

 jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.



  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Then...

adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.


  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Items I need to see in your next post:
 

  • FRST Fixlog
  • JRT Log
  • ADWCleaner Scan report
  • How did the uninstalls go?

  • 0

#4
ExaBast
Posted 07 July 2015 - 03:11 PM

ExaBast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Admin at 2015-07-07 22:44:16 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
createrestorepoint:
HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\...\MountPoints2: {eaa0a848-6013-11e4-b500-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
AppInit_DLLs-x32: C:/PROGRA~3/{2D71C~1/sosa.dll => C:\ProgramData\{2D71C5B2-7DF3-1434-CC75-64B61CF7B738}\sosa.dll [634880 2014-12-20] ()
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
hosts:
emptytemp:
end
*****************
 
Restore point was successfully created.
"HKU\S-1-5-21-2015994361-3734334988-1783566280-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eaa0a848-6013-11e4-b500-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{eaa0a848-6013-11e4-b500-806e6f6e6963} => key not found. 
"C:/PROGRA~3/{2D71C~1/sosa.dll" => value data removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 214.1 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 22:44:44 ====
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.5 (07.07.2015:2)
OS: Windows 7 Home Premium x64
Ran by Admin on 07.07.2015 at 23:00:47.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] C:\Users\Admin\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Program Files (x86)\askpartnernetwork
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\Users\Admin\appdata\local\ggempire
 
 
 
~~~ Chrome
 
 
[C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  oilkkkefbalmbfppgjmgjoefbclebkce
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.07.2015 at 23:02:02.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v4.207 - Rapport créé le 07/07/2015 à 23:05:22
# Mis à jour le 21/06/2015 par Xplode
# Base de données : 2015-07-05.2 [Serveur]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (x64)
# Nom d'utilisateur : Admin - ADMIN-PC
# Exécuté depuis : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Scanner
 
***** [ Services ] *****
 
 
***** [ Fichiers / Dossiers ] *****
 
 
***** [ Tâches planifiées ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Registre ] *****
 
Clé Trouvée : HKCU\Software\pc speed maximizer
Clé Trouvée : [x64] HKCU\Software\pc speed maximizer
Clé Trouvée : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Clé Trouvée : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Clé Trouvée : HKLM\SOFTWARE\InstallCore
Clé Trouvée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Clé Trouvée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
Donnée Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.132
 
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Trouvée [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_14_51_ch&cd=2XzuyEtN2Y1L1QzuyBzztByE0A0FtA0A0AtDyD0E0EzytByCtN0D0Tzu0StCtDzztAtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzytAyEyE0A0AyEtGtC0ByE0CtG0EyDyD0EtG0FtBtBzztGtC0A0EtBzz0F0E0AyDyB0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0D0B0AyEyBzztBtGyCyDyByDtGyEyD0FyEtG0B0EyC0EtG0F0F0DyEtCzzzyzztC0ByEzy2Q&cr=71528551&ir=
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Trouvée [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13059520826617915","install_warning_on_enable":false,"lastpingday":"13059475201193448","location":6,"manifest":{"background":{"scripts":["common/apnAPI.js","dropdown/js/background.js","settings/assets.js","settings/redirect.js"]},"browser_action":{"default_icon":"config/skin/images/logo/logo_19x.png","default_popup":"dropdown/popup.html","default_title":"Control the Search App by Ask"},"chrome_settings_overrides_":{"homepage":"hxxp://www.search.ask.com/?gct=hp
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Trouvée [Startup_URLs] : E3832E3ED75B4FEC370E2CCF320707C6D07471ED046E457F07518A90BF58CC92"},"software_reporter":{"prompt_reason":"1225B39E486D1D0E064273A514D5FF823540EFE471AC6B9157E5801FD0B6A99F","prompt_seed":"B61982987CD40890BA1C0ED9E182E4DD1AB7B9054561AB77F9AB2BF87384FF80","prompt_version":"378ED87C0695BE48D30E4F4224AE3EBD40FD9EEE4A022AF4E0033FAD20713091"},"sync":{"remaining_rollback_tries":"45D0E4F4E102290B1BF4E6AC5B5C7C9CEE9B9AFA2AC66D3E563A60AC0B6687F7"}},"super_mac":"41A0EFD10D1A65CC9F04D4A4D9550712FC3135A7F9348748B1A8290AC60F693F"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://www.google.com/","hxxps://www.google.com/","hxxp://Vosteran.com/?f=7&a=vst_wnzp01_14_51_ch&cd=2XzuyEtN2Y1L1QzuyBzztByE0A0FtA0A0AtDyD0E0EzytByCtN0D0Tzu0StCtDzztAtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzytAyEyE0A0AyEtGtC0ByE0CtG0EyDyD0EtG0FtBtBzztGtC0A0EtBzz0F0E0AyDyB0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0D0B0AyEyBzztBtGyCyDyByDtGyEyD0FyEtG0B0EyC0EtG0F0F0DyEtCzzzyzztC0ByEzy2Q&cr=71528551&ir=
 
*************************
 
AdwCleaner[R0].txt - [3917 octets] - [07/07/2015 23:05:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3977 octets] ##########
 
 
Both of the uninstalls went normal, no issue there. May I redownload utorrent though?

  • 0

#5
ruggie_uk
Posted 07 July 2015 - 04:07 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Please wait until we are finished, files downloaded by utorrent are a major source of infection.

 

Let's continue :)

 

First...

 

adwcleaner.png Re-run AdwCleaner

Close all open windows and browsers.

  • Right click the adwcleaner.png AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

Next...

 

Next...
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here (or re-run it if you already have it installed)

Install the program and select update
Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
mbam21-detectionandprotection.jpg
Go back to the Dashboard and select Scan Now
mbam21-console.jpg
mbam21-scaninprogress.jpg
If threats are detected, click the Remove Selected button, MBAM will ask for a reboot
mbam21-removeselected.jpg
On completion of the scan (or after the reboot) select Save Results
mbam21-saveresults.jpg
Select text file and save to the desktop.
mbam21-successfullyexported.jpg
Please post that log for my review.


Then...

Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>

  • Click Run Eset Online Scanner


Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology


eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic



How is it running right now?


  • 0

#6
ExaBast
Posted 08 July 2015 - 06:07 AM

ExaBast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
# AdwCleaner v4.207 - Rapport créé le 08/07/2015 à 12:55:15
# Mis à jour le 21/06/2015 par Xplode
# Base de données : 2015-07-05.2 [Serveur]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (x64)
# Nom d'utilisateur : Admin - ADMIN-PC
# Exécuté depuis : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
 
***** [ Fichiers / Dossiers ] *****
 
 
***** [ Tâches planifiées ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Registre ] *****
 
Donnée Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.132
 
 
*************************
 
AdwCleaner[R0].txt - [4069 octets] - [07/07/2015 23:05:22]
AdwCleaner[R1].txt - [4129 octets] - [08/07/2015 12:34:37]
AdwCleaner[R2].txt - [1077 octets] - [08/07/2015 12:54:43]
AdwCleaner[S0].txt - [4157 octets] - [08/07/2015 12:35:12]
AdwCleaner[S1].txt - [1002 octets] - [08/07/2015 12:55:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1062  octets] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Date de l'analyse: 08.07.2015
Heure de l'analyse: 12:57
Fichier journal: MAM.txt
Administrateur: Oui
 
Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.07.08.03
Base de données de rootkits: v2015.07.07.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
 
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Admin
 
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 379832
Temps écoulé: 7 min, 53 s
 
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
 
Processus: 0
(Aucun élément malveillant détecté)
 
Modules: 0
(Aucun élément malveillant détecté)
 
Clés du registre: 0
(Aucun élément malveillant détecté)
 
Valeurs du registre: 0
(Aucun élément malveillant détecté)
 
Données du registre: 0
(Aucun élément malveillant détecté)
 
Dossiers: 0
(Aucun élément malveillant détecté)
 
Fichiers: 0
(Aucun élément malveillant détecté)
 
Secteurs physiques: 0
(Aucun élément malveillant détecté)
 
 
(end)
 
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=7ac424379b5b4f4fb231ec7e8b60ee78
# end=init
# utc_time=2015-07-08 11:10:58
# local_time=2015-07-08 01:10:58 )
# country="Switzerland"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24698
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=7ac424379b5b4f4fb231ec7e8b60ee78
# end=updated
# utc_time=2015-07-08 11:13:31
# local_time=2015-07-08 01:13:31 )
# country="Switzerland"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7ac424379b5b4f4fb231ec7e8b60ee78
# engine=24698
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-08 12:01:46
# local_time=2015-07-08 02:01:46 )
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 1632948 21319445 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 55015 187986756 0 0
# scanned=235472
# found=16
# cleaned=0
# scan_time=2894
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat"
sh=01201D02819EC58E48B8CD4DAD0A6703C2E5C5C0 ft=1 fh=4532c9a8b5246b0f vn="Win32/DealPly.AQ potentially unwanted application" ac=I fn="C:\ProgramData\{2D71C5B2-7DF3-1434-CC75-64B61CF7B738}\sosa.dll"
sh=3010576302388FE4059A1B9717FDC5BF3E70F745 ft=1 fh=0728c55d63169d1b vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.4.2_35141.exe"
sh=317110667071552409A0A748EE7B6251441C4852 ft=1 fh=420885c2925f7928 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe"
sh=1A3BC3072587DA441A49D6C845EFD8B3C945F365 ft=1 fh=a25a0b6f10eacf76 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Admin\Downloads\ccsetup419pro.exe"
sh=BCA0BBDC1ECA7D7049B11DFDF06A731B0DEB0330 ft=1 fh=5d043d2b7dcbb6c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Admin\Downloads\ccsetup507 (1).exe"
sh=BCA0BBDC1ECA7D7049B11DFDF06A731B0DEB0330 ft=1 fh=5d043d2b7dcbb6c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Admin\Downloads\ccsetup507.exe"
sh=3AC763E9636ED184E470B34D1CE23FED832577E1 ft=1 fh=3bc72a96a1c8db23 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Admin\Downloads\flstudio_11.1.1.exe"
sh=9920DB30461574924C73CD28D79E80FA0B99468D ft=1 fh=ea06da86d65f537d vn="Win32/InstallMonetizer.AF potentially unwanted application" ac=I fn="C:\Users\Admin\Downloads\FreeMouseAutoClickerSetup [1].exe"
sh=EEDEB0D42116D215EADC9C45E6476F28AC181F19 ft=0 fh=0000000000000000 vn="Win32/HackKMS.A potentially unsafe application" ac=I fn="C:\Users\Admin\Downloads\Office pro+ 2010 64bits.rar"
sh=4CEA705682BB790C11ABEF4561B0A3A04C405172 ft=1 fh=b2e2ce7ff5f99577 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Admin\Downloads\spsetup128.exe"
sh=0897DCFA81B44F8BF2F295B6B6F11714F745EDD9 ft=1 fh=af62edc7925f7928 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Admin\Downloads\uTorrent (1).exe"
sh=3010576302388FE4059A1B9717FDC5BF3E70F745 ft=1 fh=0728c55d63169d1b vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Admin\Downloads\uTorrent.exe"
sh=A354121AEBC556DE7518AEE52F51EFB6A94925E2 ft=1 fh=11769a64d3d44078 vn="a variant of Win32/InstallCore.TS potentially unwanted application" ac=I fn="C:\Users\Admin\Downloads\winzip19-lan_fr.exe"
sh=01201D02819EC58E48B8CD4DAD0A6703C2E5C5C0 ft=1 fh=4532c9a8b5246b0f vn="Win32/DealPly.AQ potentially unwanted application" ac=I fn="C:\Users\All Users\{2D71C5B2-7DF3-1434-CC75-64B61CF7B738}\sosa.dll"
sh=EA0EE3C9B4FB6B2B00B0074C1F5303291FF081B9 ft=1 fh=e40dd9938df1a373 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI2730.tmp"
 
 
It works now ! I don't know how to thank you ! Thanks alot.

  • 0

#7
ruggie_uk
Posted 08 July 2015 - 08:40 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Let's get rid of the remnants.

 

 

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.
 

  • Download the attached Attached File  fixlist.txt   187bytes   167 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

  • 0

#8
ExaBast
Posted 08 July 2015 - 09:26 AM

ExaBast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Admin at 2015-07-08 17:26:05 Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
C:\ProgramData\{2D71C5B2-7DF3-1434-CC75-64B61CF7B738}
C:\Users\Admin\Downloads\Office pro+ 2010 64bits.rar
C:\Users\All Users\{2D71C5B2-7DF3-1434-CC75-64B61CF7B738}\sosa.dll
end
*****************
 
C:\ProgramData\{2D71C5B2-7DF3-1434-CC75-64B61CF7B738} => moved successfully.
C:\Users\Admin\Downloads\Office pro+ 2010 64bits.rar => moved successfully.
"C:\Users\All Users\{2D71C5B2-7DF3-1434-CC75-64B61CF7B738}\sosa.dll" => File/Folder not found.
 
==== End of Fixlog 17:26:05 ====

  • 0

#9
ruggie_uk
Posted 09 July 2015 - 09:27 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings

    delfix-select.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

We need to uninstall a program
Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select the following programs from the list below, one at a time and click Uninstall.
  • ESET Online Scanner

Delete the following Files and Folders (If Present):
C:\Program Files (x86)\ESET
Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 7
To turn on Automatic Updates yourself, follow these steps:
  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.



It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.

JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
  • For Firefox, install the NoScript add-on.
  • For Chrome, install the ScriptSafe add-on.
    -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
  • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
  • Download the latest version of the Java Runtime Environment (JRE) Version from Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 8u25
  • Click the "Download button under "JRE".
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 8u25 heading:
    To install the version for your system:
    • For Windows 64bit systems, look for Windows x64 - 88.37MB, click the jre-8u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.

  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java
  • Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
  • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    • Java 7 Update
    • Java 8 (64-bit)
    • Java SE Development Kit 8

  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

C.
Install the latest JAVA

Back on your desktop:
  • Right click the  jre-8u25-windows-x64.exe file, click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
  • Please click here to go to the FlashPlayer Installation page.
  • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
    • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.

  • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
  • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
  • Close the browser and all open windows.
  • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.


Cryptolocker Warning
Go here for information about CryptoLocker Ransomeware.
The main thing with this infection is ~ Backup.
If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

Recommended Programs
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
Cryptoprevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.


  • 0

#10
ExaBast
Posted 09 July 2015 - 10:19 AM

ExaBast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
# DelFix v1.010 - Rapport créé le 09/07/2015 à 18:16:06
# Mis à jour le 26/04/2015 par Xplode
# Nom d'utilisateur : Admin - ADMIN-PC
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activation de l'UAC ... OK
 
~ Suppression des outils de désinfection ...
 
Supprimé : C:\FRST
Supprimé : C:\AdwCleaner
Supprimé : C:\RegBackup
Supprimé : C:\Users\Admin\Desktop\AdwCleaner.exe
Supprimé : C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
Supprimé : C:\Users\Admin\Desktop\Fixlog.txt
Supprimé : C:\Users\Admin\Desktop\FRST64.exe
Supprimé : C:\Users\Admin\Desktop\JRT.exe
Supprimé : C:\Users\Admin\Downloads\ZHPCleaner-2015.7.5.290.exe
Supprimée : HKLM\SOFTWARE\AdwCleaner
 
~ Sauvegarde de la base de registre ... OK
 
~ Purge de la restauration système ...
 
Supprimé : RP #120 [Restore Point Created by FRST | 07/07/2015 20:44:17]
 
Nouveau point de restauration créé !
 
~ Réinitialisation des paramètres système ... OK
 
########## - EOF - ##########

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP