Hello everyone
It seems that my PC was infected by spyware or malware and i have a lot of unkown processes !!
I followed the this guide posted by adminitrator and here are the results :
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-04-2016 01
Ran by Yassine (administrator) on YASSINE-PC (11-04-2016 11:47:39)
Running from C:\Users\Yassine\Downloads
Loaded Profiles: Yassine (Available Profiles: Yassine)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nomadio, Inc.) C:\Program Files\Connectify\ConnectifyService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star International) C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(MSI) C:\Program Files\MSI\Super Charger\ChargeService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nomadio, Inc.) C:\Program Files\Connectify\Connectifyd.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(MSI) C:\Program Files\MSI\Super Charger\Super Charger.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\FileTransfer.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(BitTorrent Inc.) C:\Users\Yassine\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Nomadio, Inc.) C:\Program Files\Connectify\Connectify.exe
(BitTorrent Inc.) C:\Users\Yassine\AppData\Roaming\uTorrent\updates\3.4.6_42042\utorrentie.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe
(BitTorrent Inc.) C:\Users\Yassine\AppData\Roaming\uTorrent\updates\3.4.6_42042\utorrentie.exe
(Micro-Star International) C:\Program Files\MSI\Live Update\Live Update.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraCiscoJabberDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraShoreTelDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraBriaDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraBroadSoftDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraNECDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraMicrosoftLyncPresence.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
(Unity Technologies ApS) C:\Users\Yassine\AppData\Local\Unity\WebPlayer\Uninstall.exe
(Unity Technologies ApS) C:\Users\Yassine\AppData\Local\Temp\~nsu.tmp\Au_.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
() C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-05-18] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2013-08-12] (Renesas Electronics Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-07] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM\...\Run: [Live Update] => C:\Program Files\MSI\Live Update\StartLiveUpdate.exe [579024 2014-07-01] (Micro-Star International)
HKLM\...\Run: [Super Charger] => C:\Program Files\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [FileTransferForMobileGo] => C:\Program Files\Wondershare\MobileGo for Android\FileTransfer.exe [336272 2014-11-05] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [ZALFree] => C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [uTorrent] => C:\Users\Yassine\AppData\Roaming\uTorrent\uTorrent.exe [1976320 2016-03-26] (BitTorrent Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [Google Update] => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [Connectify] => C:\Program Files\Connectify\Connectify.exe [1191936 2010-03-26] (Nomadio, Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\MountPoints2: {6298f255-281c-11e3-89b5-8c89a53000f5} - H:\
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\MountPoints2: {e223e9f2-7411-11e4-97ff-8c89a53000f5} - I:\LG_PC_Programs.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-29] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Jabra Device Service.lnk [2014-12-26]
ShortcutTarget: Jabra Device Service.lnk -> C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe (GN Netcom A/S)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2014-11-24]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{68F67741-BFDF-4EE5-9359-071DFEF7D797}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{70BCA8FA-6888-4F32-A704-2711CBC72097}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.myplaycity.com/
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13986&tm=543&src=hmp
URLSearchHook: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=543&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=543&src=ds&p={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2015-09-19] (Yahoo! Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-11] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-11] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2015-09-19] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-11] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\adslTV\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\adslTV\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @hola.org/vlc,version=1.6.732 -> C:\Users\Yassine\AppData\Local\Hola\firefox\app\vlc [2015-02-23] ()
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @squareclock.com/SQ3DPlayer_Production_HBMV1 -> C:\Users\Yassine\AppData\Local\SquareClock.Production_HBMV1\NPSQ3D.dll [2015-07-01] (SquareClock SAS)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Yassine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @talk.google.com/O1DPlugin -> C:\Users\Yassine\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Yassine\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-02] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Yassine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Yassine\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2014-11-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-05-29]
FF Extension: Alexa Sparky - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2015-12-27]
FF Extension: EPUBReader - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-02-17]
FF Extension: Xmarks - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2016-03-18]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2016-04-07]
FF Extension: Fast Dial - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2016-04-09]
FF Extension: Weather Forecast Plus - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\[email protected] [2016-03-16]
FF Extension: Flagfox - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-03-18]
FF Extension: NoScript - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: Video DownloadHelper - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-13] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-10-08]
Chrome:
=======
CHR Profile: C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-21]
CHR Extension: (Google Docs) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-21]
CHR Extension: (Google Drive) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-21]
CHR Extension: (YouTube) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-21]
CHR Extension: (Recherche Google) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-02-21]
CHR Extension: (Google Sheets) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-21]
CHR Extension: (Google Docs hors connexion) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-21]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-21]
CHR Extension: (Gmail) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-16] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4403136 2016-03-16] (Avast Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MSI_LiveUpdate_Service; C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe [84432 2014-07-01] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646056 2011-03-31] (Rosetta Stone Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-04-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-04-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-04-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-04-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-04-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-04-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-04-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-04-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-04-11] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-09-28] (DT Soft Ltd)
R3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [22040 2010-08-18] (Intel Corporation)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraBcDfuX86.sys [33144 2014-11-27] (GN Netcom A/S)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [127936 2015-11-05] (Zemana Ltd.)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [156416 2015-10-08] (Intel Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [136432 2016-04-11] (AVAST Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files\MSI\Super Charger\NTIOLib.sys [14392 2012-10-26] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files\MSI\Live Update\NTIOLib.sys [7680 2010-10-20] (MSI) [File not signed]
S3 NTIOLib_MSISMB_CC; C:\Program Files\MSI\ControlCenter\Sleep\NTIOLib.sys [7680 2012-11-09] (MSI) [File not signed]
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2013-08-12] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2013-08-12] (Renesas Electronics Corporation)
S3 SkyNetU2CBDA; C:\Windows\System32\DRIVERS\SkyNetU2CBDA.sys [293464 2011-05-10] (TechniSat Digital, S.A.)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [15112 2007-05-02] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [109704 2007-05-02] (MCCI Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [252152 2016-03-16] (Avast Software)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw.sys [52512 2014-07-08] (StdLib)
R3 MEMSWEEP2; \??\C:\Windows\system32\2CAB.tmp [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-11 11:47 - 2016-04-11 11:54 - 00028717 _____ C:\Users\Yassine\Downloads\FRST.txt
2016-04-11 11:44 - 2016-04-11 11:47 - 00000000 ____D C:\FRST
2016-04-11 11:42 - 2016-04-11 11:42 - 01725952 _____ (Farbar) C:\Users\Yassine\Downloads\FRST.exe
2016-04-11 04:15 - 2016-04-11 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-11 04:13 - 2016-03-16 15:12 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8A0F.tmp
2016-04-11 04:13 - 2016-03-16 15:12 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9C2B.tmp
2016-04-11 04:13 - 2016-03-16 15:08 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA7FF.tmp
2016-04-11 04:13 - 2016-03-16 15:07 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAF41.tmp
2016-04-11 04:13 - 2016-03-16 15:05 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswB605.tmp
2016-04-11 04:13 - 2016-03-16 15:05 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\asw92D6.tmp
2016-04-11 04:13 - 2016-03-16 15:05 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA1E6.tmp
2016-04-11 04:13 - 2016-03-16 15:05 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\asw972B.tmp
2016-04-11 04:13 - 2016-03-16 15:04 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8434.tmp
2016-04-11 04:12 - 2016-04-11 04:11 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-11 04:12 - 2016-03-16 15:04 - 00129144 _____ (AVAST Software) C:\Windows\system32\Drivers\ngv7D31.tmp
2016-04-11 04:11 - 2016-04-11 04:11 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-11 04:07 - 2016-04-11 04:16 - 22851472 _____ (Malwarebytes ) C:\Users\Yassine\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-11 03:45 - 2016-04-11 03:45 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Sun
2016-04-11 03:45 - 2016-04-11 03:45 - 00000000 ____D C:\Users\Yassine\.oracle_jre_usage
2016-04-11 03:45 - 2016-04-11 03:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-11 03:45 - 2016-04-11 03:44 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-04-11 03:43 - 2016-04-11 03:43 - 00000000 ____D C:\Users\Yassine\AppData\LocalLow\Oracle
2016-04-11 03:43 - 2016-04-11 03:43 - 00000000 ____D C:\Program Files\Java
2016-04-11 03:30 - 2016-04-11 03:30 - 00000005 _____ C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp
2016-04-11 03:17 - 2016-04-11 03:18 - 00000079 _____ C:\Windows\wininit.ini
2016-04-11 03:16 - 2016-04-11 03:37 - 50796608 _____ (Oracle Corporation) C:\Users\Yassine\Downloads\jre-8u77-windows-i586.exe
2016-04-11 03:12 - 2016-04-11 03:16 - 11614040 _____ (Microsoft Corporation) C:\Users\Yassine\Downloads\mseinstall.exe
2016-04-11 00:52 - 2016-04-11 00:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Yassine\Downloads\HijackThis.exe
2016-04-11 00:51 - 2016-04-11 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-11 00:51 - 2016-04-11 00:51 - 00000000 ____D C:\Program Files\Sophos
2016-04-11 00:50 - 2016-04-11 00:51 - 01339288 _____ C:\Users\Yassine\Downloads\sophos-anti-rootkit_sophos_anti-rootkit_1.5_anglais_24143.exe
2016-04-11 00:48 - 2016-04-11 00:48 - 00001102 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2016-04-11 00:48 - 2016-04-11 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2016-04-11 00:48 - 2016-04-11 00:48 - 00000000 ____D C:\Program Files\Zemana AntiLogger Free
2016-04-11 00:48 - 2016-04-11 00:48 - 00000000 ____D C:\Program Files\KeyCryptSDK
2016-04-11 00:48 - 2015-11-05 15:00 - 00127936 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt32.sys
2016-04-11 00:47 - 2016-04-11 00:47 - 00000000 ____D C:\Users\Yassine\AppData\Local\Zemana
2016-04-11 00:47 - 2016-04-11 00:47 - 00000000 ____D C:\Users\Yassine\AppData\Local\AntiLogger Free
2016-04-11 00:46 - 2016-04-11 00:46 - 00001132 _____ C:\Users\Yassine\Desktop\Live PC Help.lnk
2016-04-11 00:41 - 2016-04-11 00:42 - 03719928 _____ (Zemana Ltd. ) C:\Users\Yassine\Downloads\AntiLoggerFree_Setup_1.8.2.320.exe
2016-04-11 00:37 - 2016-04-11 00:37 - 00615478 _____ C:\Users\Yassine\Downloads\Autoruns.zip
2016-04-11 00:12 - 2016-04-11 00:13 - 01686759 _____ C:\Users\Yassine\Downloads\PSTools.zip
2016-04-11 00:08 - 2016-04-11 00:08 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-04-10 15:59 - 2016-04-10 15:59 - 00627521 _____ C:\Users\Yassine\Downloads\دراسة طرق مختلفة لخف ثمار النخيل صنف شهلة لتحسين مواصفاتها.pdf
2016-04-09 23:06 - 2016-04-09 23:07 - 00369176 _____ (Connectify) C:\Users\Yassine\Downloads\Connectify2016Installer.exe.part
2016-04-09 12:36 - 2016-04-09 12:36 - 00000000 ____D C:\Users\Yassine\AppData\Local\Systweak
2016-04-08 02:14 - 2016-04-08 02:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriver_01011.Wdf
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\2C0A
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0C0A
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0C04
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0816
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0804
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0424
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041F
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041E
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041D
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041B
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0419
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0416
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0415
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0414
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0413
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0412
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0411
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0410
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040E
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040D
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040C
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040B
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040A
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0408
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0407
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0406
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0405
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0404
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0401
2016-04-08 01:12 - 2016-04-08 01:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf
2016-04-07 23:55 - 2016-04-09 12:06 - 00001668 _____ C:\Windows\system32\ASOROSet.bin
2016-04-07 23:55 - 2016-04-07 23:55 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2016-04-07 23:44 - 2016-04-11 00:46 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Systweak
2016-04-07 23:34 - 2016-04-11 00:46 - 00000000 ____D C:\ProgramData\Systweak
2016-04-07 23:34 - 2016-04-11 00:45 - 00000000 ____D C:\Program Files\Advanced System Optimizer 3
2016-04-07 23:15 - 2016-04-07 23:16 - 00496545 _____ C:\Users\Yassine\Downloads\دودة البلح.pdf
2016-04-07 14:54 - 2016-04-07 14:55 - 00111146 _____ C:\Users\Yassine\Downloads\chaine hyper.rar
2016-04-04 23:14 - 2016-04-04 23:17 - 01075002 _____ C:\Users\Yassine\Downloads\Irrigation of Sandy Soils, Basics and Scheduling.pdf
2016-04-04 22:55 - 2016-04-04 22:56 - 00448581 _____ C:\Users\Yassine\Downloads\متطلبات مراقبة المياه الجوفية__لإدارة استجابة الخزان الجوفي وتهديدات النوعية.pdf
2016-04-04 18:20 - 2016-04-04 18:20 - 00047160 _____ C:\Users\Yassine\Downloads\Microcat Hyundai 2015.12.rar
2016-04-04 18:12 - 2016-04-04 18:12 - 00047086 _____ C:\Users\Yassine\Downloads\Microcat Hyundai 11-12.2015.zip
2016-04-03 21:55 - 2016-04-03 21:58 - 01172397 _____ C:\Users\Yassine\Downloads\دراسة الخصائص الفيزيائية والكيميائية لمياه ثلاث ابار في مدينة __كركوك وتحديد المحتوى الطحلبي لها.pdf
2016-04-03 21:52 - 2016-04-03 21:52 - 00286712 _____ C:\Users\Yassine\Downloads\تأثير اضافة نسب متوازنة من الاسمدة الكيميائية في نمو فسائل نخيل التمر .Phoenix dactylifera L__ صنف البرحي.pdf
2016-03-26 13:40 - 2016-04-11 01:11 - 00000000 ____D C:\Users\Yassine\AppData\LocalLow\uTorrent
2016-03-24 16:26 - 2016-03-24 16:37 - 11637039 _____ C:\Users\Yassine\Downloads\نخيل التمر في المملكة العربية السعودية.pdf
2016-03-22 01:10 - 2016-03-22 01:16 - 12076832 _____ C:\Users\Yassine\Downloads\رحلة الحمل والولادة خطوه بخطوه .pdf
2016-03-22 00:45 - 2016-03-22 00:45 - 01024741 _____ C:\Users\Yassine\Downloads\تحاليل مياة الري والتربة والنبات.pdf
2016-03-21 16:55 - 2016-03-21 16:55 - 00275035 _____ C:\Users\Yassine\Downloads\CV_DJALAL - B.pdf
2016-03-21 01:11 - 2016-03-21 01:15 - 05634785 _____ C:\Users\Yassine\Downloads\[F__W_Howard;_et_al]_Insects_on_palms(BookZZ.org).pdf
2016-03-21 01:09 - 2016-03-21 01:14 - 10572940 _____ C:\Users\Yassine\Downloads\كتاب تشخيص الأمراض الفطرية.pdf
2016-03-19 08:10 - 2016-03-21 13:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-17 03:53 - 2016-03-17 03:53 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-16 23:54 - 2016-02-09 07:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-16 23:54 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-16 23:54 - 2016-02-08 21:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-16 23:54 - 2016-02-08 21:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-16 23:54 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-16 23:54 - 2016-02-08 21:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-16 23:54 - 2016-02-08 21:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-16 23:54 - 2016-02-08 21:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-16 23:54 - 2016-02-08 21:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-16 23:54 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-16 23:54 - 2016-02-08 21:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-16 23:54 - 2016-02-08 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-16 23:54 - 2016-02-08 21:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-16 23:54 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-16 23:54 - 2016-02-08 21:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-16 23:54 - 2016-02-08 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-16 23:54 - 2016-02-08 21:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-16 23:54 - 2016-02-08 21:23 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-16 23:54 - 2016-02-08 21:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-16 23:54 - 2016-02-08 21:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-16 23:54 - 2016-02-08 21:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-16 23:54 - 2016-02-08 21:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-16 23:54 - 2016-02-08 21:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-16 23:54 - 2016-02-08 21:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-16 23:54 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-16 23:54 - 2016-02-08 21:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-16 23:54 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-16 23:54 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-16 23:54 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-16 23:54 - 2016-02-08 21:02 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-16 23:54 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-16 23:54 - 2016-02-08 21:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-16 23:54 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-16 23:54 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-16 23:54 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-16 20:25 - 2016-02-09 10:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-16 20:25 - 2016-02-03 18:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-16 20:24 - 2016-02-04 18:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-16 20:19 - 2016-02-04 19:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-16 20:14 - 2016-02-11 19:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-16 20:14 - 2016-02-11 19:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-16 20:14 - 2016-02-11 19:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-16 20:14 - 2016-02-11 19:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-16 20:14 - 2016-02-11 19:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-16 20:14 - 2016-02-11 19:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-16 20:14 - 2016-02-11 19:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-16 20:14 - 2016-02-11 19:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-16 20:14 - 2016-02-11 19:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-16 20:14 - 2016-02-11 19:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-16 20:14 - 2016-02-11 19:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-16 20:14 - 2016-02-11 19:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-16 20:14 - 2016-02-11 19:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-16 20:14 - 2016-02-11 19:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-16 20:14 - 2016-02-11 19:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-16 20:14 - 2016-02-11 19:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-16 20:14 - 2016-02-11 19:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-16 20:14 - 2016-02-11 19:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-16 20:14 - 2016-02-11 18:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-16 20:14 - 2016-02-11 18:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-16 20:14 - 2016-02-11 18:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-16 20:14 - 2016-02-11 18:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-16 20:14 - 2016-02-11 18:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-16 20:14 - 2016-02-11 18:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-16 20:14 - 2016-02-11 18:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-16 20:14 - 2016-02-11 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-16 20:14 - 2016-02-11 18:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-16 20:08 - 2016-02-12 19:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-16 20:08 - 2016-02-12 19:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-16 20:08 - 2016-02-12 19:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-16 20:08 - 2016-02-12 19:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-16 20:08 - 2016-02-12 19:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-16 20:08 - 2016-02-12 19:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-16 20:08 - 2016-02-12 19:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-16 20:08 - 2016-02-12 19:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-16 20:08 - 2016-02-12 19:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-16 20:08 - 2016-02-12 19:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-16 20:08 - 2016-02-12 19:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-16 20:03 - 2016-02-03 19:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-16 20:03 - 2016-02-03 19:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-16 20:03 - 2016-02-03 19:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-16 19:46 - 2016-02-19 19:50 - 00034240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-16 19:46 - 2016-02-19 19:41 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-16 19:46 - 2016-02-19 15:07 - 01206784 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-16 19:46 - 2016-02-11 15:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-16 19:46 - 2016-02-05 15:07 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-16 19:46 - 2016-02-05 15:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-16 19:46 - 2016-02-05 15:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-16 19:45 - 2016-02-05 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-16 19:45 - 2016-02-05 19:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-16 19:45 - 2016-02-05 19:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-16 19:45 - 2016-02-05 18:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-16 19:45 - 2016-02-05 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-16 19:40 - 2016-02-09 10:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-16 19:40 - 2016-02-09 10:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-16 19:40 - 2016-02-09 10:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-16 19:40 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-16 19:40 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-16 19:25 - 2016-01-11 19:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-16 15:05 - 2016-04-11 04:09 - 00136432 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-11 11:55 - 2013-09-28 14:24 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\uTorrent
2016-04-11 11:44 - 2013-09-28 14:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-11 11:38 - 2009-07-14 05:34 - 00038416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-11 11:38 - 2009-07-14 05:34 - 00038416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-11 11:30 - 2016-02-21 14:24 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 04:11 - 2014-07-19 06:01 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00124808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-11 04:10 - 2014-07-19 06:01 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-11 04:10 - 2014-07-19 06:01 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-11 03:46 - 2013-10-25 19:12 - 00000000 ____D C:\ProgramData\Oracle
2016-04-11 03:45 - 2013-09-28 09:44 - 00000000 ____D C:\Users\Yassine
2016-04-11 03:31 - 2014-04-07 17:42 - 00000000 ____D C:\ProgramData\HTC
2016-04-11 03:31 - 2014-04-07 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2016-04-11 03:31 - 2014-04-07 14:25 - 00000000 ____D C:\Program Files\HTC
2016-04-11 03:27 - 2014-04-07 14:25 - 00000000 ____D C:\Users\Yassine\AppData\Local\Downloaded Installations
2016-04-11 03:18 - 2014-07-20 05:44 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-04-11 03:17 - 2014-07-20 05:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-11 02:39 - 2013-09-28 18:48 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\vlc
2016-04-11 01:09 - 2016-02-21 14:24 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 01:09 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-11 00:31 - 2015-10-23 11:21 - 00000000 ____D C:\Users\Yassine\AppData\Local\FluxSoftware
2016-04-11 00:08 - 2013-09-28 14:17 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-11 00:08 - 2013-09-28 14:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-11 00:05 - 2014-01-14 12:27 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000Core.job
2016-04-09 12:33 - 2015-07-03 22:51 - 00000000 ____D C:\Windows\system32\vbox
2016-04-09 12:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-04-08 02:17 - 2013-09-28 09:50 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-08 02:14 - 2013-07-08 08:33 - 00000000 ____D C:\TEMP
2016-04-08 01:21 - 2009-07-14 05:56 - 00000000 ____D C:\Windows\system32\0409
2016-04-08 01:12 - 2013-09-28 09:49 - 00000000 ____D C:\Program Files\Intel
2016-04-07 23:57 - 2014-03-18 00:49 - 00000000 ____D C:\Windows\Minidump
2016-04-07 23:57 - 2013-09-28 19:30 - 00000000 ____D C:\Windows\Panther
2016-04-07 23:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2016-04-07 23:54 - 2014-06-07 23:09 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2016-04-07 23:54 - 2013-09-28 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-07 23:33 - 2015-04-04 01:59 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\JOSM
2016-04-07 22:43 - 2009-07-14 05:33 - 00478128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-07 15:38 - 2013-09-28 10:01 - 00122584 _____ C:\Users\Yassine\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-07 15:31 - 2014-08-07 15:56 - 00014848 ___SH C:\Users\Yassine\Documents\Thumbs.db
2016-04-07 15:31 - 2013-09-28 09:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-04-07 15:30 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Microsoft Games
2016-04-07 15:29 - 2015-03-10 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-04-07 15:29 - 2014-10-05 01:19 - 00000000 ____D C:\Users\Yassine\Documents\My Games
2016-04-07 15:18 - 2013-10-24 23:33 - 00000000 ____D C:\ProgramData\TEMP
2016-04-07 15:14 - 2014-07-23 05:46 - 00000000 ____D C:\Program Files\Ubisoft
2016-04-02 13:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-03-30 20:41 - 2016-02-21 14:37 - 00002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-24 03:03 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-21 13:32 - 2013-09-28 13:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-17 03:49 - 2014-12-11 17:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-17 03:30 - 2014-01-05 11:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-17 03:23 - 2009-07-14 03:04 - 00000580 _____ C:\Windows\win.ini
2016-03-17 03:18 - 2013-09-28 21:58 - 00000000 ____D C:\Windows\system32\MRT
2016-03-17 03:10 - 2013-09-28 21:58 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-16 15:05 - 2014-07-19 05:59 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-16 15:04 - 2014-07-19 06:00 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-16 13:21 - 2015-12-26 02:53 - 00000000 ____D C:\Program Files\Common Files\AV
==================== Files in the root of some directories =======
2014-07-18 01:59 - 2010-03-18 17:15 - 0421200 _____ (Microsoft Corporation) C:\Users\Yassine\AppData\Roaming\msvcp100.dll
2014-07-18 01:59 - 2010-03-18 17:15 - 0770384 _____ (Microsoft Corporation) C:\Users\Yassine\AppData\Roaming\msvcr100.dll
2014-07-18 01:59 - 2014-06-18 09:58 - 1800304 _____ (Mozilla Foundation) C:\Users\Yassine\AppData\Roaming\nss3.dll
2014-07-18 01:26 - 2014-07-19 06:13 - 0013533 _____ () C:\Users\Yassine\AppData\Roaming\SHELLS.exe.tmp
2014-08-23 16:22 - 2015-02-01 22:28 - 0003584 _____ () C:\Users\Yassine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-29 11:57 - 2013-09-29 11:57 - 0001012 _____ () C:\Users\Yassine\AppData\Local\recently-used.xbel
2015-07-01 04:37 - 2015-07-01 04:37 - 0353118 _____ () C:\Users\Yassine\AppData\Local\SquareClock.Production_HBMV1Icon.ico
2014-04-01 17:11 - 2014-09-27 19:44 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2013-10-15 15:35 - 2013-10-15 15:35 - 0005037 _____ () C:\ProgramData\mxnhytee.feu
Some files in TEMP:
====================
C:\Users\Yassine\AppData\Local\Temp\fbfwxr.exe
C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe
C:\Users\Yassine\AppData\Local\Temp\gbtblb.exe
C:\Users\Yassine\AppData\Local\Temp\wlgfvs.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-02 13:27
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-04-2016 01
Ran by Yassine (2016-04-11 11:56:20)
Running from C:\Users\Yassine\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2013-09-28 08:44:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3657657661-1632738645-1670484084-500 - Administrator - Disabled)
Guest (S-1-5-21-3657657661-1632738645-1670484084-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3657657661-1632738645-1670484084-1002 - Limited - Enabled)
Yassine (S-1-5-21-3657657661-1632738645-1670484084-1000 - Administrator - Enabled) => C:\Users\Yassine
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\uTorrent) (Version: 3.4.6.42042 - BitTorrent Inc.)
4shared Desktop (HKLM\...\4shared Desktop) (Version: - )
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.320 (HKLM\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{77CC2F8A-95FC-D8DC-51C4-C5CE1C3247F5}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avast Premium (HKLM\...\Avast) (Version: 11.2.2261 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Connectify (HKLM\...\Connectify) (Version: 1.2.0.14599 - Nomadio, Inc.)
ControlCenter (HKLM\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
D-Link Powerline AV Utility (HKLM\...\D-Link Powerline AV Utility) (Version: 2.12.0.0 - D-Link Corporation.)
EOBD II Fault Codes (HKLM\...\ST6UNST #1) (Version: - )
FertiManager4 (HKLM\...\{B41C85DC-6DE5-4E5C-8C3E-9176E95A87B2}) (Version: 4.00.0000 - HortiSoft Maroc)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Earth Pro 7.1.1.1888 Final (HKLM\...\Google Earth Pro 7.1.1.1888 Final7.1.1.1888) (Version: 7.1.1.1888 - Friends in War)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HomeByMe (HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\SquareClock_Production_HBMV1) (Version: - 3DVIA Dassault Systemes)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - اسم شركتك)
HydraVision (Version: 4.2.208.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Jabra PC Suite 2.16.9388 (HKLM\...\{64A71A4A-2C43-4B5A-896E-42906D88E00D}) (Version: 2.16.9388.0 - GN Netcom A/S)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JOSM 8159 (HKLM\...\JOSM) (Version: 8159 - OpenStreetMap JOSM team)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LibreOffice 4.0.4.2 (HKLM\...\{FE88323B-9F0E-4596-8F56-37757C6918E9}) (Version: 4.0.4.2 - The Document Foundation)
Magic Data Recovery Pack (HKLM\...\Magic Data Recovery Pack) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Age of Empires II Trial Version (HKLM\...\Age of Empires II Trial) (Version: - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 fr) (HKLM\...\Mozilla Firefox 45.0.1 (x86 fr)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSI Live Update (HKLM\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.006 - MSI)
MSI Super Charger (HKLM\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Rosetta Stone Ltd Services (HKLM\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80403 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.80403 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Anti-Rootkit 1.5.0 (HKLM\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Starry Night Pro Plus 6 (HKLM\...\Starry Night Pro Plus 6) (Version: 6.0.0.0 - Imaginova Canada Ltd.)
TechniSat DVB-PC TV Star (HKLM\...\{CE9F9FBC-5253-46D2-9883-09E55003D794}) (Version: 1.0.0 - TechniSat)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.7.0.113 - KMP Media co., Ltd)
Theme Hospital (HKLM\...\Hospital) (Version: - )
Unity Web Player (HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{8D97B9A2-D73D-4CB6-9D1F-D25178AC4EDE}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM\...\{90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft)
Utilitaires Sierra (HKLM\...\Utilitaires Sierra) (Version: - )
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WiFi Coverage 2.0 (HKLM\...\WiFi Coverage_is1) (Version: - Couitchy Corp.)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare MobileGo for Android ( Version 5.3.2 ) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 5.3.2 - Wondershare)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Yassine\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{f8f45982-eafc-4d16-96b3-b528699dd0d5}\InprocServer32 -> C:\Users\Yassine\AppData\Local\SquareClock.Production_HBMV1\SQ.Plugin.IE.dll (SquareClock SAS)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01F0800F-2B78-44AB-B330-0B2FEF1CA939} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-11] (Adobe Systems Incorporated)
Task: {0B69458D-08BF-431E-B405-E26F01C53894} - System32\Tasks\SafeZone scheduled Autoupdate 1458183214 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {0DC58763-D502-4DAA-9D4C-96F9DE2E398A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {184A4A73-C264-4745-A7E4-4E4114B475E6} - System32\Tasks\{302B35BD-F0A2-4B21-B284-E9D0E5B17774} => pcalua.exe -a C:\Users\Yassine\Downloads\USBDRVEN.EXE -d C:\Users\Yassine\Downloads
Task: {1CB03C34-EF0C-497B-8FB7-A11C2816EEA8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000Core => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {24315CF4-FE0E-4E08-979D-38A688923B97} - System32\Tasks\{720099D2-8E27-43AA-A613-FF7CE1752A08} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.59.105/en/abandoninstall?page=tsProgressBar
Task: {29676C23-C72C-4342-93D1-058E2203013F} - System32\Tasks\{C8DD0611-9439-45B8-AB81-0FEB76552765} => pcalua.exe -a C:\Users\Yassine\Downloads\AoE2demo(1).exe -d C:\Users\Yassine\Downloads
Task: {2C30D800-53C6-4AFB-8812-9C01DF954764} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {41A3CFB6-37EC-44A2-BC34-389BF5A3C4C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4C428A39-5AD0-4978-95AA-A44C27BABD7D} - System32\Tasks\{35ACCBC6-A1FC-4ABB-98B2-D076C5CF88CA} => pcalua.exe -a G:\start.exe -d G:\
Task: {544D9D58-3C37-4CB4-92E4-BC6B58FA1F9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {57EDCDF7-7C91-47FC-BCAE-D051CB03767B} - System32\Tasks\Driver Booster SkipUAC (Yassine) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {5A4393FA-C124-4306-9293-175CEC26F54A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-11] (AVAST Software)
Task: {5B3C6B1C-3A2D-4CF8-8373-75A5422A99D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {706FCDB3-0798-410A-9F6B-2C8EB46ECB42} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-16] (AVAST Software)
Task: {74CE589A-47A0-447D-B64E-F983B4BC1D41} - System32\Tasks\{05A938DE-9797-44FF-9A72-9FF87090C4BA} => pcalua.exe -a C:\Users\Yassine\Downloads\Programs\TagesSetup.exe -d C:\Users\Yassine\AppData\Roaming\IDM
Task: {844EB380-C8E6-4D7B-83DB-D5CD3CBF9B3E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9F9845F6-8ABD-44AF-B75A-24A0520C15D1} - System32\Tasks\{4D52191B-09F5-4DFB-962A-196A3D368606} => pcalua.exe -a "E:\Oil & Gaz\Drilling Engineers\Applications\Schlumbger.exe" -d "E:\Oil & Gaz\Drilling Engineers\Applications"
Task: {ACFE970A-01BC-4FE0-BA6B-0D9AB1331F45} - System32\Tasks\Connectify.Yassine => C:\Program Files\Connectify\ConnectifyService.exe [2010-03-26] (Nomadio, Inc.)
Task: {C6B3E08E-8A0C-4DA7-9868-F65945A54767} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000UA => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E3D7993A-0DFC-4C82-8B48-25D19B06F289} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E694B24B-CD21-4BE9-8F37-48410C758817} - System32\Tasks\{54CCAAD1-2721-4F45-B7E4-AF15A127924E} => pcalua.exe -a C:\Users\Yassine\Downloads\HijackThis.exe -d C:\Users\Yassine\Downloads
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000Core.job => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000UA.job => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-03-16 15:05 - 2016-03-16 15:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-16 15:05 - 2016-03-16 15:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-11 00:07 - 2016-04-11 00:07 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16041001\algo.dll
2016-03-16 15:05 - 2016-03-16 15:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-11 11:03 - 2016-04-11 11:03 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16041100\algo.dll
2010-03-26 18:11 - 2010-03-26 18:11 - 00006656 _____ () C:\Program Files\Connectify\BuildProps.dll
2013-03-14 17:28 - 2013-03-14 17:28 - 00407040 _____ () C:\Program Files\4shared Desktop\CMenu32.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-07 14:25 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2011-07-07 22:44 - 2011-07-07 22:44 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-03-16 15:05 - 2016-03-16 15:05 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-24 19:42 - 2014-11-05 18:04 - 01093520 _____ () C:\Program Files\Wondershare\MobileGo for Android\usExp.dll
2014-11-24 19:42 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-24 19:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-11-27 13:58 - 2014-11-27 13:58 - 01827840 _____ () C:\Program Files\Jabra\Jabra PC Suite\CommunicatorApiV2.dll
2016-04-11 00:51 - 2009-06-18 12:55 - 00135168 _____ () C:\Program Files\Sophos\Sophos Anti-Rootkit\sar1.dll
2016-04-11 00:51 - 2009-06-18 12:55 - 00135168 _____ () C:\Program Files\Sophos\Sophos Anti-Rootkit\sar3.dll
2016-04-11 00:51 - 2009-06-18 12:55 - 00135168 _____ () C:\Program Files\Sophos\Sophos Anti-Rootkit\sar4.dll
2016-04-11 00:08 - 2016-04-11 00:08 - 19403968 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll
2016-04-11 11:04 - 2009-06-18 12:55 - 00061440 _____ () C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:32385BD9 [212]
AlternateDataStreams: C:\ProgramData\TEMP:4AE6BD6E [109]
AlternateDataStreams: C:\ProgramData\TEMP:7E87E3D7 [146]
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [135]
AlternateDataStreams: C:\ProgramData\TEMP:A3CDA708 [139]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2016-04-09 12:51 - 00000836 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{CD64FF19-0C27-4F33-9605-00A65F6FA78D}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{061F5858-AFE4-4201-9271-00775DC61F92}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [TCP Query User{9E5BD6AA-2F42-460A-97F6-EC07305F4D89}C:\users\yassine\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\yassine\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{10EF6C34-D518-4ADF-B9FE-3B9644267743}C:\users\yassine\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\yassine\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{67A4CF56-767D-4A48-8413-C7444E7F1CCC}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{FB3A50C7-FE58-486D-A1F8-0E0404E323B8}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{648EEE25-2601-4E34-BDCD-A2DE0D21BCF4}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{DC172C9A-DD4E-4C0D-84DF-E2A2779A4893}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [{EC962D2B-E69B-496B-A681-E770A6DFBBA8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6655435A-68D8-45BB-A7A4-43B25B76094C}C:\users\yassine\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\yassine\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{A0E45497-501E-4018-AC6E-E664B2EF4DA6}C:\users\yassine\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\yassine\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [{50E7BAC9-A377-4531-8282-A4C71B555CA2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A42FCF2B-80EE-4063-9EFD-7BA971632D64}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D543ABC2-2DE4-4F08-9CFB-B22CDDC913B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFE3A083-ED3F-4CE9-948A-690659E719B9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8A0FB6A0-BC2C-4E9E-9FF6-5D7811D43057}] => (Allow) C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{E19C9324-C4B9-4940-858B-DF5CAEB1068A}] => (Allow) C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{8374484F-2E17-4173-82C8-EB2D237043EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8B7B0AB1-C457-41A7-8C89-F503F949897B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{100A44CD-883E-40BD-A897-B119A78DBA3E}D:\games\counter-strike global offensive\csgo.exe] => (Allow) D:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{886E4E89-0EF6-463B-AA86-4339EE3D5531}D:\games\counter-strike global offensive\csgo.exe] => (Allow) D:\games\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{0DB0F859-7633-40FE-8C44-C5A2E1F945EB}C:\program files\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{47B50704-7EAA-4165-8C99-9BCD1D01F447}C:\program files\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{3C81E0A8-207F-48B6-B06B-0E5FC201A408}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D1DEEFBF-1CFE-4611-A9AD-462B5290D9EC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{A59C7458-C5DA-4C19-A565-2FBD44427474}C:\users\yassine\appdata\roaming\utorrent\updates\3.4.3_40111.exe] => (Allow) C:\users\yassine\appdata\roaming\utorrent\updates\3.4.3_40111.exe
FirewallRules: [UDP Query User{6FD960AE-8958-460A-855F-F86B4961B454}C:\users\yassine\appdata\roaming\utorrent\updates\3.4.3_40111.exe] => (Allow) C:\users\yassine\appdata\roaming\utorrent\updates\3.4.3_40111.exe
FirewallRules: [TCP Query User{A96A557C-7EB6-41C2-BC32-C5D06D01E033}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{40AE24D5-9515-4C06-975E-1259119C1923}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{49380220-1AC1-4625-8FEE-A0A92C6D0B77}C:\program files\counter-strike 1.6\hl.exe] => (Block) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{CE0F52C7-9377-460B-A20F-0DA223FEF0C3}C:\program files\counter-strike 1.6\hl.exe] => (Block) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [{927442D5-5864-4152-AEB4-0C9F6C659AA3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6E0AD611-55D3-4E56-8B38-4937AECC422C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{097ED8F6-449E-43A3-B3FC-B05DC0E8DE70}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CD01D6D2-ACDF-4039-85DD-9FBA2329676C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B13EBB44-3726-4821-8ED7-86A65061A3D3}] => (Allow) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{6D552DD9-9826-46FE-AAFF-CDF9445BC9B3}] => (Allow) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [TCP Query User{6780081F-0ECF-49F6-AAA0-F82DD3D9C4B9}C:\program files\microsoft games\age of empires ii trial\empires2.exe] => (Block) C:\program files\microsoft games\age of empires ii trial\empires2.exe
FirewallRules: [UDP Query User{2D1EC333-DA2F-4062-ACD3-C5740D77015E}C:\program files\microsoft games\age of empires ii trial\empires2.exe] => (Block) C:\program files\microsoft games\age of empires ii trial\empires2.exe
FirewallRules: [{F40B3517-9BF4-41AD-80DF-B48595A26F6F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{82F1AD73-A3D2-40A2-8C2D-2C191B69E85E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B8C10CC4-59DE-4881-A39E-09C36DEE5FC0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{9948B846-21D4-46E4-A140-E2E58BFA11A7}] => (Allow) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{93816840-F64B-4B6D-9C0A-A131C8C58DD3}] => (Allow) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
==================== Restore Points =========================
16-03-2016 12:52:51 Windows Update
17-03-2016 03:00:53 Windows Update
18-03-2016 03:00:11 Windows Update
19-03-2016 03:00:11 Windows Update
20-03-2016 03:00:11 Windows Update
21-03-2016 03:00:19 Windows Update
22-03-2016 03:00:25 Windows Update
23-03-2016 03:00:13 Windows Update
24-03-2016 03:00:15 Windows Update
25-03-2016 03:00:21 Windows Update
26-03-2016 03:00:20 Windows Update
27-03-2016 03:00:23 Windows Update
28-03-2016 03:00:31 Windows Update
29-03-2016 03:00:42 Windows Update
30-03-2016 03:00:11 Windows Update
31-03-2016 03:00:27 Windows Update
01-04-2016 03:00:27 Windows Update
02-04-2016 12:59:16 Windows Update
03-04-2016 11:58:57 Windows Update
04-04-2016 03:00:23 Windows Update
05-04-2016 03:00:17 Windows Update
06-04-2016 03:00:26 Windows Update
07-04-2016 03:00:28 Windows Update
07-04-2016 15:13:54 Supprimé Rayman Origins
07-04-2016 15:16:10 Dragon NaturallySpeaking 11 supprimé.
07-04-2016 15:27:04 Supprimé Rise Of Legends
07-04-2016 23:54:26 Advanced System Optimizer - Registry Cleaner
08-04-2016 01:20:08 Configuré Renesas Electronics USB 3.0 Host Controller Driver
08-04-2016 03:01:05 Windows Update
09-04-2016 03:00:23 Windows Update
09-04-2016 03:26:54 Advanced System Optimizer
10-04-2016 03:00:52 Windows Update
11-04-2016 00:41:44 Removed Evernote v. 5.7.2
11-04-2016 03:00:39 Windows Update
11-04-2016 03:18:29 Removed Java 8 Update 31
11-04-2016 03:25:14 Removed HTC Sync.
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter #4
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/11/2016 11:00:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22361932
Error: (04/11/2016 11:00:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22361932
Error: (04/11/2016 11:00:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/11/2016 11:00:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22346332
Error: (04/11/2016 11:00:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22346332
Error: (04/11/2016 11:00:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/11/2016 04:48:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
Error: (04/11/2016 04:48:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
Error: (04/11/2016 04:48:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/11/2016 03:03:30 AM) (Source: MsiInstaller) (EventID: 11325) (User: NT AUTHORITY)
Description: Product: Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) -- Error 1325. 'Microsoft' is not a valid short file name.
System errors:
=============
Error: (04/11/2016 03:10:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).
Error: (04/10/2016 12:00:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).
Error: (04/09/2016 12:08:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (04/09/2016 12:08:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (04/09/2016 12:07:26 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (04/09/2016 12:07:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:02:48 on 09/04/2016 was unexpected.
Error: (04/09/2016 03:10:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).
Error: (04/08/2016 03:02:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).
Error: (04/07/2016 11:58:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASO3DiskOptimizer service terminated unexpectedly. It has done this 1 time(s).
Error: (04/07/2016 10:52:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
CodeIntegrity:
===================================
Date: 2014-07-15 11:09:15.859
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 11:09:15.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 11:09:15.824
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 11:09:15.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 11:09:15.795
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 11:09:15.793
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 11:09:15.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 11:09:15.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 11:09:15.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 11:09:15.744
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 88%
Total physical RAM: 3048.87 MB
Available physical RAM: 355.92 MB
Total Virtual: 6096.06 MB
Available Virtual: 1332.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:244.14 GB) (Free:78.06 GB) NTFS
Drive d: (MACINTOSH) (Fixed) (Total:292.9 GB) (Free:234.63 GB) FAT32
Drive e: () (Fixed) (Total:221.61 GB) (Free:38.72 GB) NTFS
Drive f: () (Fixed) (Total:292.97 GB) (Free:97.04 GB) NTFS
Drive h: (Starry Night Pro) (CDROM) (Total:3.95 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 190A190A)
Partition 1: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=OF Extended)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B0DCB0DC)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Please i need help !
Edited by Macpro86, 11 April 2016 - 05:26 AM.