Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC infected [Closed]


  • This topic is locked This topic is locked

#1
Macpro86

Macpro86

    New Member

  • Member
  • Pip
  • 3 posts

Hello everyone
It seems that my PC was infected by spyware or malware and i have a lot of unkown processes !!
I followed the this guide posted by adminitrator and here are the results :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-04-2016 01
Ran by Yassine (administrator) on YASSINE-PC (11-04-2016 11:47:39)
Running from C:\Users\Yassine\Downloads
Loaded Profiles: Yassine (Available Profiles: Yassine)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nomadio, Inc.) C:\Program Files\Connectify\ConnectifyService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star International) C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(MSI) C:\Program Files\MSI\Super Charger\ChargeService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nomadio, Inc.) C:\Program Files\Connectify\Connectifyd.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(MSI) C:\Program Files\MSI\Super Charger\Super Charger.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\FileTransfer.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(BitTorrent Inc.) C:\Users\Yassine\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Nomadio, Inc.) C:\Program Files\Connectify\Connectify.exe
(BitTorrent Inc.) C:\Users\Yassine\AppData\Roaming\uTorrent\updates\3.4.6_42042\utorrentie.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe
(BitTorrent Inc.) C:\Users\Yassine\AppData\Roaming\uTorrent\updates\3.4.6_42042\utorrentie.exe
(Micro-Star International) C:\Program Files\MSI\Live Update\Live Update.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraCiscoJabberDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraShoreTelDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraBriaDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraBroadSoftDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraNECDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraMicrosoftLyncPresence.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
(Unity Technologies ApS) C:\Users\Yassine\AppData\Local\Unity\WebPlayer\Uninstall.exe
(Unity Technologies ApS) C:\Users\Yassine\AppData\Local\Temp\~nsu.tmp\Au_.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
() C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-05-18] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2013-08-12] (Renesas Electronics Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-07] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM\...\Run: [Live Update] => C:\Program Files\MSI\Live Update\StartLiveUpdate.exe [579024 2014-07-01] (Micro-Star International)
HKLM\...\Run: [Super Charger] => C:\Program Files\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [FileTransferForMobileGo] => C:\Program Files\Wondershare\MobileGo for Android\FileTransfer.exe [336272 2014-11-05] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [ZALFree] => C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [uTorrent] => C:\Users\Yassine\AppData\Roaming\uTorrent\uTorrent.exe [1976320 2016-03-26] (BitTorrent Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [Google Update] => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [Connectify] => C:\Program Files\Connectify\Connectify.exe [1191936 2010-03-26] (Nomadio, Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\MountPoints2: {6298f255-281c-11e3-89b5-8c89a53000f5} - H:\
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\MountPoints2: {e223e9f2-7411-11e4-97ff-8c89a53000f5} - I:\LG_PC_Programs.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-29] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Jabra Device Service.lnk [2014-12-26]
ShortcutTarget: Jabra Device Service.lnk -> C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe (GN Netcom A/S)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2014-11-24]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{68F67741-BFDF-4EE5-9359-071DFEF7D797}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{70BCA8FA-6888-4F32-A704-2711CBC72097}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.myplaycity.com/
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13986&tm=543&src=hmp
URLSearchHook: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=543&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=543&src=ds&p={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2015-09-19] (Yahoo! Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-11] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-11] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2015-09-19] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-11] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\adslTV\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\adslTV\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @hola.org/vlc,version=1.6.732 -> C:\Users\Yassine\AppData\Local\Hola\firefox\app\vlc [2015-02-23] ()
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @squareclock.com/SQ3DPlayer_Production_HBMV1 -> C:\Users\Yassine\AppData\Local\SquareClock.Production_HBMV1\NPSQ3D.dll [2015-07-01] (SquareClock SAS)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Yassine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @talk.google.com/O1DPlugin -> C:\Users\Yassine\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Yassine\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-02] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Yassine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Yassine\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2014-11-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-05-29]
FF Extension: Alexa Sparky - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2015-12-27]
FF Extension: EPUBReader - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-02-17]
FF Extension: Xmarks - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2016-03-18]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2016-04-07]
FF Extension: Fast Dial - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2016-04-09]
FF Extension: Weather Forecast Plus - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\[email protected] [2016-03-16]
FF Extension: Flagfox - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-03-18]
FF Extension: NoScript - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: Video DownloadHelper - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-13] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-10-08]

Chrome:
=======
CHR Profile: C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-21]
CHR Extension: (Google Docs) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-21]
CHR Extension: (Google Drive) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-21]
CHR Extension: (YouTube) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-21]
CHR Extension: (Recherche Google) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-02-21]
CHR Extension: (Google Sheets) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-21]
CHR Extension: (Google Docs hors connexion) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-21]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-21]
CHR Extension: (Gmail) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-16] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4403136 2016-03-16] (Avast Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MSI_LiveUpdate_Service; C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe [84432 2014-07-01] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646056 2011-03-31] (Rosetta Stone Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-04-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-04-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-04-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-04-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-04-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-04-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-04-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-04-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-04-11] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-09-28] (DT Soft Ltd)
R3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [22040 2010-08-18] (Intel Corporation)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraBcDfuX86.sys [33144 2014-11-27] (GN Netcom A/S)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [127936 2015-11-05] (Zemana Ltd.)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [156416 2015-10-08] (Intel Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [136432 2016-04-11] (AVAST Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files\MSI\Super Charger\NTIOLib.sys [14392 2012-10-26] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files\MSI\Live Update\NTIOLib.sys [7680 2010-10-20] (MSI) [File not signed]
S3 NTIOLib_MSISMB_CC; C:\Program Files\MSI\ControlCenter\Sleep\NTIOLib.sys [7680 2012-11-09] (MSI) [File not signed]
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2013-08-12] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2013-08-12] (Renesas Electronics Corporation)
S3 SkyNetU2CBDA; C:\Windows\System32\DRIVERS\SkyNetU2CBDA.sys [293464 2011-05-10] (TechniSat Digital, S.A.)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [15112 2007-05-02] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [109704 2007-05-02] (MCCI Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [252152 2016-03-16] (Avast Software)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw.sys [52512 2014-07-08] (StdLib)
R3 MEMSWEEP2; \??\C:\Windows\system32\2CAB.tmp [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 11:47 - 2016-04-11 11:54 - 00028717 _____ C:\Users\Yassine\Downloads\FRST.txt
2016-04-11 11:44 - 2016-04-11 11:47 - 00000000 ____D C:\FRST
2016-04-11 11:42 - 2016-04-11 11:42 - 01725952 _____ (Farbar) C:\Users\Yassine\Downloads\FRST.exe
2016-04-11 04:15 - 2016-04-11 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-11 04:13 - 2016-03-16 15:12 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8A0F.tmp
2016-04-11 04:13 - 2016-03-16 15:12 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9C2B.tmp
2016-04-11 04:13 - 2016-03-16 15:08 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA7FF.tmp
2016-04-11 04:13 - 2016-03-16 15:07 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAF41.tmp
2016-04-11 04:13 - 2016-03-16 15:05 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswB605.tmp
2016-04-11 04:13 - 2016-03-16 15:05 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\asw92D6.tmp
2016-04-11 04:13 - 2016-03-16 15:05 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA1E6.tmp
2016-04-11 04:13 - 2016-03-16 15:05 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\asw972B.tmp
2016-04-11 04:13 - 2016-03-16 15:04 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8434.tmp
2016-04-11 04:12 - 2016-04-11 04:11 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-11 04:12 - 2016-03-16 15:04 - 00129144 _____ (AVAST Software) C:\Windows\system32\Drivers\ngv7D31.tmp
2016-04-11 04:11 - 2016-04-11 04:11 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-11 04:07 - 2016-04-11 04:16 - 22851472 _____ (Malwarebytes ) C:\Users\Yassine\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-11 03:45 - 2016-04-11 03:45 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Sun
2016-04-11 03:45 - 2016-04-11 03:45 - 00000000 ____D C:\Users\Yassine\.oracle_jre_usage
2016-04-11 03:45 - 2016-04-11 03:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-11 03:45 - 2016-04-11 03:44 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-04-11 03:43 - 2016-04-11 03:43 - 00000000 ____D C:\Users\Yassine\AppData\LocalLow\Oracle
2016-04-11 03:43 - 2016-04-11 03:43 - 00000000 ____D C:\Program Files\Java
2016-04-11 03:30 - 2016-04-11 03:30 - 00000005 _____ C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp
2016-04-11 03:17 - 2016-04-11 03:18 - 00000079 _____ C:\Windows\wininit.ini
2016-04-11 03:16 - 2016-04-11 03:37 - 50796608 _____ (Oracle Corporation) C:\Users\Yassine\Downloads\jre-8u77-windows-i586.exe
2016-04-11 03:12 - 2016-04-11 03:16 - 11614040 _____ (Microsoft Corporation) C:\Users\Yassine\Downloads\mseinstall.exe
2016-04-11 00:52 - 2016-04-11 00:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Yassine\Downloads\HijackThis.exe
2016-04-11 00:51 - 2016-04-11 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-11 00:51 - 2016-04-11 00:51 - 00000000 ____D C:\Program Files\Sophos
2016-04-11 00:50 - 2016-04-11 00:51 - 01339288 _____ C:\Users\Yassine\Downloads\sophos-anti-rootkit_sophos_anti-rootkit_1.5_anglais_24143.exe
2016-04-11 00:48 - 2016-04-11 00:48 - 00001102 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2016-04-11 00:48 - 2016-04-11 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2016-04-11 00:48 - 2016-04-11 00:48 - 00000000 ____D C:\Program Files\Zemana AntiLogger Free
2016-04-11 00:48 - 2016-04-11 00:48 - 00000000 ____D C:\Program Files\KeyCryptSDK
2016-04-11 00:48 - 2015-11-05 15:00 - 00127936 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt32.sys
2016-04-11 00:47 - 2016-04-11 00:47 - 00000000 ____D C:\Users\Yassine\AppData\Local\Zemana
2016-04-11 00:47 - 2016-04-11 00:47 - 00000000 ____D C:\Users\Yassine\AppData\Local\AntiLogger Free
2016-04-11 00:46 - 2016-04-11 00:46 - 00001132 _____ C:\Users\Yassine\Desktop\Live PC Help.lnk
2016-04-11 00:41 - 2016-04-11 00:42 - 03719928 _____ (Zemana Ltd. ) C:\Users\Yassine\Downloads\AntiLoggerFree_Setup_1.8.2.320.exe
2016-04-11 00:37 - 2016-04-11 00:37 - 00615478 _____ C:\Users\Yassine\Downloads\Autoruns.zip
2016-04-11 00:12 - 2016-04-11 00:13 - 01686759 _____ C:\Users\Yassine\Downloads\PSTools.zip
2016-04-11 00:08 - 2016-04-11 00:08 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-04-10 15:59 - 2016-04-10 15:59 - 00627521 _____ C:\Users\Yassine\Downloads\دراسة طرق مختلفة لخف ثمار النخيل صنف شهلة لتحسين مواصفاتها.pdf
2016-04-09 23:06 - 2016-04-09 23:07 - 00369176 _____ (Connectify) C:\Users\Yassine\Downloads\Connectify2016Installer.exe.part
2016-04-09 12:36 - 2016-04-09 12:36 - 00000000 ____D C:\Users\Yassine\AppData\Local\Systweak
2016-04-08 02:14 - 2016-04-08 02:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriver_01011.Wdf
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\2C0A
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0C0A
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0C04
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0816
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0804
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0424
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041F
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041E
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041D
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041B
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0419
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0416
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0415
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0414
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0413
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0412
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0411
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0410
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040E
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040D
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040C
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040B
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040A
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0408
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0407
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0406
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0405
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0404
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0401
2016-04-08 01:12 - 2016-04-08 01:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf
2016-04-07 23:55 - 2016-04-09 12:06 - 00001668 _____ C:\Windows\system32\ASOROSet.bin
2016-04-07 23:55 - 2016-04-07 23:55 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2016-04-07 23:44 - 2016-04-11 00:46 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Systweak
2016-04-07 23:34 - 2016-04-11 00:46 - 00000000 ____D C:\ProgramData\Systweak
2016-04-07 23:34 - 2016-04-11 00:45 - 00000000 ____D C:\Program Files\Advanced System Optimizer 3
2016-04-07 23:15 - 2016-04-07 23:16 - 00496545 _____ C:\Users\Yassine\Downloads\دودة البلح.pdf
2016-04-07 14:54 - 2016-04-07 14:55 - 00111146 _____ C:\Users\Yassine\Downloads\chaine hyper.rar
2016-04-04 23:14 - 2016-04-04 23:17 - 01075002 _____ C:\Users\Yassine\Downloads\Irrigation of Sandy Soils, Basics and Scheduling.pdf
2016-04-04 22:55 - 2016-04-04 22:56 - 00448581 _____ C:\Users\Yassine\Downloads\متطلبات مراقبة المياه الجوفية__لإدارة استجابة الخزان الجوفي وتهديدات النوعية.pdf
2016-04-04 18:20 - 2016-04-04 18:20 - 00047160 _____ C:\Users\Yassine\Downloads\Microcat Hyundai 2015.12.rar
2016-04-04 18:12 - 2016-04-04 18:12 - 00047086 _____ C:\Users\Yassine\Downloads\Microcat Hyundai 11-12.2015.zip
2016-04-03 21:55 - 2016-04-03 21:58 - 01172397 _____ C:\Users\Yassine\Downloads\دراسة الخصائص الفيزيائية والكيميائية لمياه ثلاث ابار في مدينة __كركوك وتحديد المحتوى الطحلبي لها.pdf
2016-04-03 21:52 - 2016-04-03 21:52 - 00286712 _____ C:\Users\Yassine\Downloads\تأثير اضافة نسب متوازنة من الاسمدة الكيميائية في نمو فسائل نخيل التمر .Phoenix dactylifera L__ صنف البرحي.pdf
2016-03-26 13:40 - 2016-04-11 01:11 - 00000000 ____D C:\Users\Yassine\AppData\LocalLow\uTorrent
2016-03-24 16:26 - 2016-03-24 16:37 - 11637039 _____ C:\Users\Yassine\Downloads\نخيل التمر في المملكة العربية السعودية.pdf
2016-03-22 01:10 - 2016-03-22 01:16 - 12076832 _____ C:\Users\Yassine\Downloads\رحلة الحمل والولادة خطوه بخطوه .pdf
2016-03-22 00:45 - 2016-03-22 00:45 - 01024741 _____ C:\Users\Yassine\Downloads\تحاليل مياة الري والتربة والنبات.pdf
2016-03-21 16:55 - 2016-03-21 16:55 - 00275035 _____ C:\Users\Yassine\Downloads\CV_DJALAL - B.pdf
2016-03-21 01:11 - 2016-03-21 01:15 - 05634785 _____ C:\Users\Yassine\Downloads\[F__W_Howard;_et_al]_Insects_on_palms(BookZZ.org).pdf
2016-03-21 01:09 - 2016-03-21 01:14 - 10572940 _____ C:\Users\Yassine\Downloads\كتاب تشخيص الأمراض الفطرية.pdf
2016-03-19 08:10 - 2016-03-21 13:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-17 03:53 - 2016-03-17 03:53 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-16 23:54 - 2016-02-09 07:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-16 23:54 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-16 23:54 - 2016-02-08 21:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-16 23:54 - 2016-02-08 21:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-16 23:54 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-16 23:54 - 2016-02-08 21:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-16 23:54 - 2016-02-08 21:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-16 23:54 - 2016-02-08 21:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-16 23:54 - 2016-02-08 21:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-16 23:54 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-16 23:54 - 2016-02-08 21:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-16 23:54 - 2016-02-08 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-16 23:54 - 2016-02-08 21:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-16 23:54 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-16 23:54 - 2016-02-08 21:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-16 23:54 - 2016-02-08 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-16 23:54 - 2016-02-08 21:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-16 23:54 - 2016-02-08 21:23 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-16 23:54 - 2016-02-08 21:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-16 23:54 - 2016-02-08 21:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-16 23:54 - 2016-02-08 21:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-16 23:54 - 2016-02-08 21:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-16 23:54 - 2016-02-08 21:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-16 23:54 - 2016-02-08 21:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-16 23:54 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-16 23:54 - 2016-02-08 21:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-16 23:54 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-16 23:54 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-16 23:54 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-16 23:54 - 2016-02-08 21:02 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-16 23:54 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-16 23:54 - 2016-02-08 21:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-16 23:54 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-16 23:54 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-16 23:54 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-16 20:25 - 2016-02-09 10:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-16 20:25 - 2016-02-03 18:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-16 20:24 - 2016-02-04 18:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-16 20:19 - 2016-02-04 19:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-16 20:14 - 2016-02-11 19:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-16 20:14 - 2016-02-11 19:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-16 20:14 - 2016-02-11 19:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-16 20:14 - 2016-02-11 19:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-16 20:14 - 2016-02-11 19:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-16 20:14 - 2016-02-11 19:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-16 20:14 - 2016-02-11 19:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-16 20:14 - 2016-02-11 19:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-16 20:14 - 2016-02-11 19:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-16 20:14 - 2016-02-11 19:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-16 20:14 - 2016-02-11 19:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-16 20:14 - 2016-02-11 19:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-16 20:14 - 2016-02-11 19:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-16 20:14 - 2016-02-11 19:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-16 20:14 - 2016-02-11 19:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-16 20:14 - 2016-02-11 19:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-16 20:14 - 2016-02-11 19:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-16 20:14 - 2016-02-11 19:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-16 20:14 - 2016-02-11 19:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-16 20:14 - 2016-02-11 18:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-16 20:14 - 2016-02-11 18:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-16 20:14 - 2016-02-11 18:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-16 20:14 - 2016-02-11 18:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-16 20:14 - 2016-02-11 18:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-16 20:14 - 2016-02-11 18:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-16 20:14 - 2016-02-11 18:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-16 20:14 - 2016-02-11 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-16 20:14 - 2016-02-11 18:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-16 20:08 - 2016-02-12 19:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-16 20:08 - 2016-02-12 19:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-16 20:08 - 2016-02-12 19:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-16 20:08 - 2016-02-12 19:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-16 20:08 - 2016-02-12 19:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-16 20:08 - 2016-02-12 19:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-16 20:08 - 2016-02-12 19:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-16 20:08 - 2016-02-12 19:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-16 20:08 - 2016-02-12 19:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-16 20:08 - 2016-02-12 19:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-16 20:08 - 2016-02-12 19:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-16 20:03 - 2016-02-03 19:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-16 20:03 - 2016-02-03 19:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-16 20:03 - 2016-02-03 19:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-16 19:46 - 2016-02-19 19:50 - 00034240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-16 19:46 - 2016-02-19 19:41 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-16 19:46 - 2016-02-19 15:07 - 01206784 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-16 19:46 - 2016-02-11 15:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-16 19:46 - 2016-02-05 15:07 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-16 19:46 - 2016-02-05 15:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-16 19:46 - 2016-02-05 15:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-16 19:45 - 2016-02-05 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-16 19:45 - 2016-02-05 19:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-16 19:45 - 2016-02-05 19:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-16 19:45 - 2016-02-05 18:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-16 19:45 - 2016-02-05 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-16 19:45 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-16 19:40 - 2016-02-09 10:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-16 19:40 - 2016-02-09 10:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-16 19:40 - 2016-02-09 10:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-16 19:40 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-16 19:40 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-16 19:25 - 2016-01-11 19:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-16 15:05 - 2016-04-11 04:09 - 00136432 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 11:55 - 2013-09-28 14:24 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\uTorrent
2016-04-11 11:44 - 2013-09-28 14:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-11 11:38 - 2009-07-14 05:34 - 00038416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-11 11:38 - 2009-07-14 05:34 - 00038416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-11 11:30 - 2016-02-21 14:24 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 04:11 - 2014-07-19 06:01 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00124808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-11 04:10 - 2014-07-19 06:01 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-11 04:10 - 2014-07-19 06:01 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-11 03:46 - 2013-10-25 19:12 - 00000000 ____D C:\ProgramData\Oracle
2016-04-11 03:45 - 2013-09-28 09:44 - 00000000 ____D C:\Users\Yassine
2016-04-11 03:31 - 2014-04-07 17:42 - 00000000 ____D C:\ProgramData\HTC
2016-04-11 03:31 - 2014-04-07 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2016-04-11 03:31 - 2014-04-07 14:25 - 00000000 ____D C:\Program Files\HTC
2016-04-11 03:27 - 2014-04-07 14:25 - 00000000 ____D C:\Users\Yassine\AppData\Local\Downloaded Installations
2016-04-11 03:18 - 2014-07-20 05:44 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-04-11 03:17 - 2014-07-20 05:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-11 02:39 - 2013-09-28 18:48 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\vlc
2016-04-11 01:09 - 2016-02-21 14:24 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 01:09 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-11 00:31 - 2015-10-23 11:21 - 00000000 ____D C:\Users\Yassine\AppData\Local\FluxSoftware
2016-04-11 00:08 - 2013-09-28 14:17 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-11 00:08 - 2013-09-28 14:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-11 00:05 - 2014-01-14 12:27 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000Core.job
2016-04-09 12:33 - 2015-07-03 22:51 - 00000000 ____D C:\Windows\system32\vbox
2016-04-09 12:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-04-08 02:17 - 2013-09-28 09:50 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-08 02:14 - 2013-07-08 08:33 - 00000000 ____D C:\TEMP
2016-04-08 01:21 - 2009-07-14 05:56 - 00000000 ____D C:\Windows\system32\0409
2016-04-08 01:12 - 2013-09-28 09:49 - 00000000 ____D C:\Program Files\Intel
2016-04-07 23:57 - 2014-03-18 00:49 - 00000000 ____D C:\Windows\Minidump
2016-04-07 23:57 - 2013-09-28 19:30 - 00000000 ____D C:\Windows\Panther
2016-04-07 23:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2016-04-07 23:54 - 2014-06-07 23:09 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2016-04-07 23:54 - 2013-09-28 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-07 23:33 - 2015-04-04 01:59 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\JOSM
2016-04-07 22:43 - 2009-07-14 05:33 - 00478128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-07 15:38 - 2013-09-28 10:01 - 00122584 _____ C:\Users\Yassine\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-07 15:31 - 2014-08-07 15:56 - 00014848 ___SH C:\Users\Yassine\Documents\Thumbs.db
2016-04-07 15:31 - 2013-09-28 09:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-04-07 15:30 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Microsoft Games
2016-04-07 15:29 - 2015-03-10 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-04-07 15:29 - 2014-10-05 01:19 - 00000000 ____D C:\Users\Yassine\Documents\My Games
2016-04-07 15:18 - 2013-10-24 23:33 - 00000000 ____D C:\ProgramData\TEMP
2016-04-07 15:14 - 2014-07-23 05:46 - 00000000 ____D C:\Program Files\Ubisoft
2016-04-02 13:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-03-30 20:41 - 2016-02-21 14:37 - 00002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-24 03:03 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-21 13:32 - 2013-09-28 13:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-17 03:49 - 2014-12-11 17:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-17 03:30 - 2014-01-05 11:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-17 03:23 - 2009-07-14 03:04 - 00000580 _____ C:\Windows\win.ini
2016-03-17 03:18 - 2013-09-28 21:58 - 00000000 ____D C:\Windows\system32\MRT
2016-03-17 03:10 - 2013-09-28 21:58 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-16 15:05 - 2014-07-19 05:59 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-16 15:04 - 2014-07-19 06:00 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-16 13:21 - 2015-12-26 02:53 - 00000000 ____D C:\Program Files\Common Files\AV

==================== Files in the root of some directories =======

2014-07-18 01:59 - 2010-03-18 17:15 - 0421200 _____ (Microsoft Corporation) C:\Users\Yassine\AppData\Roaming\msvcp100.dll
2014-07-18 01:59 - 2010-03-18 17:15 - 0770384 _____ (Microsoft Corporation) C:\Users\Yassine\AppData\Roaming\msvcr100.dll
2014-07-18 01:59 - 2014-06-18 09:58 - 1800304 _____ (Mozilla Foundation) C:\Users\Yassine\AppData\Roaming\nss3.dll
2014-07-18 01:26 - 2014-07-19 06:13 - 0013533 _____ () C:\Users\Yassine\AppData\Roaming\SHELLS.exe.tmp
2014-08-23 16:22 - 2015-02-01 22:28 - 0003584 _____ () C:\Users\Yassine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-29 11:57 - 2013-09-29 11:57 - 0001012 _____ () C:\Users\Yassine\AppData\Local\recently-used.xbel
2015-07-01 04:37 - 2015-07-01 04:37 - 0353118 _____ () C:\Users\Yassine\AppData\Local\SquareClock.Production_HBMV1Icon.ico
2014-04-01 17:11 - 2014-09-27 19:44 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2013-10-15 15:35 - 2013-10-15 15:35 - 0005037 _____ () C:\ProgramData\mxnhytee.feu

Some files in TEMP:
====================
C:\Users\Yassine\AppData\Local\Temp\fbfwxr.exe
C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe
C:\Users\Yassine\AppData\Local\Temp\gbtblb.exe
C:\Users\Yassine\AppData\Local\Temp\wlgfvs.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-02 13:27

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-04-2016 01
Ran by Yassine (2016-04-11 11:56:20)
Running from C:\Users\Yassine\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2013-09-28 08:44:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3657657661-1632738645-1670484084-500 - Administrator - Disabled)
Guest (S-1-5-21-3657657661-1632738645-1670484084-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3657657661-1632738645-1670484084-1002 - Limited - Enabled)
Yassine (S-1-5-21-3657657661-1632738645-1670484084-1000 - Administrator - Enabled) => C:\Users\Yassine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\uTorrent) (Version: 3.4.6.42042 - BitTorrent Inc.)
4shared Desktop (HKLM\...\4shared Desktop) (Version:  - )
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.320 (HKLM\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{77CC2F8A-95FC-D8DC-51C4-C5CE1C3247F5}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avast Premium (HKLM\...\Avast) (Version: 11.2.2261 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Connectify (HKLM\...\Connectify) (Version: 1.2.0.14599 - Nomadio, Inc.)
ControlCenter (HKLM\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
D-Link Powerline AV Utility (HKLM\...\D-Link Powerline AV Utility) (Version: 2.12.0.0 - D-Link Corporation.)
EOBD II Fault Codes (HKLM\...\ST6UNST #1) (Version:  - )
FertiManager4 (HKLM\...\{B41C85DC-6DE5-4E5C-8C3E-9176E95A87B2}) (Version: 4.00.0000 - HortiSoft Maroc)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Earth Pro 7.1.1.1888 Final (HKLM\...\Google Earth Pro 7.1.1.1888 Final7.1.1.1888) (Version: 7.1.1.1888 - Friends in War)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HomeByMe (HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\SquareClock_Production_HBMV1) (Version:  - 3DVIA Dassault Systemes)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - اسم شركتك)
HydraVision (Version: 4.2.208.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Jabra PC Suite 2.16.9388 (HKLM\...\{64A71A4A-2C43-4B5A-896E-42906D88E00D}) (Version: 2.16.9388.0 - GN Netcom A/S)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JOSM 8159 (HKLM\...\JOSM) (Version: 8159 - OpenStreetMap JOSM team)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LibreOffice 4.0.4.2 (HKLM\...\{FE88323B-9F0E-4596-8F56-37757C6918E9}) (Version: 4.0.4.2 - The Document Foundation)
Magic Data Recovery Pack (HKLM\...\Magic Data Recovery Pack) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Age of Empires II Trial Version (HKLM\...\Age of Empires II Trial) (Version:  - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 fr) (HKLM\...\Mozilla Firefox 45.0.1 (x86 fr)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSI Live Update (HKLM\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.006 - MSI)
MSI Super Charger (HKLM\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Rosetta Stone Ltd Services (HKLM\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80403 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.80403 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Anti-Rootkit 1.5.0 (HKLM\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Starry Night Pro Plus 6 (HKLM\...\Starry Night Pro Plus 6) (Version: 6.0.0.0 - Imaginova Canada Ltd.)
TechniSat DVB-PC TV Star (HKLM\...\{CE9F9FBC-5253-46D2-9883-09E55003D794}) (Version: 1.0.0 - TechniSat)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.7.0.113 - KMP Media co., Ltd)
Theme Hospital (HKLM\...\Hospital) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{8D97B9A2-D73D-4CB6-9D1F-D25178AC4EDE}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM\...\{90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version:  - Microsoft)
Utilitaires Sierra (HKLM\...\Utilitaires Sierra) (Version:  - )
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WiFi Coverage 2.0 (HKLM\...\WiFi Coverage_is1) (Version:  - Couitchy Corp.)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare MobileGo for Android ( Version 5.3.2 ) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 5.3.2 - Wondershare)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Yassine\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{f8f45982-eafc-4d16-96b3-b528699dd0d5}\InprocServer32 -> C:\Users\Yassine\AppData\Local\SquareClock.Production_HBMV1\SQ.Plugin.IE.dll (SquareClock SAS)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F0800F-2B78-44AB-B330-0B2FEF1CA939} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-11] (Adobe Systems Incorporated)
Task: {0B69458D-08BF-431E-B405-E26F01C53894} - System32\Tasks\SafeZone scheduled Autoupdate 1458183214 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {0DC58763-D502-4DAA-9D4C-96F9DE2E398A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {184A4A73-C264-4745-A7E4-4E4114B475E6} - System32\Tasks\{302B35BD-F0A2-4B21-B284-E9D0E5B17774} => pcalua.exe -a C:\Users\Yassine\Downloads\USBDRVEN.EXE -d C:\Users\Yassine\Downloads
Task: {1CB03C34-EF0C-497B-8FB7-A11C2816EEA8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000Core => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {24315CF4-FE0E-4E08-979D-38A688923B97} - System32\Tasks\{720099D2-8E27-43AA-A613-FF7CE1752A08} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.59.105/en/abandoninstall?page=tsProgressBar
Task: {29676C23-C72C-4342-93D1-058E2203013F} - System32\Tasks\{C8DD0611-9439-45B8-AB81-0FEB76552765} => pcalua.exe -a C:\Users\Yassine\Downloads\AoE2demo(1).exe -d C:\Users\Yassine\Downloads
Task: {2C30D800-53C6-4AFB-8812-9C01DF954764} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {41A3CFB6-37EC-44A2-BC34-389BF5A3C4C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4C428A39-5AD0-4978-95AA-A44C27BABD7D} - System32\Tasks\{35ACCBC6-A1FC-4ABB-98B2-D076C5CF88CA} => pcalua.exe -a G:\start.exe -d G:\
Task: {544D9D58-3C37-4CB4-92E4-BC6B58FA1F9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {57EDCDF7-7C91-47FC-BCAE-D051CB03767B} - System32\Tasks\Driver Booster SkipUAC (Yassine) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {5A4393FA-C124-4306-9293-175CEC26F54A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-11] (AVAST Software)
Task: {5B3C6B1C-3A2D-4CF8-8373-75A5422A99D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {706FCDB3-0798-410A-9F6B-2C8EB46ECB42} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-16] (AVAST Software)
Task: {74CE589A-47A0-447D-B64E-F983B4BC1D41} - System32\Tasks\{05A938DE-9797-44FF-9A72-9FF87090C4BA} => pcalua.exe -a C:\Users\Yassine\Downloads\Programs\TagesSetup.exe -d C:\Users\Yassine\AppData\Roaming\IDM
Task: {844EB380-C8E6-4D7B-83DB-D5CD3CBF9B3E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9F9845F6-8ABD-44AF-B75A-24A0520C15D1} - System32\Tasks\{4D52191B-09F5-4DFB-962A-196A3D368606} => pcalua.exe -a "E:\Oil & Gaz\Drilling Engineers\Applications\Schlumbger.exe" -d "E:\Oil & Gaz\Drilling Engineers\Applications"
Task: {ACFE970A-01BC-4FE0-BA6B-0D9AB1331F45} - System32\Tasks\Connectify.Yassine => C:\Program Files\Connectify\ConnectifyService.exe [2010-03-26] (Nomadio, Inc.)
Task: {C6B3E08E-8A0C-4DA7-9868-F65945A54767} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000UA => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E3D7993A-0DFC-4C82-8B48-25D19B06F289} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E694B24B-CD21-4BE9-8F37-48410C758817} - System32\Tasks\{54CCAAD1-2721-4F45-B7E4-AF15A127924E} => pcalua.exe -a C:\Users\Yassine\Downloads\HijackThis.exe -d C:\Users\Yassine\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000Core.job => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000UA.job => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-16 15:05 - 2016-03-16 15:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-16 15:05 - 2016-03-16 15:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-11 00:07 - 2016-04-11 00:07 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16041001\algo.dll
2016-03-16 15:05 - 2016-03-16 15:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-11 11:03 - 2016-04-11 11:03 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16041100\algo.dll
2010-03-26 18:11 - 2010-03-26 18:11 - 00006656 _____ () C:\Program Files\Connectify\BuildProps.dll
2013-03-14 17:28 - 2013-03-14 17:28 - 00407040 _____ () C:\Program Files\4shared Desktop\CMenu32.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-07 14:25 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2011-07-07 22:44 - 2011-07-07 22:44 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-03-16 15:05 - 2016-03-16 15:05 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-24 19:42 - 2014-11-05 18:04 - 01093520 _____ () C:\Program Files\Wondershare\MobileGo for Android\usExp.dll
2014-11-24 19:42 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-24 19:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-11-27 13:58 - 2014-11-27 13:58 - 01827840 _____ () C:\Program Files\Jabra\Jabra PC Suite\CommunicatorApiV2.dll
2016-04-11 00:51 - 2009-06-18 12:55 - 00135168 _____ () C:\Program Files\Sophos\Sophos Anti-Rootkit\sar1.dll
2016-04-11 00:51 - 2009-06-18 12:55 - 00135168 _____ () C:\Program Files\Sophos\Sophos Anti-Rootkit\sar3.dll
2016-04-11 00:51 - 2009-06-18 12:55 - 00135168 _____ () C:\Program Files\Sophos\Sophos Anti-Rootkit\sar4.dll
2016-04-11 00:08 - 2016-04-11 00:08 - 19403968 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll
2016-04-11 11:04 - 2009-06-18 12:55 - 00061440 _____ () C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:32385BD9 [212]
AlternateDataStreams: C:\ProgramData\TEMP:4AE6BD6E [109]
AlternateDataStreams: C:\ProgramData\TEMP:7E87E3D7 [146]
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [135]
AlternateDataStreams: C:\ProgramData\TEMP:A3CDA708 [139]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-04-09 12:51 - 00000836 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{CD64FF19-0C27-4F33-9605-00A65F6FA78D}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{061F5858-AFE4-4201-9271-00775DC61F92}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [TCP Query User{9E5BD6AA-2F42-460A-97F6-EC07305F4D89}C:\users\yassine\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\yassine\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{10EF6C34-D518-4ADF-B9FE-3B9644267743}C:\users\yassine\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\yassine\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{67A4CF56-767D-4A48-8413-C7444E7F1CCC}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{FB3A50C7-FE58-486D-A1F8-0E0404E323B8}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{648EEE25-2601-4E34-BDCD-A2DE0D21BCF4}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{DC172C9A-DD4E-4C0D-84DF-E2A2779A4893}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [{EC962D2B-E69B-496B-A681-E770A6DFBBA8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6655435A-68D8-45BB-A7A4-43B25B76094C}C:\users\yassine\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\yassine\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{A0E45497-501E-4018-AC6E-E664B2EF4DA6}C:\users\yassine\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\yassine\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [{50E7BAC9-A377-4531-8282-A4C71B555CA2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A42FCF2B-80EE-4063-9EFD-7BA971632D64}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D543ABC2-2DE4-4F08-9CFB-B22CDDC913B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFE3A083-ED3F-4CE9-948A-690659E719B9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8A0FB6A0-BC2C-4E9E-9FF6-5D7811D43057}] => (Allow) C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{E19C9324-C4B9-4940-858B-DF5CAEB1068A}] => (Allow) C:\Program Files\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{8374484F-2E17-4173-82C8-EB2D237043EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8B7B0AB1-C457-41A7-8C89-F503F949897B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{100A44CD-883E-40BD-A897-B119A78DBA3E}D:\games\counter-strike global offensive\csgo.exe] => (Allow) D:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{886E4E89-0EF6-463B-AA86-4339EE3D5531}D:\games\counter-strike global offensive\csgo.exe] => (Allow) D:\games\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{0DB0F859-7633-40FE-8C44-C5A2E1F945EB}C:\program files\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{47B50704-7EAA-4165-8C99-9BCD1D01F447}C:\program files\counter-strike 1.6\hl.exe] => (Allow) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{3C81E0A8-207F-48B6-B06B-0E5FC201A408}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D1DEEFBF-1CFE-4611-A9AD-462B5290D9EC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{A59C7458-C5DA-4C19-A565-2FBD44427474}C:\users\yassine\appdata\roaming\utorrent\updates\3.4.3_40111.exe] => (Allow) C:\users\yassine\appdata\roaming\utorrent\updates\3.4.3_40111.exe
FirewallRules: [UDP Query User{6FD960AE-8958-460A-855F-F86B4961B454}C:\users\yassine\appdata\roaming\utorrent\updates\3.4.3_40111.exe] => (Allow) C:\users\yassine\appdata\roaming\utorrent\updates\3.4.3_40111.exe
FirewallRules: [TCP Query User{A96A557C-7EB6-41C2-BC32-C5D06D01E033}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{40AE24D5-9515-4C06-975E-1259119C1923}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{49380220-1AC1-4625-8FEE-A0A92C6D0B77}C:\program files\counter-strike 1.6\hl.exe] => (Block) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{CE0F52C7-9377-460B-A20F-0DA223FEF0C3}C:\program files\counter-strike 1.6\hl.exe] => (Block) C:\program files\counter-strike 1.6\hl.exe
FirewallRules: [{927442D5-5864-4152-AEB4-0C9F6C659AA3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6E0AD611-55D3-4E56-8B38-4937AECC422C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{097ED8F6-449E-43A3-B3FC-B05DC0E8DE70}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CD01D6D2-ACDF-4039-85DD-9FBA2329676C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B13EBB44-3726-4821-8ED7-86A65061A3D3}] => (Allow) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{6D552DD9-9826-46FE-AAFF-CDF9445BC9B3}] => (Allow) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [TCP Query User{6780081F-0ECF-49F6-AAA0-F82DD3D9C4B9}C:\program files\microsoft games\age of empires ii trial\empires2.exe] => (Block) C:\program files\microsoft games\age of empires ii trial\empires2.exe
FirewallRules: [UDP Query User{2D1EC333-DA2F-4062-ACD3-C5740D77015E}C:\program files\microsoft games\age of empires ii trial\empires2.exe] => (Block) C:\program files\microsoft games\age of empires ii trial\empires2.exe
FirewallRules: [{F40B3517-9BF4-41AD-80DF-B48595A26F6F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{82F1AD73-A3D2-40A2-8C2D-2C191B69E85E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B8C10CC4-59DE-4881-A39E-09C36DEE5FC0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{9948B846-21D4-46E4-A140-E2E58BFA11A7}] => (Allow) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{93816840-F64B-4B6D-9C0A-A131C8C58DD3}] => (Allow) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe

==================== Restore Points =========================

16-03-2016 12:52:51 Windows Update
17-03-2016 03:00:53 Windows Update
18-03-2016 03:00:11 Windows Update
19-03-2016 03:00:11 Windows Update
20-03-2016 03:00:11 Windows Update
21-03-2016 03:00:19 Windows Update
22-03-2016 03:00:25 Windows Update
23-03-2016 03:00:13 Windows Update
24-03-2016 03:00:15 Windows Update
25-03-2016 03:00:21 Windows Update
26-03-2016 03:00:20 Windows Update
27-03-2016 03:00:23 Windows Update
28-03-2016 03:00:31 Windows Update
29-03-2016 03:00:42 Windows Update
30-03-2016 03:00:11 Windows Update
31-03-2016 03:00:27 Windows Update
01-04-2016 03:00:27 Windows Update
02-04-2016 12:59:16 Windows Update
03-04-2016 11:58:57 Windows Update
04-04-2016 03:00:23 Windows Update
05-04-2016 03:00:17 Windows Update
06-04-2016 03:00:26 Windows Update
07-04-2016 03:00:28 Windows Update
07-04-2016 15:13:54 Supprimé Rayman Origins
07-04-2016 15:16:10 Dragon NaturallySpeaking 11 supprimé.
07-04-2016 15:27:04 Supprimé Rise Of Legends
07-04-2016 23:54:26 Advanced System Optimizer - Registry Cleaner
08-04-2016 01:20:08 Configuré Renesas Electronics USB 3.0 Host Controller Driver
08-04-2016 03:01:05 Windows Update
09-04-2016 03:00:23 Windows Update
09-04-2016 03:26:54 Advanced System Optimizer
10-04-2016 03:00:52 Windows Update
11-04-2016 00:41:44 Removed Evernote v. 5.7.2
11-04-2016 03:00:39 Windows Update
11-04-2016 03:18:29 Removed Java 8 Update 31
11-04-2016 03:25:14 Removed HTC Sync.

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter #4
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2016 11:00:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22361932

Error: (04/11/2016 11:00:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22361932

Error: (04/11/2016 11:00:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2016 11:00:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22346332

Error: (04/11/2016 11:00:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22346332

Error: (04/11/2016 11:00:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2016 04:48:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (04/11/2016 04:48:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (04/11/2016 04:48:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/11/2016 03:03:30 AM) (Source: MsiInstaller) (EventID: 11325) (User: NT AUTHORITY)
Description: Product: Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) -- Error 1325. 'Microsoft' is not a valid short file name.


System errors:
=============
Error: (04/11/2016 03:10:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).

Error: (04/10/2016 12:00:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).

Error: (04/09/2016 12:08:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/09/2016 12:08:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/09/2016 12:07:26 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/09/2016 12:07:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:02:48 on ‎09/‎04/‎2016 was unexpected.

Error: (04/09/2016 03:10:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).

Error: (04/08/2016 03:02:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).

Error: (04/07/2016 11:58:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASO3DiskOptimizer service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/07/2016 10:52:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.


CodeIntegrity:
===================================
  Date: 2014-07-15 11:09:15.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 88%
Total physical RAM: 3048.87 MB
Available physical RAM: 355.92 MB
Total Virtual: 6096.06 MB
Available Virtual: 1332.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.14 GB) (Free:78.06 GB) NTFS
Drive d: (MACINTOSH) (Fixed) (Total:292.9 GB) (Free:234.63 GB) FAT32
Drive e: () (Fixed) (Total:221.61 GB) (Free:38.72 GB) NTFS
Drive f: () (Fixed) (Total:292.97 GB) (Free:97.04 GB) NTFS
Drive h: (Starry Night Pro) (CDROM) (Total:3.95 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 190A190A)
Partition 1: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=OF Extended)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B0DCB0DC)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Please i need help !


Edited by Macpro86, 11 April 2016 - 05:26 AM.

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello :)

Sorry for the delay in getting to your topic, we get quite busy around here some times. :)

I see a few items in the logs that need to go, and we'll run some further scans to make sure nothing more nefarious is hiding on the machine. :thumbsup: Please let me know how the machine is running after these steps.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: P2P File Program Warning

The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

There are also new infections out there such as CryptoWall 3.0 and CryptoLocker. When infected with these, all of your personal files on any drive connected to your computer will be affected. These infections copy all your files, encrypt them, and then delete the originals, leaving you with the encrypted copies. You are then presented with a screen telling you you have a certain amount of time to pay the ransom for the decryption code to decrypt your files. Even if you pay the ransom, there decryption process usually results in corrupt and unusable files.

There is nothing we can do to decrypt the files, as they use very sophisticated encryption techniques. Please consider this when using P2P programs. Malware and ransomware writers use P2P to spread their infections.


Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 2: Fix with FRST

Note: Before performing this step, please move FRST.exe from C:\Users\Yassine\Downloads to your Desktop otherwise the fix will not work. All tools must be downloaded to and run from the Desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
() C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\MountPoints2: {6298f255-281c-11e3-89b5-8c89a53000f5} - H:\
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\MountPoints2: {e223e9f2-7411-11e4-97ff-8c89a53000f5} - I:\LG_PC_Programs.exe
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13986&tm=543&src=hmp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=543&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=543&src=ds&p={searchTerms}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\adslTV\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\adslTV\VLC\npvlc.dll [No File]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw.sys [52512 2014-07-08] (StdLib)
R3 MEMSWEEP2; \??\C:\Windows\system32\2CAB.tmp [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw.sys
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:32385BD9 [212]
AlternateDataStreams: C:\ProgramData\TEMP:4AE6BD6E [109]
AlternateDataStreams: C:\ProgramData\TEMP:7E87E3D7 [146]
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [135]
AlternateDataStreams: C:\ProgramData\TEMP:A3CDA708 [139]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

#3
Macpro86

Macpro86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hello Pystryker,

Thank you SO much for your reply

First, please excuse my bad english language i will try to develop correctly!

I already uninstalled the P2P program

Step 2
 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:10-04-2016 01
Ran by Yassine (2016-04-18 11:14:14) Run:1
Running from C:\Users\Yassine\Desktop
Loaded Profiles: Yassine (Available Profiles: Yassine)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\MountPoints2: {6298f255-281c-11e3-89b5-8c89a53000f5} - H:\
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\MountPoints2: {e223e9f2-7411-11e4-97ff-8c89a53000f5} - I:\LG_PC_Programs.exe
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13986&tm=543&src=hmp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=543&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13986&tm=543&src=ds&p={searchTerms}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\adslTV\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\adslTV\VLC\npvlc.dll [No File]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw.sys [52512 2014-07-08] (StdLib)
R3 MEMSWEEP2; \??\C:\Windows\system32\2CAB.tmp [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw.sys
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:32385BD9 [212]
AlternateDataStreams: C:\ProgramData\TEMP:4AE6BD6E [109]
AlternateDataStreams: C:\ProgramData\TEMP:7E87E3D7 [146]
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [135]
AlternateDataStreams: C:\ProgramData\TEMP:A3CDA708 [139]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe
C:\Users\Yassine\AppData\Local\Temp\fnkxch.exe => No running process found
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6298f255-281c-11e3-89b5-8c89a53000f5}" => key removed successfully.
HKCR\CLSID\{6298f255-281c-11e3-89b5-8c89a53000f5} => key not found.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e223e9f2-7411-11e4-97ff-8c89a53000f5}" => key removed successfully.
HKCR\CLSID\{e223e9f2-7411-11e4-97ff-8c89a53000f5} => key not found.
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => key removed successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1" => key removed successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => key removed successfully.
rpcapd => service removed successfully.
{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw => service not found.
MEMSWEEP2 => service removed successfully.
MSI_MSIBIOS_010507 => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
"C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw.sys" => not found.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => key removed successfully.
"HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully.
C:\ProgramData\TEMP => ":32385BD9" ADS removed successfully..
C:\ProgramData\TEMP => ":4AE6BD6E" ADS removed successfully..
C:\ProgramData\TEMP => ":7E87E3D7" ADS removed successfully..
C:\ProgramData\TEMP => ":7FFED16F" ADS removed successfully..
C:\ProgramData\TEMP => ":A3CDA708" ADS removed successfully..

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{977A3CFA-C5C3-4565-B616-9B01EDAA7D32} canceled.
{BC9E0C32-C940-4E5E-BAFD-7295CB96D274} canceled.
{27033B72-9D9E-4932-948E-E5DE299F0DC6} canceled.
{1815CC89-E191-4287-B64F-D792BD43FA45} canceled.
Unable to cancel {4B949C4C-0448-4138-B10A-7CE51BA9F6C4}.
4 out of 5 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 772.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:18:43 ====


Step 3: JRT

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Ultimate x86
Ran by Yassine (Administrator) on 18/04/2016 at 11:38:51,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 15

Failed to delete: C:\Users\Yassine\AppData\Local\mobogenie (Folder)
Successfully deleted: C:\Program Files\Advanced System Optimizer 3 (Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\systweak (Folder)
Successfully deleted: C:\Users\Yassine\AppData\Local\systweak (Folder)
Successfully deleted: C:\Users\Yassine\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Yassine\AppData\Roaming\mobogenie (Folder)
Successfully deleted: C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\06lcqy65.default\user.js (File)
Successfully deleted: C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected]\chrome\content\newuser.js (File)
Successfully deleted: C:\Users\Yassine\AppData\Roaming\systweak (Folder)
Successfully deleted: C:\Users\Yassine\Start Menu\Programs\mobogenie (Folder)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster SkipUAC (Yassine) (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files\mobogenie (Folder)



Registry: 4

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/04/2016 at 11:44:15,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Step 4 : ADWcleaner

 

 

# AdwCleaner v5.112 - Logfile created 18/04/2016 at 11:58:28
# Updated 17/04/2016 by Xplode
# Database : 2016-04-17.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Yassine - YASSINE-PC
# Running from : C:\Users\Yassine\Desktop\adwcleaner_5.112.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Mobogenie3
[-] Folder Deleted : C:\Program Files\PANDORA.TV
[-] Folder Deleted : C:\Program Files\Smart Driver Updater
[-] Folder Deleted : C:\Program Files\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[#] Folder Deleted : C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder Deleted : C:\Users\Yassine\AppData\Local\Hola
[-] Folder Deleted : C:\Users\Yassine\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Yassine\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Yassine\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Yassine\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Yassine\Documents\Mobogenie
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\Documents\Mobogenie

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Yahoo!\Common\unyt.exe
[-] File Deleted : C:\Users\Yassine\daemonprocess.txt
[-] File Deleted : C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected]

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key Deleted : HKCU\Software\4c9521d4ff52b92bc9538d5d8c01ffed
[#] Key Deleted : HKCU\Software\5cd8f17f4086744065eb0992a09e05a2
[-] Key Deleted : HKCU\Software\8b17ff9ab5c47a14f264d143109ffbee
[-] Key Deleted : HKCU\Software\c5486f08dd7559ab894cca7898955009
[-] Key Deleted : HKCU\Software\fea66489059d89cd8b4934d1050772a8
[-] Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKCU\Software\Linkey
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\madFlac
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SiteSee
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\Mobogenie
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3657657661-1632738645-1670484084-1000\Software\Mega Browse
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\default-search.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.default-search.net

***** [ Web browsers ] *****


*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [10416 bytes] - [18/04/2016 11:58:28]
C:\AdwCleaner\AdwCleaner[R0].txt - [2897 bytes] - [18/05/2014 00:06:31]
C:\AdwCleaner\AdwCleaner[R1].txt - [1269 bytes] - [18/05/2014 00:13:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [3040 bytes] - [18/05/2014 00:07:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [11995 bytes] - [18/05/2014 00:13:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10783 bytes] ##########
 

Step 5 : FRST Scan

FRST text :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-04-2016 01
Ran by Yassine (administrator) on YASSINE-PC (18-04-2016 12:09:19)
Running from C:\Users\Yassine\Desktop
Loaded Profiles: Yassine (Available Profiles: Yassine)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Micro-Star International) C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files\MSI\Super Charger\ChargeService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Nomadio, Inc.) C:\Program Files\Connectify\ConnectifyService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Nomadio, Inc.) C:\Program Files\Connectify\Connectifyd.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(MSI) C:\Program Files\MSI\Super Charger\Super Charger.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\FileTransfer.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Micro-Star International) C:\Program Files\MSI\Live Update\Live Update.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe
(Nomadio, Inc.) C:\Program Files\Connectify\Connectify.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraCiscoJabberDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraShoreTelDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraBriaDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraBroadSoftDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraNECDriver.exe
(GN Netcom A/S) C:\Program Files\Jabra\Jabra PC Suite\JabraMicrosoftLyncPresence.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-05-18] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2013-08-12] (Renesas Electronics Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-07] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-18] (AVAST Software)
HKLM\...\Run: [Live Update] => C:\Program Files\MSI\Live Update\StartLiveUpdate.exe [579024 2014-07-01] (Micro-Star International)
HKLM\...\Run: [Super Charger] => C:\Program Files\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [FileTransferForMobileGo] => C:\Program Files\Wondershare\MobileGo for Android\FileTransfer.exe [336272 2014-11-05] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [ZALFree] => C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [Google Update] => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [Connectify] => C:\Program Files\Connectify\Connectify.exe [1191936 2010-03-26] (Nomadio, Inc.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\MountPoints2: {6298f255-281c-11e3-89b5-8c89a53000f5} - H:\
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-04-11] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Jabra Device Service.lnk [2016-04-12]
ShortcutTarget: Jabra Device Service.lnk -> C:\Program Files\Jabra\Jabra PC Suite\JabraDeviceService.exe (GN Netcom A/S)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2016-04-12]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{68F67741-BFDF-4EE5-9359-071DFEF7D797}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{70BCA8FA-6888-4F32-A704-2711CBC72097}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-11] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-11] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-11] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2010-09-01] (Google)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-11] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @hola.org/vlc,version=1.6.732 -> C:\Users\Yassine\AppData\Local\Hola\firefox\app\vlc [No File]
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @squareclock.com/SQ3DPlayer_Production_HBMV1 -> C:\Users\Yassine\AppData\Local\SquareClock.Production_HBMV1\NPSQ3D.dll [2015-07-01] (SquareClock SAS)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Yassine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @talk.google.com/O1DPlugin -> C:\Users\Yassine\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3657657661-1632738645-1670484084-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Yassine\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-02] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Yassine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Yassine\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-05-29]
FF Extension: EPUBReader - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-02-17]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2016-04-07]
FF Extension: Fast Dial - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\extensions\[email protected] [2016-04-09]
FF Extension: Xmarks - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\[email protected] [2016-03-18]
FF Extension: Weather Forecast Plus - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\[email protected] [2016-03-16]
FF Extension: Flagfox - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-03-18]
FF Extension: NoScript - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: Video DownloadHelper - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-04-13]
FF Extension: Adblock Plus - C:\Users\Yassine\AppData\Roaming\Mozilla\Firefox\Profiles\61jhdfai.default-1424972202256\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-13] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-11]

Chrome:
=======
CHR Profile: C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-21]
CHR Extension: (Google Docs) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-21]
CHR Extension: (Google Drive) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-21]
CHR Extension: (YouTube) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-21]
CHR Extension: (Recherche Google) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-02-21]
CHR Extension: (Google Sheets) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-21]
CHR Extension: (Google Docs hors connexion) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-21]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-21]
CHR Extension: (Gmail) - C:\Users\Yassine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4422704 2016-04-11] (Avast Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files\MSI\Live Update\MSI_LiveUpdate_Service.exe [84432 2014-07-01] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646056 2011-03-31] (Rosetta Stone Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-04-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-04-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-04-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-04-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-04-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-04-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-04-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-04-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-04-13] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-09-28] (DT Soft Ltd)
R3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [22040 2010-08-18] (Intel Corporation)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraBcDfuX86.sys [33144 2014-11-27] (GN Netcom A/S)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [127936 2015-11-05] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-04-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [156416 2015-10-08] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [136432 2016-04-11] (AVAST Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files\MSI\Super Charger\NTIOLib.sys [14392 2012-10-26] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files\MSI\Live Update\NTIOLib.sys [7680 2010-10-20] (MSI) [File not signed]
S3 NTIOLib_MSISMB_CC; C:\Program Files\MSI\ControlCenter\Sleep\NTIOLib.sys [7680 2012-11-09] (MSI) [File not signed]
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2013-08-12] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2013-08-12] (Renesas Electronics Corporation)
R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc) [File not signed]
S3 SkyNetU2CBDA; C:\Windows\System32\DRIVERS\SkyNetU2CBDA.sys [293464 2011-05-10] (TechniSat Digital, S.A.)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [15112 2007-05-02] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [109704 2007-05-02] (MCCI Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [262984 2016-04-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 12:09 - 2016-04-18 12:10 - 00026694 _____ C:\Users\Yassine\Desktop\FRST.txt
2016-04-18 11:52 - 2016-04-18 11:52 - 03683904 _____ C:\Users\Yassine\Desktop\adwcleaner_5.112.exe
2016-04-18 11:44 - 2016-04-18 11:44 - 00002218 _____ C:\Users\Yassine\Desktop\JRT.txt
2016-04-18 11:32 - 2016-04-18 11:33 - 01610352 _____ (Malwarebytes) C:\Users\Yassine\Desktop\JRT.exe
2016-04-18 11:14 - 2016-04-18 11:18 - 00011154 _____ C:\Users\Yassine\Desktop\Fixlog.txt
2016-04-17 03:00 - 2016-04-17 03:00 - 00000000 _____ C:\Users\Yassine\AppData\Local\{BFB2B931-853C-4189-8147-1D3A72EBCBF0}
2016-04-13 01:22 - 2016-03-31 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 01:22 - 2016-03-31 01:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 01:22 - 2016-03-31 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 01:22 - 2016-03-31 01:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 01:22 - 2016-03-31 00:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 01:22 - 2016-03-31 00:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 01:22 - 2016-03-31 00:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 01:22 - 2016-03-31 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 01:22 - 2016-03-31 00:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 01:22 - 2016-03-31 00:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 01:22 - 2016-03-31 00:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 01:22 - 2016-03-31 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 01:22 - 2016-03-31 00:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 01:22 - 2016-03-31 00:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 01:22 - 2016-03-31 00:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 01:22 - 2016-03-31 00:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 01:22 - 2016-03-31 00:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 01:22 - 2016-03-31 00:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 01:22 - 2016-03-31 00:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 01:22 - 2016-03-31 00:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 01:22 - 2016-03-31 00:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 01:22 - 2016-03-31 00:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 01:22 - 2016-03-31 00:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 01:22 - 2016-03-31 00:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 01:22 - 2016-03-31 00:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 01:22 - 2016-03-31 00:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 01:22 - 2016-03-31 00:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 01:22 - 2016-03-31 00:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 01:22 - 2016-03-31 00:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 01:22 - 2016-03-31 00:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 01:22 - 2016-03-31 00:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 01:22 - 2016-03-31 00:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 01:22 - 2016-03-31 00:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 01:22 - 2016-03-31 00:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 01:22 - 2016-03-31 00:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 00:08 - 2016-03-17 23:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-04-13 00:08 - 2016-03-17 23:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 00:08 - 2016-03-17 23:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 00:08 - 2016-03-17 23:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 00:08 - 2016-03-17 23:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 00:08 - 2016-03-17 23:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 00:08 - 2016-03-17 23:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 00:08 - 2016-03-17 23:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 00:08 - 2016-03-17 23:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 00:08 - 2016-03-17 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 00:08 - 2016-03-17 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 00:08 - 2016-03-17 23:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 00:08 - 2016-03-17 23:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 00:08 - 2016-03-17 23:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 00:08 - 2016-03-17 23:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 00:08 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 00:08 - 2016-03-17 23:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 00:08 - 2016-03-17 23:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 00:08 - 2016-03-17 23:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 00:08 - 2016-03-17 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 00:08 - 2016-03-17 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 00:08 - 2016-03-17 23:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 00:08 - 2016-03-17 23:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 00:08 - 2016-03-17 23:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 00:08 - 2016-03-17 23:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 00:08 - 2016-03-17 23:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 00:08 - 2016-03-17 23:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 22:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 00:08 - 2016-03-17 22:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 00:08 - 2016-03-17 22:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 00:08 - 2016-03-17 22:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 00:08 - 2016-03-17 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 00:08 - 2016-03-17 22:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 00:08 - 2016-03-17 22:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 00:08 - 2016-03-17 22:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 00:08 - 2016-03-17 22:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 00:08 - 2016-03-17 22:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 00:08 - 2016-03-17 22:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 00:08 - 2016-03-17 22:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 00:08 - 2016-03-17 22:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 00:08 - 2016-03-17 22:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 00:08 - 2016-03-17 22:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 22:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 22:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 00:08 - 2016-03-17 22:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 00:08 - 2016-03-16 00:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 00:08 - 2016-03-16 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 23:58 - 2016-04-04 18:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-12 23:58 - 2016-04-04 18:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-12 23:58 - 2016-04-02 14:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-12 23:58 - 2016-03-23 15:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-12 23:58 - 2016-03-17 19:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-12 23:58 - 2016-03-17 19:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-12 23:58 - 2016-03-17 19:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-12 23:58 - 2016-03-17 19:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 23:34 - 2016-03-11 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 23:22 - 2016-03-16 19:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-04-12 23:22 - 2016-03-16 19:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 22:59 - 2016-02-05 19:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 22:59 - 2016-02-05 18:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-12 22:59 - 2015-06-03 21:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-12 22:23 - 2016-03-29 18:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 22:23 - 2016-01-21 01:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-12 22:19 - 2016-02-02 19:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-12 22:14 - 2016-03-06 19:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 22:14 - 2016-03-06 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 13:57 - 2016-04-13 13:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-12 03:07 - 2016-04-12 03:07 - 00000000 ____D C:\Windows\system32\vbox
2016-04-12 02:24 - 2016-04-13 13:04 - 00001945 _____ C:\Windows\epplauncher.mif
2016-04-12 02:23 - 2016-04-13 13:04 - 00002008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-12 02:22 - 2016-04-13 13:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-04-12 01:46 - 2016-04-12 01:46 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\CrystalIdea Software
2016-04-12 01:44 - 2016-04-12 01:46 - 00689151 _____ C:\Users\Yassine\Downloads\speedyfox.zip
2016-04-12 01:09 - 2016-04-12 01:09 - 00001287 _____ C:\Users\Yassine\Desktop\results.txt
2016-04-12 00:32 - 2016-04-18 12:03 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-12 00:31 - 2016-04-12 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-12 00:31 - 2016-04-12 00:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-12 00:31 - 2016-04-12 00:31 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-04-12 00:31 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-12 00:31 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-12 00:31 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-11 23:27 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\Windows\system32\SAVRKBootTasks.sys
2016-04-11 11:56 - 2016-04-11 12:02 - 00046037 _____ C:\Users\Yassine\Downloads\Addition.txt
2016-04-11 11:47 - 2016-04-11 12:02 - 00062242 _____ C:\Users\Yassine\Downloads\FRST.txt
2016-04-11 11:44 - 2016-04-18 12:09 - 00000000 ____D C:\FRST
2016-04-11 11:42 - 2016-04-11 11:42 - 01725952 _____ (Farbar) C:\Users\Yassine\Desktop\FRST.exe
2016-04-11 04:15 - 2016-04-11 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-11 04:12 - 2016-04-11 04:11 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-11 04:11 - 2016-04-11 04:11 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-11 04:07 - 2016-04-11 04:16 - 22851472 _____ (Malwarebytes ) C:\Users\Yassine\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-11 03:45 - 2016-04-11 03:45 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Sun
2016-04-11 03:45 - 2016-04-11 03:45 - 00000000 ____D C:\Users\Yassine\.oracle_jre_usage
2016-04-11 03:45 - 2016-04-11 03:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-11 03:45 - 2016-04-11 03:44 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-04-11 03:43 - 2016-04-11 03:43 - 00000000 ____D C:\Users\Yassine\AppData\LocalLow\Oracle
2016-04-11 03:43 - 2016-04-11 03:43 - 00000000 ____D C:\Program Files\Java
2016-04-11 03:30 - 2016-04-11 03:30 - 00000005 _____ C:\Windows\system32\lMMLDeleteUserData42107612FX.tmp
2016-04-11 03:16 - 2016-04-11 03:37 - 50796608 _____ (Oracle Corporation) C:\Users\Yassine\Downloads\jre-8u77-windows-i586.exe
2016-04-11 03:12 - 2016-04-11 03:16 - 11614040 _____ (Microsoft Corporation) C:\Users\Yassine\Downloads\mseinstall.exe
2016-04-11 00:52 - 2016-04-11 00:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Yassine\Downloads\HijackThis.exe
2016-04-11 00:51 - 2016-04-11 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-11 00:51 - 2016-04-11 00:51 - 00000000 ____D C:\Program Files\Sophos
2016-04-11 00:50 - 2016-04-11 00:51 - 01339288 _____ C:\Users\Yassine\Downloads\sophos-anti-rootkit_sophos_anti-rootkit_1.5_anglais_24143.exe
2016-04-11 00:48 - 2016-04-11 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2016-04-11 00:48 - 2016-04-11 00:48 - 00000000 ____D C:\Program Files\Zemana AntiLogger Free
2016-04-11 00:48 - 2016-04-11 00:48 - 00000000 ____D C:\Program Files\KeyCryptSDK
2016-04-11 00:48 - 2015-11-05 15:00 - 00127936 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt32.sys
2016-04-11 00:47 - 2016-04-11 00:47 - 00000000 ____D C:\Users\Yassine\AppData\Local\Zemana
2016-04-11 00:47 - 2016-04-11 00:47 - 00000000 ____D C:\Users\Yassine\AppData\Local\AntiLogger Free
2016-04-11 00:41 - 2016-04-11 00:42 - 03719928 _____ (Zemana Ltd. ) C:\Users\Yassine\Downloads\AntiLoggerFree_Setup_1.8.2.320.exe
2016-04-11 00:37 - 2016-04-11 00:37 - 00615478 _____ C:\Users\Yassine\Downloads\Autoruns.zip
2016-04-11 00:12 - 2016-04-11 00:13 - 01686759 _____ C:\Users\Yassine\Downloads\PSTools.zip
2016-04-11 00:08 - 2016-04-11 00:08 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-04-10 15:59 - 2016-04-10 15:59 - 00627521 _____ C:\Users\Yassine\Downloads\دراسة طرق مختلفة لخف ثمار النخيل صنف شهلة لتحسين مواصفاتها.pdf
2016-04-09 23:06 - 2016-04-12 01:50 - 09457328 _____ (Connectify) C:\Users\Yassine\Downloads\Connectify2016Installer.exe
2016-04-08 02:14 - 2016-04-08 02:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriver_01011.Wdf
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\2C0A
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0C0A
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0C04
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0816
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0804
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0424
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041F
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041E
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041D
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\041B
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0419
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0416
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0415
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0414
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0413
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0412
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0411
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0410
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040E
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040D
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040C
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040B
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\040A
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0408
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0407
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0406
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0405
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0404
2016-04-08 01:21 - 2016-04-08 01:21 - 00000000 ____D C:\Windows\system32\0401
2016-04-08 01:12 - 2016-04-08 01:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf
2016-04-07 23:55 - 2016-04-09 12:06 - 00001668 _____ C:\Windows\system32\ASOROSet.bin
2016-04-07 23:55 - 2016-04-07 23:55 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2016-04-07 23:15 - 2016-04-07 23:16 - 00496545 _____ C:\Users\Yassine\Downloads\دودة البلح.pdf
2016-04-07 14:54 - 2016-04-07 14:55 - 00111146 _____ C:\Users\Yassine\Downloads\chaine hyper.rar
2016-04-04 23:14 - 2016-04-04 23:17 - 01075002 _____ C:\Users\Yassine\Downloads\Irrigation of Sandy Soils, Basics and Scheduling.pdf
2016-04-04 22:55 - 2016-04-04 22:56 - 00448581 _____ C:\Users\Yassine\Downloads\متطلبات مراقبة المياه الجوفية__لإدارة استجابة الخزان الجوفي وتهديدات النوعية.pdf
2016-04-04 18:20 - 2016-04-04 18:20 - 00047160 _____ C:\Users\Yassine\Downloads\Microcat Hyundai 2015.12.rar
2016-04-04 18:12 - 2016-04-04 18:12 - 00047086 _____ C:\Users\Yassine\Downloads\Microcat Hyundai 11-12.2015.zip
2016-04-03 21:55 - 2016-04-03 21:58 - 01172397 _____ C:\Users\Yassine\Downloads\دراسة الخصائص الفيزيائية والكيميائية لمياه ثلاث ابار في مدينة __كركوك وتحديد المحتوى الطحلبي لها.pdf
2016-04-03 21:52 - 2016-04-03 21:52 - 00286712 _____ C:\Users\Yassine\Downloads\تأثير اضافة نسب متوازنة من الاسمدة الكيميائية في نمو فسائل نخيل التمر .Phoenix dactylifera L__ صنف البرحي.pdf
2016-03-24 16:26 - 2016-03-24 16:37 - 11637039 _____ C:\Users\Yassine\Downloads\نخيل التمر في المملكة العربية السعودية.pdf
2016-03-22 01:10 - 2016-03-22 01:16 - 12076832 _____ C:\Users\Yassine\Downloads\رحلة الحمل والولادة خطوه بخطوه .pdf
2016-03-22 00:45 - 2016-03-22 00:45 - 01024741 _____ C:\Users\Yassine\Downloads\تحاليل مياة الري والتربة والنبات.pdf
2016-03-21 16:55 - 2016-03-21 16:55 - 00275035 _____ C:\Users\Yassine\Downloads\CV_DJALAL - B.pdf
2016-03-21 01:11 - 2016-03-21 01:15 - 05634785 _____ C:\Users\Yassine\Downloads\[F__W_Howard;_et_al]_Insects_on_palms(BookZZ.org).pdf
2016-03-21 01:09 - 2016-03-21 01:14 - 10572940 _____ C:\Users\Yassine\Downloads\كتاب تشخيص الأمراض الفطرية.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 12:01 - 2016-02-21 14:24 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-18 12:01 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-18 11:58 - 2014-07-24 07:39 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\Yahoo!
2016-04-18 11:58 - 2014-07-24 07:39 - 00000000 ____D C:\Users\Yassine\AppData\LocalLow\Yahoo!
2016-04-18 11:58 - 2014-07-24 07:36 - 00000000 ____D C:\Program Files\Yahoo!
2016-04-18 11:58 - 2014-05-18 00:06 - 00000000 ____D C:\AdwCleaner
2016-04-18 11:58 - 2013-09-28 09:44 - 00000000 ____D C:\Users\Yassine
2016-04-18 11:44 - 2013-09-28 14:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-18 11:43 - 2014-05-18 00:11 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\IObit
2016-04-18 11:43 - 2014-05-18 00:11 - 00000000 ____D C:\ProgramData\IObit
2016-04-18 11:30 - 2009-07-14 05:34 - 00038416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-18 11:30 - 2009-07-14 05:34 - 00038416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-18 11:29 - 2016-02-21 14:24 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-18 11:15 - 2013-09-28 14:16 - 00000000 ____D C:\Users\Yassine\AppData\LocalLow\Temp
2016-04-18 11:09 - 2013-09-28 14:24 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\uTorrent
2016-04-18 10:58 - 2014-01-05 11:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-18 10:45 - 2014-01-14 12:27 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000Core.job
2016-04-14 00:45 - 2013-09-28 15:12 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-13 13:41 - 2013-09-28 09:50 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-13 13:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-04-13 13:33 - 2009-07-14 05:33 - 00477536 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 13:32 - 2013-09-28 13:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-13 13:30 - 2014-12-11 17:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 13:19 - 2013-09-28 21:58 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 13:08 - 2013-09-28 21:58 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-13 13:02 - 2014-07-19 06:01 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-04-12 23:09 - 2016-02-18 13:37 - 00000000 ____D C:\Users\Yassine\Desktop\yacine
2016-04-12 22:30 - 2015-08-31 19:10 - 00000000 ____D C:\Users\Yassine\Desktop\3ars jalal
2016-04-12 13:18 - 2016-02-21 14:37 - 00002058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 01:55 - 2014-12-16 22:36 - 00000000 ____D C:\Program Files\Connectify
2016-04-12 01:38 - 2015-04-04 01:59 - 00001825 _____ C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JOSM.lnk
2016-04-12 01:38 - 2013-09-28 09:46 - 00001393 _____ C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-12 01:37 - 2016-03-17 03:53 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-12 01:37 - 2014-10-08 20:30 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Utilitaires Sierra.lnk
2016-04-12 01:37 - 2014-05-13 19:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2016-04-12 01:37 - 2013-09-28 17:41 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-04-12 01:37 - 2013-09-28 14:10 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-12 01:37 - 2013-09-28 13:39 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-12 01:37 - 2013-09-28 09:35 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-12 01:37 - 2013-09-28 09:35 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-12 01:37 - 2009-07-14 05:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-12 01:37 - 2009-07-14 05:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-12 01:37 - 2009-07-14 05:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-12 01:37 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-12 01:37 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-12 01:37 - 2009-07-14 05:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-12 01:36 - 2015-07-01 04:37 - 00002088 _____ C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Start Menu\HomeByMe.lnk
2016-04-12 01:32 - 2014-01-05 11:30 - 00000000 ____D C:\Windows\PCHEALTH
2016-04-12 01:31 - 2013-09-28 18:48 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\vlc
2016-04-12 01:08 - 2013-12-26 01:22 - 00000000 ____D C:\Program Files\4shared Desktop
2016-04-11 23:32 - 2014-07-20 05:44 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-04-11 11:59 - 2013-09-28 10:01 - 00122200 _____ C:\Users\Yassine\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-11 04:11 - 2014-07-19 06:01 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00124808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-11 04:11 - 2014-07-19 06:01 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-11 04:10 - 2014-07-19 06:01 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-11 04:10 - 2014-07-19 06:01 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-11 04:09 - 2016-03-16 15:05 - 00136432 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-04-11 03:46 - 2013-10-25 19:12 - 00000000 ____D C:\ProgramData\Oracle
2016-04-11 03:31 - 2014-04-07 17:42 - 00000000 ____D C:\ProgramData\HTC
2016-04-11 03:31 - 2014-04-07 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2016-04-11 03:31 - 2014-04-07 14:25 - 00000000 ____D C:\Program Files\HTC
2016-04-11 03:27 - 2014-04-07 14:25 - 00000000 ____D C:\Users\Yassine\AppData\Local\Downloaded Installations
2016-04-11 03:17 - 2014-07-20 05:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-11 00:31 - 2015-10-23 11:21 - 00000000 ____D C:\Users\Yassine\AppData\Local\FluxSoftware
2016-04-11 00:08 - 2013-09-28 14:17 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-11 00:08 - 2013-09-28 14:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-08 02:14 - 2013-07-08 08:33 - 00000000 ____D C:\TEMP
2016-04-08 01:21 - 2009-07-14 05:56 - 00000000 ____D C:\Windows\system32\0409
2016-04-08 01:12 - 2013-09-28 09:49 - 00000000 ____D C:\Program Files\Intel
2016-04-07 23:57 - 2014-03-18 00:49 - 00000000 ____D C:\Windows\Minidump
2016-04-07 23:57 - 2013-09-28 19:30 - 00000000 ____D C:\Windows\Panther
2016-04-07 23:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2016-04-07 23:54 - 2013-09-28 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-07 23:33 - 2015-04-04 01:59 - 00000000 ____D C:\Users\Yassine\AppData\Roaming\JOSM
2016-04-07 15:31 - 2014-08-07 15:56 - 00014848 ___SH C:\Users\Yassine\Documents\Thumbs.db
2016-04-07 15:31 - 2013-09-28 09:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-04-07 15:30 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Microsoft Games
2016-04-07 15:29 - 2015-03-10 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-04-07 15:29 - 2014-10-05 01:19 - 00000000 ____D C:\Users\Yassine\Documents\My Games
2016-04-07 15:18 - 2013-10-24 23:33 - 00000000 ____D C:\ProgramData\TEMP
2016-04-07 15:14 - 2014-07-23 05:46 - 00000000 ____D C:\Program Files\Ubisoft
2016-04-02 13:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-03-24 03:03 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2014-07-18 01:59 - 2010-03-18 17:15 - 0421200 _____ (Microsoft Corporation) C:\Users\Yassine\AppData\Roaming\msvcp100.dll
2014-07-18 01:59 - 2010-03-18 17:15 - 0770384 _____ (Microsoft Corporation) C:\Users\Yassine\AppData\Roaming\msvcr100.dll
2014-07-18 01:59 - 2014-06-18 09:58 - 1800304 _____ (Mozilla Foundation) C:\Users\Yassine\AppData\Roaming\nss3.dll
2014-07-18 01:26 - 2014-07-19 06:13 - 0013533 _____ () C:\Users\Yassine\AppData\Roaming\SHELLS.exe.tmp
2014-08-23 16:22 - 2015-02-01 22:28 - 0003584 _____ () C:\Users\Yassine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-29 11:57 - 2013-09-29 11:57 - 0001012 _____ () C:\Users\Yassine\AppData\Local\recently-used.xbel
2015-07-01 04:37 - 2015-07-01 04:37 - 0353118 _____ () C:\Users\Yassine\AppData\Local\SquareClock.Production_HBMV1Icon.ico
2016-04-17 03:00 - 2016-04-17 03:00 - 0000000 _____ () C:\Users\Yassine\AppData\Local\{BFB2B931-853C-4189-8147-1D3A72EBCBF0}
2014-04-01 17:11 - 2014-09-27 19:44 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2013-10-15 15:35 - 2013-10-15 15:35 - 0005037 _____ () C:\ProgramData\mxnhytee.feu

Some files in TEMP:
====================
C:\Users\Yassine\AppData\Local\Temp\libeay32.dll
C:\Users\Yassine\AppData\Local\Temp\msvcr120.dll
C:\Users\Yassine\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-02 13:27

==================== End of FRST.txt ============================


Additions text:
 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-04-2016 01
Ran by Yassine (2016-04-18 12:11:24)
Running from C:\Users\Yassine\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2013-09-28 08:44:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3657657661-1632738645-1670484084-500 - Administrator - Disabled)
Guest (S-1-5-21-3657657661-1632738645-1670484084-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3657657661-1632738645-1670484084-1002 - Limited - Enabled)
Yassine (S-1-5-21-3657657661-1632738645-1670484084-1000 - Administrator - Enabled) => C:\Users\Yassine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4shared Desktop (HKLM\...\4shared Desktop) (Version:  - )
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.320 (HKLM\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{77CC2F8A-95FC-D8DC-51C4-C5CE1C3247F5}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avast Premium (HKLM\...\Avast) (Version: 11.2.2261 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Connectify (HKLM\...\Connectify) (Version: 1.2.0.14599 - Nomadio, Inc.)
ControlCenter (HKLM\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
D-Link Powerline AV Utility (HKLM\...\D-Link Powerline AV Utility) (Version: 2.12.0.0 - D-Link Corporation.)
EOBD II Fault Codes (HKLM\...\ST6UNST #1) (Version:  - )
FertiManager4 (HKLM\...\{B41C85DC-6DE5-4E5C-8C3E-9176E95A87B2}) (Version: 4.00.0000 - HortiSoft Maroc)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Earth Pro 7.1.1.1888 Final (HKLM\...\Google Earth Pro 7.1.1.1888 Final7.1.1.1888) (Version: 7.1.1.1888 - Friends in War)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HomeByMe (HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\SquareClock_Production_HBMV1) (Version:  - 3DVIA Dassault Systemes)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - اسم شركتك)
HydraVision (Version: 4.2.208.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Jabra PC Suite 2.16.9388 (HKLM\...\{64A71A4A-2C43-4B5A-896E-42906D88E00D}) (Version: 2.16.9388.0 - GN Netcom A/S)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JOSM 8159 (HKLM\...\JOSM) (Version: 8159 - OpenStreetMap JOSM team)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LibreOffice 4.0.4.2 (HKLM\...\{FE88323B-9F0E-4596-8F56-37757C6918E9}) (Version: 4.0.4.2 - The Document Foundation)
Magic Data Recovery Pack (HKLM\...\Magic Data Recovery Pack) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Age of Empires II Trial Version (HKLM\...\Age of Empires II Trial) (Version:  - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 fr) (HKLM\...\Mozilla Firefox 45.0.2 (x86 fr)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSI Live Update (HKLM\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.006 - MSI)
MSI Super Charger (HKLM\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Rosetta Stone Ltd Services (HKLM\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
SafeZone Stable 1.48.2066.98 (Version: 1.48.2066.98 - Avast Software) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80403 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.80403 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Anti-Rootkit 1.5.0 (HKLM\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Starry Night Pro Plus 6 (HKLM\...\Starry Night Pro Plus 6) (Version: 6.0.0.0 - Imaginova Canada Ltd.)
TechniSat DVB-PC TV Star (HKLM\...\{CE9F9FBC-5253-46D2-9883-09E55003D794}) (Version: 1.0.0 - TechniSat)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.7.0.113 - KMP Media co., Ltd)
Theme Hospital (HKLM\...\Hospital) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{8D97B9A2-D73D-4CB6-9D1F-D25178AC4EDE}) (Version:  - Microsoft)
Utilitaires Sierra (HKLM\...\Utilitaires Sierra) (Version:  - )
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WiFi Coverage 2.0 (HKLM\...\WiFi Coverage_is1) (Version:  - Couitchy Corp.)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wondershare MobileGo for Android ( Version 5.3.2 ) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 5.3.2 - Wondershare)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Yassine\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3657657661-1632738645-1670484084-1000_Classes\CLSID\{f8f45982-eafc-4d16-96b3-b528699dd0d5}\InprocServer32 -> C:\Users\Yassine\AppData\Local\SquareClock.Production_HBMV1\SQ.Plugin.IE.dll (SquareClock SAS)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F0800F-2B78-44AB-B330-0B2FEF1CA939} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-11] (Adobe Systems Incorporated)
Task: {0DC58763-D502-4DAA-9D4C-96F9DE2E398A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {184A4A73-C264-4745-A7E4-4E4114B475E6} - System32\Tasks\{302B35BD-F0A2-4B21-B284-E9D0E5B17774} => pcalua.exe -a C:\Users\Yassine\Downloads\USBDRVEN.EXE -d C:\Users\Yassine\Downloads
Task: {1CB03C34-EF0C-497B-8FB7-A11C2816EEA8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000Core => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {24315CF4-FE0E-4E08-979D-38A688923B97} - System32\Tasks\{720099D2-8E27-43AA-A613-FF7CE1752A08} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.59.105/en/abandoninstall?page=tsProgressBar
Task: {29676C23-C72C-4342-93D1-058E2203013F} - System32\Tasks\{C8DD0611-9439-45B8-AB81-0FEB76552765} => pcalua.exe -a C:\Users\Yassine\Downloads\AoE2demo(1).exe -d C:\Users\Yassine\Downloads
Task: {2C30D800-53C6-4AFB-8812-9C01DF954764} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {41A3CFB6-37EC-44A2-BC34-389BF5A3C4C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4C428A39-5AD0-4978-95AA-A44C27BABD7D} - System32\Tasks\{35ACCBC6-A1FC-4ABB-98B2-D076C5CF88CA} => pcalua.exe -a G:\start.exe -d G:\
Task: {544D9D58-3C37-4CB4-92E4-BC6B58FA1F9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {5A4393FA-C124-4306-9293-175CEC26F54A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-11] (AVAST Software)
Task: {5B3C6B1C-3A2D-4CF8-8373-75A5422A99D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {706FCDB3-0798-410A-9F6B-2C8EB46ECB42} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-16] (AVAST Software)
Task: {74CE589A-47A0-447D-B64E-F983B4BC1D41} - System32\Tasks\{05A938DE-9797-44FF-9A72-9FF87090C4BA} => pcalua.exe -a C:\Users\Yassine\Downloads\Programs\TagesSetup.exe -d C:\Users\Yassine\AppData\Roaming\IDM
Task: {844EB380-C8E6-4D7B-83DB-D5CD3CBF9B3E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9F9845F6-8ABD-44AF-B75A-24A0520C15D1} - System32\Tasks\{4D52191B-09F5-4DFB-962A-196A3D368606} => pcalua.exe -a "E:\Oil & Gaz\Drilling Engineers\Applications\Schlumbger.exe" -d "E:\Oil & Gaz\Drilling Engineers\Applications"
Task: {A5D2CA80-5C23-46D0-87E1-BFBF5996DAB3} - System32\Tasks\SafeZone scheduled Autoupdate 1458183214 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {ACFE970A-01BC-4FE0-BA6B-0D9AB1331F45} - System32\Tasks\Connectify.Yassine => C:\Program Files\Connectify\ConnectifyService.exe [2010-03-26] (Nomadio, Inc.)
Task: {C6B3E08E-8A0C-4DA7-9868-F65945A54767} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000UA => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E3D7993A-0DFC-4C82-8B48-25D19B06F289} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E694B24B-CD21-4BE9-8F37-48410C758817} - System32\Tasks\{54CCAAD1-2721-4F45-B7E4-AF15A127924E} => pcalua.exe -a C:\Users\Yassine\Downloads\HijackThis.exe -d C:\Users\Yassine\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000Core.job => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657657661-1632738645-1670484084-1000UA.job => C:\Users\Yassine\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-11 04:11 - 2016-04-11 04:11 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-11 04:11 - 2016-04-11 04:11 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-18 10:52 - 2016-04-18 10:52 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041800\algo.dll
2016-04-11 04:11 - 2016-04-11 04:11 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-07 14:25 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2010-03-26 18:11 - 2010-03-26 18:11 - 00006656 _____ () C:\Program Files\Connectify\BuildProps.dll
2011-07-07 22:44 - 2011-07-07 22:44 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-03-16 15:05 - 2016-03-16 15:05 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-24 19:42 - 2014-11-05 18:04 - 01093520 _____ () C:\Program Files\Wondershare\MobileGo for Android\usExp.dll
2014-11-24 19:42 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-24 19:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-11-27 13:58 - 2014-11-27 13:58 - 01827840 _____ () C:\Program Files\Jabra\Jabra PC Suite\CommunicatorApiV2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-04-09 12:51 - 00000836 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3657657661-1632738645-1670484084-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{7669ECF1-EE66-4DC8-AEC9-A7C1986A4F8E}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{08E3AB5F-5FD9-4BDB-B307-9A697C0617D3}C:\program files\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [{A2DD5A73-04A6-4D05-A390-3E285B80C1D4}] => (Block) C:\program files\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [{381EF5A1-DBF5-4F62-8FBB-23FE22E2131E}] => (Block) C:\program files\wondershare\mobilego for android\mobilegoservice.exe

==================== Restore Points =========================

22-03-2016 03:00:25 Windows Update
23-03-2016 03:00:13 Windows Update
24-03-2016 03:00:15 Windows Update
25-03-2016 03:00:21 Windows Update
26-03-2016 03:00:20 Windows Update
27-03-2016 03:00:23 Windows Update
28-03-2016 03:00:31 Windows Update
29-03-2016 03:00:42 Windows Update
30-03-2016 03:00:11 Windows Update
31-03-2016 03:00:27 Windows Update
01-04-2016 03:00:27 Windows Update
02-04-2016 12:59:16 Windows Update
03-04-2016 11:58:57 Windows Update
04-04-2016 03:00:23 Windows Update
05-04-2016 03:00:17 Windows Update
06-04-2016 03:00:26 Windows Update
07-04-2016 03:00:28 Windows Update
07-04-2016 15:13:54 Supprimé Rayman Origins
07-04-2016 15:16:10 Dragon NaturallySpeaking 11 supprimé.
07-04-2016 15:27:04 Supprimé Rise Of Legends
07-04-2016 23:54:26 Advanced System Optimizer - Registry Cleaner
08-04-2016 01:20:08 Configuré Renesas Electronics USB 3.0 Host Controller Driver
08-04-2016 03:01:05 Windows Update
09-04-2016 03:00:23 Windows Update
09-04-2016 03:26:54 Advanced System Optimizer
10-04-2016 03:00:52 Windows Update
11-04-2016 00:41:44 Removed Evernote v. 5.7.2
11-04-2016 03:00:39 Windows Update
11-04-2016 03:18:29 Removed Java 8 Update 31
11-04-2016 03:25:14 Removed HTC Sync.
13-04-2016 12:58:11 Windows Update
14-04-2016 03:01:42 Windows Update
15-04-2016 03:01:32 Windows Update
18-04-2016 10:54:39 Windows Update
18-04-2016 11:14:17 Restore Point Created by FRST
18-04-2016 11:39:02 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2016 10:57:02 AM) (Source: MsiInstaller) (EventID: 11314) (User: NT AUTHORITY)
Description: Product: Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) -- Error 1314. The specified path '%APPDATA%\' is unavailable.

Error: (04/18/2016 10:45:50 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (04/16/2016 03:01:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (04/15/2016 03:10:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (04/15/2016 03:10:45 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2013 - Update 'Update for Microsoft PowerPoint 2013 (KB3114815) 32-Bit Edition' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI1f409.LOG.

Error: (04/15/2016 03:10:23 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Produit : Microsoft Office Professional Plus 2013 -- Erreur 1935.Une erreur s'est produite lors de l'installation du composant d'assembly {813139AD-6DAB-4DDD-8C6D-0CA30D073B41}. HRESULT : 0x80070020. interface d'assembly : IAssemblyCacheItem, fonction : Commit, nom d'assembly : Microsoft.Office.Interop.PowerPoint,fileVersion="15.0.4815.1000",version="15.0.0.0000000",culture="neutral",publicKeyToken="71E9BCE111E9429C",processorArchitecture="MSIL"

Error: (04/15/2016 03:04:48 AM) (Source: MsiInstaller) (EventID: 11314) (User: NT AUTHORITY)
Description: Product: Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) -- Error 1314. The specified path '%APPDATA%\' is unavailable.

Error: (04/14/2016 03:53:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (04/14/2016 03:53:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (04/14/2016 03:53:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/18/2016 11:58:57 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/18/2016 11:58:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/18/2016 11:58:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/18/2016 11:58:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/18/2016 11:58:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/18/2016 11:58:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service de l’iPod service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/18/2016 11:58:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/18/2016 11:58:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/18/2016 11:58:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/18/2016 11:58:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RosettaStoneDaemon service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2014-07-15 11:09:15.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 11:09:15.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 62%
Total physical RAM: 3048.87 MB
Available physical RAM: 1154.05 MB
Total Virtual: 6096.07 MB
Available Virtual: 3316.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.14 GB) (Free:77.29 GB) NTFS
Drive d: (MACINTOSH) (Fixed) (Total:292.9 GB) (Free:234.63 GB) FAT32
Drive e: () (Fixed) (Total:221.61 GB) (Free:38.72 GB) NTFS
Drive f: () (Fixed) (Total:292.97 GB) (Free:97.04 GB) NTFS
Drive h: (Starry Night Pro) (CDROM) (Total:3.95 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 190A190A)
Partition 1: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=OF Extended)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B0DCB0DC)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


Edited by Macpro86, 18 April 2016 - 05:13 AM.

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hello Pystryker,

Thank you SO much for your reply


Hello, you're quite welcome. :)
 

First, please excuse my bad english language i will try to develop correctly!


You're English is perfectly fine. :thumbsup:
 

I already uninstalled the P2P program


:thumbsup:

The logs look good, how is the machine running so far? Also, you have 2 anti-virus programs running. Please see the information below, and disable Microsoft Security Essentials..

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable only Avast after you have completed the steps.



Step 1: Multiple Anti-Virus Programs Installed

Your log indicates you have 2 or more anti-virus programs installed on your machine. They are "Avast" and "Microsoft Security Essentials".
  • Research shows that having multiple anti-virus programs installed is not a good idea. This is a case of more is not better. They will often conflict with each, provide false positives, and additional problems.
  • Please disable Microsoft Security Essentials by following the instructions below.
1. Double-click the Microsoft Security Essentials icon.
2. Navigate to the Settings tab.
3. From the left side panel, select Real-time protection.
4. From the right-side uncheck the Turn on real-time protection and then Save changes.

Security note: If UAC is enabled, then youll get a UAC prompt on screen. Please specify
credentials or permission to pass the UAC elevation.

5. After clicking Save settings and passing a UAC prompt elevation, the MSE tray
icon will become Image red, and the entire software interface will change warning that
real-time it turned off.


Step 2: Scan with Malwarebytes


Start the progam and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.




Step 3: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 4: Security Analysis

Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SALog.txt Log

  • 0

#5
Macpro86

Macpro86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Thank you Pystryker;

So far i have souspicious behavior like; moving mouse, a windows found opened and iam sure that no one did it! since that i uninstalled programs and did many scans before i get in your forum to ask and to be sure.

Step 1:

Miscrosoft security essentials disabled
Avast disabled until next reboot

Step 2: MBAM

This is the last one were nothing found
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 18/04/2016
Heure de l'analyse: 13:11
Fichier journal: MBAM.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.04.18.03
Base de données de rootkits: v2016.04.17.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x86
Système de fichiers: NTFS
Utilisateur: Yassine

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 384410
Temps écoulé: 36 min, 20 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 0
(Aucun élément malveillant détecté)

Valeurs du Registre: 0
(Aucun élément malveillant détecté)

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 0
(Aucun élément malveillant détecté)

Fichiers: 0
(Aucun élément malveillant détecté)

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

and this is the one were i found  over 1500 detected objects
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 12/04/2016
Heure de l'analyse: 00:39
Fichier journal: MBAM1.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.04.11.07
Base de données de rootkits: v2016.04.09.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x86
Système de fichiers: NTFS
Utilisateur: Yassine

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 382270
Temps écoulé: 28 min, 32 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 0
(Aucun élément malveillant détecté)

Valeurs du Registre: 0
(Aucun élément malveillant détecté)

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 40
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [5a3926876732c076fa1c3106f2113ac6],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [5a3926876732c076fa1c3106f2113ac6],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [296a624bbedb979f789e0f28ac578977],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [296a624bbedb979f789e0f28ac578977],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [41524d603d5c73c365b169cec142d729],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [41524d603d5c73c365b169cec142d729],
PUP.Optional.MultiPlug, C:\Users\Yassine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [266d7835e0b96dc9e531bd7a0ef58d73],
PUP.Optional.MultiPlug, C:\Users\Yassine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [266d7835e0b96dc9e531bd7a0ef58d73],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [0f848e1f9ffa1026ee29231435ceb34d],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [0f848e1f9ffa1026ee29231435ceb34d],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [50432984c9d00036c3547abd758e21df],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [50432984c9d00036c3547abd758e21df],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [c7ccd7d625742f07f3249d9a25de50b0],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [c7ccd7d625742f07f3249d9a25de50b0],
PUP.Optional.MultiPlug, C:\Users\Yassine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [5f345f4e86138ea838dfe75025decf31],
PUP.Optional.MultiPlug, C:\Users\Yassine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [5f345f4e86138ea838dfe75025decf31],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [d9ba95187e1b7eb8ea2ed95e3cc74bb5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [d9ba95187e1b7eb8ea2ed95e3cc74bb5],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [2e65f0bdedac191d45d3a39462a17f81],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [2e65f0bdedac191d45d3a39462a17f81],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [355e1c91cccdf145de3a88af26dd8977],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [355e1c91cccdf145de3a88af26dd8977],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [464dedc046534ceaa41b49e7bb49659b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [464dedc046534ceaa41b49e7bb49659b],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [2c6709a4346530064e7163cd0bf9946c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [2c6709a4346530064e7163cd0bf9946c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7, En quarantaine, [682bd0ddb6e394a209b66ac616eee61a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef, En quarantaine, [682bd0ddb6e394a209b66ac616eee61a],
PUP.Optional.OpenCandy, C:\Users\Yassine\AppData\Roaming\OpenCandy, En quarantaine, [870c3677f8a1ca6cdc7af207d230ea16],
PUP.Optional.OpenCandy, C:\Users\Yassine\AppData\Roaming\OpenCandy\0DBF7EFBF94E4031B9D54D3365F5954F, En quarantaine, [870c3677f8a1ca6cdc7af207d230ea16],
PUP.Optional.OpenCandy, C:\Users\Yassine\AppData\Roaming\OpenCandy\3F89B3A41F774E06B46D0418D7B9D914, En quarantaine, [870c3677f8a1ca6cdc7af207d230ea16],
PUP.Optional.MegaBrowse, C:\Users\Yassine\AppData\Local\Temp\Mega Browse, En quarantaine, [5d368a23ecad5ed80e1dc054df24c23e],
PUP.Optional.AdvancedSystemProtector, C:\Users\Yassine\AppData\Local\Systweak\Advanced System Protector, En quarantaine, [5a390e9fc2d7b482b31cfe26b25130d0],
PUP.Optional.ASK.Gen, C:\Users\Yassine\AppData\Local\Temp\APN-Stub, En quarantaine, [d1c2f7b6f3a668cead83ce5931d2db25],
PUP.Optional.ASK.Gen, C:\Users\Yassine\AppData\Local\Temp\APN-Stub\SHD-V7, En quarantaine, [d1c2f7b6f3a668cead83ce5931d2db25],
PUP.Optional.ASK.Gen, C:\Users\Yassine\AppData\Local\Temp\APN-Stub\Unknown, En quarantaine, [d1c2f7b6f3a668cead83ce5931d2db25],
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub, En quarantaine, [4350119c5841989e09273aed05fe0ef2],
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\SHD-V7, En quarantaine, [4350119c5841989e09273aed05fe0ef2],
PUP.Optional.Bandoo.AppFlsh, C:\Users\Yassine\AppData\Roaming\FirefoxToolbar, En quarantaine, [088bc8e53069a2941398d6512ed5f40c],
PUP.Optional.Bandoo.AppFlsh, C:\Users\Yassine\AppData\Roaming\FirefoxToolbar\Settings Manager, En quarantaine, [088bc8e53069a2941398d6512ed5f40c],

Fichiers: 42
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [0f848e1f9ffa1026ee29231435ceb34d],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [0f848e1f9ffa1026ee29231435ceb34d],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [0f848e1f9ffa1026ee29231435ceb34d],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [0f848e1f9ffa1026ee29231435ceb34d],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [50432984c9d00036c3547abd758e21df],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [50432984c9d00036c3547abd758e21df],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [50432984c9d00036c3547abd758e21df],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [50432984c9d00036c3547abd758e21df],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [c7ccd7d625742f07f3249d9a25de50b0],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [c7ccd7d625742f07f3249d9a25de50b0],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [c7ccd7d625742f07f3249d9a25de50b0],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [c7ccd7d625742f07f3249d9a25de50b0],
PUP.Optional.MultiPlug, C:\Users\Yassine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [5f345f4e86138ea838dfe75025decf31],
PUP.Optional.MultiPlug, C:\Users\Yassine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [5f345f4e86138ea838dfe75025decf31],
PUP.Optional.MultiPlug, C:\Users\Yassine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [5f345f4e86138ea838dfe75025decf31],
PUP.Optional.MultiPlug, C:\Users\Yassine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [5f345f4e86138ea838dfe75025decf31],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [d9ba95187e1b7eb8ea2ed95e3cc74bb5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [d9ba95187e1b7eb8ea2ed95e3cc74bb5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [d9ba95187e1b7eb8ea2ed95e3cc74bb5],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [d9ba95187e1b7eb8ea2ed95e3cc74bb5],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [2e65f0bdedac191d45d3a39462a17f81],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [2e65f0bdedac191d45d3a39462a17f81],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [2e65f0bdedac191d45d3a39462a17f81],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [2e65f0bdedac191d45d3a39462a17f81],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [355e1c91cccdf145de3a88af26dd8977],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [355e1c91cccdf145de3a88af26dd8977],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [355e1c91cccdf145de3a88af26dd8977],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [355e1c91cccdf145de3a88af26dd8977],
PUP.Optional.DefaultSearch.ShrtCln, C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml, En quarantaine, [553e3e6f742512244daa47d44eb6af51],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [464dedc046534ceaa41b49e7bb49659b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [464dedc046534ceaa41b49e7bb49659b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [464dedc046534ceaa41b49e7bb49659b],
PUP.Optional.MultiPlug, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [464dedc046534ceaa41b49e7bb49659b],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [2c6709a4346530064e7163cd0bf9946c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [2c6709a4346530064e7163cd0bf9946c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [2c6709a4346530064e7163cd0bf9946c],
PUP.Optional.MultiPlug, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [2c6709a4346530064e7163cd0bf9946c],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\lsdb.js, En quarantaine, [682bd0ddb6e394a209b66ac616eee61a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\background.html, En quarantaine, [682bd0ddb6e394a209b66ac616eee61a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\content.js, En quarantaine, [682bd0ddb6e394a209b66ac616eee61a],
PUP.Optional.MultiPlug, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\camkbpjplnckmcgablmjnjbknbpbikef\2.7\manifest.json, En quarantaine, [682bd0ddb6e394a209b66ac616eee61a],
PUP.Optional.OpenCandy, C:\Users\Yassine\AppData\Roaming\OpenCandy\0DBF7EFBF94E4031B9D54D3365F5954F\TuneUpUtilities2014WORLDW1D_en-US.exe, En quarantaine, [870c3677f8a1ca6cdc7af207d230ea16],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Step 3 : ESET online virus scan.. in progress.........

 


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you Pystryker;

So far i have souspicious behavior like; moving mouse, a windows found opened and iam sure that no one did it! since that i uninstalled programs and did many scans before i get in your forum to ask and to be sure.


Hello :)

But nothing since we started cleaning the machine, yes?
 

Step 1:

Miscrosoft security essentials disabled
Avast disabled until next reboot


:thumbsup:


Step 2: MBAM

This is the last one were nothing found


Excellent :) Please post the ESET log at your convenience and we'll continue.
  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

It's been a couple of days since I heard from you. Do you still require assistance? Please let me know and thank you. :thumbsup:
  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP