cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Mehdi (administrator) on CUTTERER-PC (29-07-2015 16:41:03)
Running from C:\Users\Mehdi\Downloads
Loaded Profiles: Mehdi (Available Profiles: Mehdi & UpdatusUser)
Platform: Windows 7 Ultimate (X64) Language: Français (France)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Skytech Co., Ltd.) C:\ProgramData\MailUpdate\mailUpdate.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1435146647---\knsh6B88.tmp
() C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1432979913---\hnsmB349.tmp
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
() C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1435146647---\jnsm4AA5.tmp
() C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1433899060---\hnswF41F.tmp
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Mehdi\AppData\Local\gmsd_fr_005010044\upgmsd_fr_005010044.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\wmi64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\shopperz27072015\Wxnuan.exe
() C:\Program Files\shopperz27072015\Wxnuan64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\gmsd_fr_005010044\gmsd_fr_005010044.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\plugin-nm-server.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2014-07-13] (Realtek Semiconductor)
HKLM\...\Run: [shopperz27072015] => C:\Program Files\shopperz27072015\Wxnuan.exe [433528 2015-07-27] ()
HKLM\...\Run: [shopperz2707201564] => C:\Program Files\shopperz27072015\Wxnuan64.exe [464760 2015-07-27] ()
HKLM-x32\...\Run: [gmsd_fr_005010033] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5887264 2015-06-08] (IObit)
HKLM-x32\...\Run: [gmsd_fr_005010044] => C:\Program Files (x86)\gmsd_fr_005010044\gmsd_fr_005010044.exe [3979408 2015-07-28] ()
HKLM-x32\...\RunOnce: [upgmsd_fr_005010044.exe] => C:\Users\Mehdi\AppData\Local\gmsd_fr_005010044\upgmsd_fr_005010044.exe [3320976 2015-07-28] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [DelTr4901192] => cmd.exe /c rd /s /q "C:\Users\Mehdi\AppData\Roaming\Speedial"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4247637929-2225670677-4258990341-1004\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64930;https=127.0.0.1:64930;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX&q={searchTerms}
HKU\S-1-5-21-4247637929-2225670677-4258990341-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX&q={searchTerms}
HKU\S-1-5-21-4247637929-2225670677-4258990341-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
HKU\S-1-5-21-4247637929-2225670677-4258990341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1437824010&z=3ed4bec96f15b52a562e59bg6z5c0m3b2o9cet6m7c&from=cmi&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX
HKU\S-1-5-21-4247637929-2225670677-4258990341-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX
HKU\S-1-5-21-4247637929-2225670677-4258990341-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4247637929-2225670677-4258990341-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5354&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4247637929-2225670677-4258990341-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX&ts=1438180040&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4247637929-2225670677-4258990341-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX&ts=1438180040&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4247637929-2225670677-4258990341-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5354&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4247637929-2225670677-4258990341-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX&ts=1438180040&type=default&q={searchTerms}
BHO: No Name -> {3c9ce603-44cc-4997-a166-239e6186c6ef} -> No File
BHO: No Name -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> No File
BHO: No Name -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> No File
BHO: No Name -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> No File
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-27] (Thinkgood Co. Limited)
BHO-x32: No Name -> {3c9ce603-44cc-4997-a166-239e6186c6ef} -> No File
Toolbar: HKU\S-1-5-21-4247637929-2225670677-4258990341-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skype4com - No CLSID Value
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 89.2.0.10
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{86A69BE7-C218-4415-BDD1-92FD3945FD01}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A0BFB417-62A6-413A-B389-9E570C5F70DC}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{C903608B-B567-453F-8BED-AECDE1636C31}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{E8CFBB49-1FB6-48AC-A5F3-CA30565A03F8}: [NameServer] 52.18.92.32,8.8.8.8
Tcpip\..\Interfaces\{E8CFBB49-1FB6-48AC-A5F3-CA30565A03F8}: [DhcpNameServer] 89.2.0.10
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Mehdi\AppData\Roaming\Mozilla\Firefox\Profiles\6m93m3ec.default
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com No File
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Extension: Widget context - C:\Users\Mehdi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-25]
FF HKLM\...\Firefox\Extensions: [{628f215e-0803-40f0-a52d-25e9ab679f78}] - C:\Program Files\shopperz27072015\Firefox
FF Extension: shopperz27072015 - C:\Program Files\shopperz27072015\Firefox [2015-07-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [{628f215e-0803-40f0-a52d-25e9ab679f78}] - C:\Program Files\shopperz27072015\Firefox

Chrome:
=======
CHR Profile: C:\Users\Mehdi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Mehdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-29]
CHR Extension: (Kaspersky Protection) - C:\Users\Mehdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-07-29]
CHR Extension: (AdBlock) - C:\Users\Mehdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mehdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mehdi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKU\S-1-5-21-4247637929-2225670677-4258990341-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fpgdgofgnobocjhpgifakcoieimjejbm] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [fpgdgofgnobocjhpgifakcoieimjejbm] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1438179996&z=8801d92b68717fb70df104dg7zfcebfg3q6zatcb0g&from=face&uid=HitachiXHTS547575A9E384_J2140059DBEZYADBEZYAX

Opera:
=======
OPR Extension: (bjgfdlplhmndoonmofmflcbiohgbkifn) - C:\Users\Mehdi\AppData\Roaming\Opera Software\Opera Stable\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2015-06-20]
OPR Extension: (fjnbnpbmkenffdnngjfgmeleoegfcffe) - C:\Users\Mehdi\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-07-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S3 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-11-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1355840 2011-11-14] (Intel Corporation) [File not signed]
S3 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-11-14] (Intel Corporation) [File not signed]
R2 giwowubi; C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1435146647---\knsh6B88.tmp [215552 2015-07-01] () [File not signed]
R2 hipocizi; C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1432979913---\hnsmB349.tmp [311296 2015-05-30] () [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878880 2015-05-12] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
R2 mailUpdate; C:\ProgramData\MailUpdate\mailUpdate.exe [820736 2015-07-10] (Skytech Co., Ltd.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-02] ()
R2 xoperoze; C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1435146647---\jnsm4AA5.tmp [219136 2015-06-24] () [File not signed]
R2 zedepory; C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1433899060---\hnswF41F.tmp [166912 2015-06-10] () [File not signed]
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation)
S3 AdobeFlashPlayerUpdateSvc; No ImagePath
S2 AVGIDSAgent; No ImagePath
S2 avgwd; No ImagePath
S2 WindowsMangerProtect; C:\ProgramData\9WinManPro9\ProtectWindowsManager.exe -service [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [130024 2011-11-22] (ASMedia Technology Inc) [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-06-09] (Symantec Corporation)
S3 gneiyvfl; No ImagePath
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-17] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-06-15] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-06-15] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2015-04-16] (Qualcomm Atheros Co., Ltd.)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-27] (Intel Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [9101016 2014-11-30] (Realtek Semiconductor Corp.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-26] (Synaptics Incorporated)
R1 wsfd_vt_1_10_0_20; C:\Windows\System32\drivers\wsfd_vt_1_10_0_20.sys [61312 2015-07-06] (WS)
S3 cpuz137; \??\C:\Users\Mehdi\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S1 sjzhmzyj; \??\C:\Windows\system32\drivers\sjzhmzyj.sys [X]
S1 warmegex; \??\C:\Windows\system32\drivers\warmegex.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 16:41 - 2015-07-29 16:41 - 00021970 _____ C:\Users\Mehdi\Downloads\FRST.txt
2015-07-29 16:40 - 2015-07-29 16:41 - 00000000 ____D C:\FRST
2015-07-29 16:40 - 2015-07-29 16:40 - 02169856 _____ (Farbar) C:\Users\Mehdi\Downloads\FRST64.exe
2015-07-29 16:35 - 2015-07-29 16:35 - 00001463 _____ C:\Users\Mehdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-29 16:28 - 2015-07-29 16:38 - 00000000 ____D C:\Users\Mehdi\AppData\Local\gmsd_fr_005010044
2015-07-29 16:28 - 2015-07-29 16:28 - 00000000 ____D C:\Program Files (x86)\gmsd_fr_005010044
2015-07-29 16:27 - 2015-07-29 16:27 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-07-29 16:27 - 2015-07-29 16:27 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-07-29 16:26 - 2015-07-29 16:34 - 00000000 ____D C:\ProgramData\MailUpdate
2015-07-29 16:26 - 2015-07-29 16:33 - 00000000 ____D C:\ProgramData\9WinManPro9
2015-07-29 16:26 - 2015-07-29 16:26 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\MailUpdate
2015-07-29 16:26 - 2015-07-29 16:26 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\istartsurf
2015-07-29 15:15 - 2015-07-29 15:15 - 02248704 _____ C:\Users\Mehdi\Downloads\AdwCleaner-4.208 (1).exe
2015-07-29 14:55 - 2015-07-29 14:55 - 02248704 _____ C:\Users\Mehdi\Downloads\AdwCleaner-4.208.exe
2015-07-29 14:52 - 2015-07-29 14:58 - 00000000 ____D C:\ProgramData\tWinManProt
2015-07-29 14:05 - 2015-07-29 16:26 - 00001321 _____ C:\Users\Mehdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk
2015-07-29 14:05 - 2015-07-29 16:26 - 00001274 _____ C:\Users\Mehdi\Desktop\Chrome .lnk
2015-07-29 14:05 - 2015-07-29 16:26 - 00001077 _____ C:\Users\Mehdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk
2015-07-29 14:05 - 2015-07-29 16:26 - 00001047 _____ C:\Users\Mehdi\Desktop\Iexplore .lnk
2015-07-29 14:05 - 2015-07-29 15:53 - 00000104 _____ C:\Users\Mehdi\Desktop\Firefox .lnk
2015-07-29 14:05 - 2015-07-29 15:53 - 00000104 _____ C:\Users\Mehdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk
2015-07-29 14:05 - 2015-07-29 15:50 - 00001312 _____ C:\Users\Mehdi\AppData\Local\Chrome .lnk
2015-07-29 14:05 - 2015-07-29 15:50 - 00001152 _____ C:\Users\Mehdi\AppData\Local\Iexplore .lnk
2015-07-29 14:05 - 2015-07-29 15:50 - 00000298 _____ C:\Users\Mehdi\AppData\Local\Firefox .lnk
2015-07-29 13:20 - 2015-07-29 13:29 - 00000000 ____D C:\ProgramData\XWinManProX
2015-07-29 13:20 - 2015-07-29 13:20 - 00000000 ____D C:\Program Files\shopperz27072015
2015-07-29 12:18 - 2015-07-29 12:18 - 00003154 _____ C:\Windows\System32\Tasks\{6F7F98FF-4A85-4B91-AB69-D0BEDC859435}
2015-07-29 12:17 - 2015-07-29 12:35 - 00000000 ____D C:\ProgramData\aWinManProa
2015-07-29 11:43 - 2015-07-29 16:33 - 00009646 _____ C:\Windows\PFRO.log
2015-07-29 11:43 - 2015-07-29 16:33 - 00000504 _____ C:\Windows\setupact.log
2015-07-29 11:43 - 2015-07-29 11:43 - 00000000 _____ C:\Windows\setuperr.log
2015-07-29 11:42 - 2015-07-29 11:42 - 00000000 ____H C:\asc_rdflag
2015-07-27 18:50 - 2015-07-27 18:50 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Mehdi\Downloads\sh-remover.exe
2015-07-27 17:34 - 2015-07-27 17:34 - 00000000 ____D C:\Program Files (x86)\a25fab05-41ae-4554-a010-8e6f2dafe0d2
2015-07-27 10:39 - 2015-07-27 10:39 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2218485555.bat
2015-07-27 10:14 - 2015-07-27 10:14 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2220129816.bat
2015-07-27 09:54 - 2015-07-27 10:00 - 00000000 ____D C:\ProgramData\MWinManProM
2015-07-25 11:55 - 2015-07-25 11:55 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2214818483.bat
2015-07-25 11:19 - 2015-07-25 11:19 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2214762266.bat
2015-07-23 15:05 - 2015-07-23 15:05 - 00000000 ____D C:\Program Files (x86)\4a8032ce-7844-4413-aba0-7d570987cade
2015-07-22 19:36 - 2015-07-29 15:50 - 00001195 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2015-07-22 19:36 - 2015-07-22 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-07-22 19:34 - 2015-07-22 19:34 - 28927512 _____ (IObit ) C:\Users\Mehdi\Downloads\IObit-Malware-Fighter-Setup.exe
2015-07-21 18:01 - 2015-07-21 18:01 - 00000000 ____D C:\Users\Mehdi\AppData\Local\Sony
2015-07-20 16:42 - 2015-07-20 16:42 - 00000000 ____D C:\Users\Mehdi\AppData\Local\Skype
2015-07-19 13:31 - 2015-07-29 16:10 - 00000239 _____ C:\Users\Mehdi\AppData\Local\recently-fix.db
2015-07-19 13:25 - 2015-07-19 13:25 - 00000000 ____D C:\Program Files (x86)\9a6abb72-f1d5-40e5-a222-37ddfd619b5e
2015-07-19 13:09 - 2015-07-19 13:09 - 00000000 ____D C:\Users\Mehdi\AppData\Local\VirtualStore
2015-07-19 13:08 - 2015-07-27 21:56 - 00057952 _____ C:\Users\Mehdi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-19 13:00 - 2015-07-19 13:00 - 00000000 ____D C:\Program Files (x86)\d925c8cb-4d16-4d74-ad47-cb8825673fef
2015-07-19 11:15 - 2015-07-19 11:15 - 00003100 _____ C:\Windows\System32\Tasks\{1BE212CF-9963-4591-A039-003C0AC5FB9F}
2015-07-18 10:26 - 2015-07-18 10:26 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2206681262.bat
2015-07-18 09:57 - 2015-07-29 15:50 - 00002168 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-07-18 09:56 - 2015-07-18 09:56 - 11792408 _____ (IObit ) C:\Users\Mehdi\Downloads\driver_booster_setup (1).exe
2015-07-17 16:04 - 2015-07-17 16:04 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2202398893.bat
2015-07-17 15:49 - 2015-07-17 15:49 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2202391812.bat
2015-07-17 15:45 - 2015-07-18 10:45 - 00027000 _____ C:\Users\Mehdi\Documents\Montage Lol.veg
2015-07-17 15:45 - 2015-07-17 15:45 - 00025344 _____ C:\Users\Mehdi\Documents\Montage Lol.veg.bak
2015-07-17 15:21 - 2015-07-17 15:21 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2202286453 (1).bat
2015-07-17 15:06 - 2015-07-17 15:06 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2199244036.bat
2015-07-16 08:47 - 2015-07-16 08:47 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2202498467.bat
2015-07-16 08:12 - 2015-07-16 08:12 - 00931408 _____ (Google Inc.) C:\Users\Mehdi\Downloads\ChromeSetup (1).exe
2015-07-16 06:25 - 2015-07-16 06:26 - 00000000 ____D C:\Program Files (x86)\c4b0eb3d-f646-4aa2-81f9-c03b674e695b
2015-07-15 11:52 - 2015-07-13 13:13 - 00349184 _____ C:\Windows\system32\Cofvopjy64.dll
2015-07-15 11:51 - 2015-07-19 11:27 - 00000000 ____D C:\Program Files\shopperz12072015
2015-07-15 04:15 - 2015-07-29 15:50 - 00000580 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-07-15 04:15 - 2015-07-16 08:52 - 00000000 ____D C:\Fraps
2015-07-15 04:15 - 2015-07-15 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-07-15 04:14 - 2015-07-15 04:15 - 02326976 _____ (Beepa Pty Ltd) C:\Users\Mehdi\Downloads\setup (1).exe
2015-07-15 04:07 - 2015-07-15 04:07 - 00000768 _____ C:\Users\Mehdi\Documents\Par défaut.sfvidcap
2015-07-15 04:04 - 2015-07-15 04:04 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2202286453.bat
2015-07-15 03:57 - 2015-07-15 03:57 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\Publish Providers
2015-07-15 03:57 - 2015-07-15 03:57 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\NVIDIA
2015-07-15 03:50 - 2015-07-29 15:50 - 00001016 _____ C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2015-07-15 03:50 - 2015-07-15 03:51 - 00006068 _____ C:\Windows\system32\--traceoff
2015-07-15 03:50 - 2015-07-15 03:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-07-15 03:50 - 2015-07-15 03:50 - 00000000 _____ C:\Windows\system32\--debugoff
2015-07-15 03:48 - 2015-07-15 03:48 - 00000000 ____D C:\ProgramData\Sony
2015-07-15 03:48 - 2015-07-15 03:48 - 00000000 ____D C:\Program Files\Sony
2015-07-15 03:48 - 2015-07-15 03:48 - 00000000 ____D C:\Program Files (x86)\Sony
2015-07-15 03:46 - 2015-07-15 03:57 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\Sony
2015-07-15 03:35 - 2015-07-15 03:35 - 00015658 _____ C:\Users\Mehdi\Downloads\Sony Vegas Pro 13.0 build 290 (64 bit) Multilingual [ChingLiu] (1).torrent
2015-07-15 03:32 - 2015-07-15 03:32 - 00000000 ____D C:\Users\Mehdi\.swt
2015-07-15 03:31 - 2015-07-29 15:50 - 00001858 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-07-15 03:31 - 2015-07-19 10:11 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\Azureus
2015-07-15 03:31 - 2015-07-15 03:31 - 00001852 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-15 03:31 - 2015-07-15 03:31 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-07-15 03:30 - 2015-07-15 03:30 - 10816032 _____ (Azureus Software, Inc.) C:\Users\Mehdi\Downloads\Vuze_Installer32.exe
2015-07-15 03:29 - 2015-07-15 03:29 - 00015658 _____ C:\Users\Mehdi\Downloads\Sony Vegas Pro 13.0 build 290 (64 bit) Multilingual [ChingLiu].torrent
2015-07-13 06:23 - 2015-07-13 06:23 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2198902142 (1).bat
2015-07-13 06:18 - 2015-07-13 06:18 - 00005154 _____ C:\Users\Mehdi\Downloads\replay_2198902142.bat
2015-07-09 18:48 - 2015-07-09 18:48 - 00003280 _____ C:\Windows\System32\Tasks\ICjGNy6B9qVjinY
2015-07-09 18:48 - 2015-07-09 18:48 - 00003240 _____ C:\Windows\System32\Tasks\LMGjdvZhLX85GUS
2015-07-09 18:48 - 2015-07-09 18:48 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\wxfVbhT
2015-07-09 18:48 - 2015-07-09 18:48 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\MBqjXrV
2015-07-08 08:07 - 2015-07-09 19:15 - 00003628 _____ C:\Windows\System32\Tasks\Dlvfecrd
2015-07-08 03:56 - 2015-07-08 03:56 - 00000000 _____ C:\dummy.htm
2015-07-07 17:49 - 2015-07-07 17:49 - 00000000 ____D C:\Program Files (x86)\c8a6daaf-83ad-456e-bc04-fa06b9d3b76d
2015-07-07 07:14 - 2015-07-07 07:17 - 00000664 __RSH C:\Users\Mehdi\ntuser.pol
2015-07-07 07:08 - 2015-07-07 07:08 - 02335944 _____ C:\Users\Mehdi\Downloads\Rainmeter-3.3-r2416-beta.exe
2015-07-07 06:38 - 2015-07-08 08:27 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-07-07 06:35 - 2015-07-07 06:37 - 09741888 _____ (CyberGhost S.R.L. ) C:\Users\Mehdi\Downloads\CG_5.0.15.14 (1).exe
2015-07-07 06:33 - 2015-07-07 06:34 - 09741888 _____ (CyberGhost S.R.L. ) C:\Users\Mehdi\Downloads\CG_5.0.15.14.exe
2015-07-06 21:11 - 2015-07-06 21:11 - 00061312 _____ (WS) C:\Windows\system32\Drivers\wsfd_vt_1_10_0_20.sys
2015-07-06 21:11 - 2015-07-06 21:11 - 00057728 _____ (WS) C:\Windows\system32\Drivers\wsfd_vw_1_10_0_20.sys
2015-07-04 02:22 - 2015-07-04 02:29 - 00000000 ____D C:\Program Files (x86)\netcut
2015-07-04 02:22 - 2015-07-04 02:22 - 01748153 _____ (arcai.com ) C:\Users\Mehdi\Downloads\netcut.exe
2015-07-03 22:51 - 2015-07-03 22:51 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v61.882
2015-07-03 05:43 - 2015-07-03 05:43 - 01528662 _____ C:\Users\Mehdi\Downloads\LOLReplay-0.8.9.35.exe
2015-07-01 19:46 - 2015-07-01 19:46 - 00000000 ____D C:\2a5ed1b4d69a5d3801e0df
2015-06-29 16:11 - 2015-06-29 16:11 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1435587062---
2015-06-29 16:09 - 2015-06-29 16:09 - 00000000 ____D C:\Program Files (x86)\8526378b-db6d-4b8f-9f70-43461640c0ab
2015-06-29 15:41 - 2015-06-29 15:41 - 00000000 ____D C:\Users\Mehdi\Documents\OneSafe PC Cleaner
2015-06-29 15:40 - 2015-06-29 15:40 - 02154056 _____ ( ) C:\Users\Mehdi\Downloads\OneSafe_PC_Cleaner.exe
2015-06-29 15:37 - 2015-07-29 15:50 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-29 15:37 - 2015-06-29 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 15:37 - 2015-06-29 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-29 15:37 - 2015-06-29 15:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-29 15:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 15:37 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 15:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-29 15:36 - 2015-06-29 15:37 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mehdi\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-29 13:47 - 2015-06-29 15:50 - 00000000 ____D C:\Program Files (x86)\f8ca5538-e274-4cf8-9327-4ab342d25a37

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 16:40 - 2014-06-18 15:05 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-29 16:39 - 2015-06-14 17:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-29 16:35 - 2015-05-18 07:47 - 00001389 _____ C:\Users\Mehdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-29 16:35 - 2014-07-12 02:20 - 00002880 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Mehdi)
2015-07-29 16:34 - 2015-05-18 07:49 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 16:34 - 2014-03-20 19:25 - 00000496 __RSH C:\ProgramData\ntuser.pol
2015-07-29 16:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-29 16:26 - 2015-06-14 16:54 - 00001337 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-29 16:06 - 2015-05-18 07:49 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-29 16:01 - 2009-07-14 06:45 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 16:01 - 2009-07-14 06:45 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 15:53 - 2014-05-05 22:46 - 00000000 ____D C:\AdwCleaner
2015-07-29 15:51 - 2015-06-14 17:20 - 00262144 _____ C:\Windows\system32\config\elam
2015-07-29 15:50 - 2015-06-24 05:26 - 00001097 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-07-29 15:50 - 2015-06-24 05:25 - 00002203 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-07-29 15:50 - 2015-06-23 17:56 - 00001172 _____ C:\Users\Public\Desktop\Battle.net.lnk
2015-07-29 15:50 - 2015-06-14 17:31 - 00001070 _____ C:\Users\Mehdi\Desktop\Musique - Raccourci.lnk
2015-07-29 15:50 - 2015-06-02 19:27 - 00001116 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-07-29 15:50 - 2015-04-18 21:11 - 00001631 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-07-29 15:50 - 2015-04-18 18:34 - 00000800 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-29 15:12 - 2015-04-18 11:02 - 00002910 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Mehdi
2015-07-29 15:10 - 2015-06-24 15:04 - 00001912 _____ C:\Windows\epplauncher.mif
2015-07-29 15:10 - 2014-06-01 05:29 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\OBS
2015-07-29 15:06 - 2013-12-01 15:41 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2015-07-29 13:47 - 2015-06-10 03:17 - 00000340 _____ C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job
2015-07-29 13:28 - 2015-05-18 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-29 13:28 - 2015-04-30 20:38 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-29 12:33 - 2015-04-19 02:36 - 01925111 _____ C:\Windows\WindowsUpdate.log
2015-07-29 11:51 - 2015-06-24 13:51 - 00000340 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-07-29 11:42 - 2014-07-12 02:14 - 50823168 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-07-29 11:42 - 2014-07-12 02:14 - 01052672 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-07-29 11:42 - 2014-07-12 02:14 - 00069632 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2015-07-29 11:42 - 2014-07-12 02:14 - 00032768 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-07-28 21:08 - 2014-06-09 00:07 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for Mehdi.job
2015-07-28 19:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-28 17:35 - 2015-05-29 23:59 - 00000000 ____D C:\Program Files (x86)\LSI
2015-07-28 10:41 - 2013-12-07 00:21 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\Skype
2015-07-27 20:08 - 2015-06-02 08:59 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1433228380---
2015-07-27 18:52 - 2015-04-10 16:39 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-07-27 17:34 - 2015-06-14 16:46 - 00000000 ____D C:\Program Files (x86)\07a213aa-e3e6-4cdd-ab44-50bbc6f7c4d6
2015-07-27 17:34 - 2015-04-10 16:22 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-24 09:16 - 2014-07-12 02:05 - 00000000 ____D C:\ProgramData\ProductData
2015-07-23 16:57 - 2013-12-01 13:28 - 00000000 ____D C:\Users\Mehdi\AppData\Local\Google
2015-07-23 12:15 - 2013-12-01 15:43 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\TS3Client
2015-07-22 19:36 - 2014-07-12 02:05 - 00000000 ____D C:\ProgramData\IObit
2015-07-19 13:04 - 2015-03-27 20:41 - 00000000 ____D C:\Users\Mehdi\AppData\Local\Battle.net
2015-07-19 10:57 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-18 09:57 - 2015-04-11 11:58 - 00003238 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2015-07-18 09:57 - 2015-04-11 11:58 - 00003182 _____ C:\Windows\System32\Tasks\Driver Booster Update
2015-07-18 09:57 - 2014-11-30 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-07-16 07:01 - 2015-05-18 07:49 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 07:01 - 2015-05-18 07:49 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 03:32 - 2013-12-01 12:25 - 00000000 ____D C:\Users\Mehdi
2015-07-14 02:54 - 2013-12-07 00:21 - 00000000 ____D C:\ProgramData\Skype
2015-07-14 02:53 - 2014-03-03 14:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-12 14:28 - 2014-06-04 17:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-09 18:48 - 2015-04-10 15:46 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\K1eamDR
2015-07-07 17:51 - 2015-06-24 13:51 - 00003252 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]
2015-07-03 22:36 - 2015-06-02 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-07-01 22:15 - 2015-06-24 13:50 - 00000000 ____D C:\Users\Mehdi\AppData\Roaming\Could not connect. Error code = 0x-1435146647---

==================== Files in the root of some directories =======

2015-03-01 13:43 - 2015-04-30 20:31 - 0000020 _____ () C:\Users\Mehdi\AppData\Roaming\appdataFr3.bin
2014-03-20 19:38 - 2014-04-12 11:00 - 0005265 _____ () C:\Users\Mehdi\AppData\Roaming\callbanner.png
2014-03-02 00:35 - 2014-11-28 08:28 - 0000202 _____ () C:\Users\Mehdi\AppData\Roaming\WB.CFG
2015-07-29 14:05 - 2015-07-29 15:50 - 0001312 _____ () C:\Users\Mehdi\AppData\Local\Chrome .lnk
2015-07-29 14:05 - 2015-07-29 15:50 - 0000298 _____ () C:\Users\Mehdi\AppData\Local\Firefox .lnk
2015-07-29 14:05 - 2015-07-29 15:50 - 0001152 _____ () C:\Users\Mehdi\AppData\Local\Iexplore .lnk
2015-07-19 13:31 - 2015-07-29 16:10 - 0000239 _____ () C:\Users\Mehdi\AppData\Local\recently-fix.db
2014-06-15 03:09 - 2014-06-15 03:09 - 0000920 _____ () C:\ProgramData\HirezPipeError.txt

Some files in TEMP:
====================
C:\Users\Mehdi\AppData\Local\Temp\2205.exe
C:\Users\Mehdi\AppData\Local\Temp\bjgD45E.exe
C:\Users\Mehdi\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Mehdi\AppData\Local\Temp\fufC40A.exe
C:\Users\Mehdi\AppData\Local\Temp\installer.exe
C:\Users\Mehdi\AppData\Local\Temp\Quarantine.exe
C:\Users\Mehdi\AppData\Local\Temp\sqlite3.dll
C:\Users\Mehdi\AppData\Local\Temp\supoptsetup.exe
C:\Users\Mehdi\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 16:49

==================== End of log ============================

Publicité


Signaler le contenu de ce document

Publicité