Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-01-2015
Ran by Newtech (2016-01-18 21:12:49)
Running from C:\Users\Newtech\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-31 15:14:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3391672212-682471421-219627172-500 - Administrator - Disabled)
Guest (S-1-5-21-3391672212-682471421-219627172-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3391672212-682471421-219627172-1005 - Limited - Enabled)
Newtech (S-1-5-21-3391672212-682471421-219627172-1000 - Administrator - Enabled) => C:\Users\Newtech
safa (S-1-5-21-3391672212-682471421-219627172-1003 - Limited - Enabled) => C:\Users\safa
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Computer Security (Enabled - Out of date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Out of date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced PDF Password Recovery (HKLM-x32\...\{6A2B148A-5D96-40D2-8450-692713BB7457}) (Version: 5.05.97.1109 - Elcomsoft Co. Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{61D4B846-49F8-2639-A4EB-977875265F37}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Ava Find (HKLM-x32\...\{909577E9-BFB5-48E2-8237-71DCA373F147}) (Version: 1.4.112 - Think Less Do More)
BitTorrent (HKU\S-1-5-21-3391672212-682471421-219627172-1000\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.492 - Camshare, Inc.)
ccc-core-static (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Component Rest (HKU\S-1-5-21-3391672212-682471421-219627172-1000\...\{2C4E8E83-1A06-F5F1-A280-139A671FD7D6}) (Version: 1.3.3 - Bus Plugin corp) <==== ATTENTION
Computer Security 12.71.109.0 (release) (x32 Version: 12.71.109.0 - F-Secure Corporation) Hidden
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Effective Measure 2.0.4 (HKLM\...\{0376BC0E-477C-4B6E-A6D6-0852927D4FDA}) (Version: 2.0.4 - Effective Measure)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FiscaVision (Etape 2) (HKLM-x32\...\{A069E974-18D2-11D6-9DE7-00001CB59F00}) (Version: 13.0.0.0 - e-vision)
FiscaVision (Etape 1) (HKLM-x32\...\{49D4F3A6-0DDB-11D6-9DE7-00001CB59F00}) (Version: 13.0.0.0 - e-vision [Imed Eddine OUEDERNI])
Free FLAC to MP3 Converter 1.0 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version: - PolySoft Solutions)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
F-Secure CCF Reputation (x32 Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Launch pad (HKLM-x32\...\F-Secure ServiceEnabler 49360) (Version: 1.71.340.0 - F-Secure Corporation)
F-Secure Launch pad (x32 Version: 1.71.340.0 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.126 (x32 Version: 1.02.126 - F-Secure Corporation) Hidden
Google Chrome (HKU\S-1-5-21-3391672212-682471421-219627172-1000\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Photos Backup (HKU\S-1-5-21-3391672212-682471421-219627172-1000\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.64.0 - HTC)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 8.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0030 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.6.10600 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10600.28.0 - Nero AG)
NFO viewer v 2.1 (HKLM-x32\...\NFO viewer_is1) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}) (Version: 8.0.29 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.62 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.01 (32 bits) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
XML-based import for OpenText eDOCS (Hummingbird DM) (HKLM-x32\...\XML-based import for OpenText eDOCS (Hummingbird DM)_is1) (Version: 1.3 - SmartEcmTools.com)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391672212-682471421-219627172-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Newtech\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3391672212-682471421-219627172-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Newtech\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00090DBA-6BBC-4747-AE2A-A1716E8A50F1} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {03E94A63-C6DE-44D3-BAD1-C04847F468F3} - System32\Tasks\{3C066FE4-B012-402E-9B49-87D901E4D75F} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {17006B28-8514-42D0-90D7-42AB91F1C39C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3391672212-682471421-219627172-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {20B44BA1-86E0-40D2-9AC2-6A4939241FE9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000Core => C:\Users\Newtech\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {232204DF-FD5E-4EB6-BF4C-B417F601CA41} - System32\Tasks\{9827365E-FBE4-4343-940E-BAE559C97AAA} => pcalua.exe -a C:\Users\Newtech\Downloads\SamsungPCStudio322.exe -d C:\Users\Newtech\Downloads
Task: {24DB87A2-CBCC-46AF-BBC6-289FA50B6104} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003UA => C:\Users\safa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {26392EE9-962B-41F8-84D1-064A6165C001} - System32\Tasks\{9DC98CD4-DBBA-449E-8D26-0E5BCC391021} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {47BE7D75-CD44-469C-9B7F-42D8F0C74A20} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3391672212-682471421-219627172-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {566FE171-D167-433C-A5AD-6804C7A3C0E0} - System32\Tasks\{EF47D321-AAC6-47A9-B65B-0205070AF1E3} => pcalua.exe -a C:\Users\Newtech\Downloads\20080128135518500_Samsung_PC_Studio_313_HA4.exe -d C:\Users\Newtech\Downloads
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5F3930E3-A5EF-4109-BB96-725CAFCDC37F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003Core => C:\Users\safa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {61A6B771-C15E-479B-BAF6-298F9075BBBE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000UA => C:\Users\Newtech\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {629031C7-A03C-4CCB-A92F-B3B52EDB6000} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3391672212-682471421-219627172-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6EE96E4B-6D5B-40CF-8F81-D31DC6554BE8} - System32\Tasks\{9953D6C3-7AB5-4E62-AB92-0EB594731CFD} => pcalua.exe -a C:\Users\Newtech\AppData\Local\Temp\{66F1F013-008F-4875-B283-5A814B820347}\CleanerUI\cleanapi.exe -d C:\Users\Newtech\AppData\Local\Temp\{66F1F013-008F-4875-B283-5A814B820347}\CleanerUI -c -d -s
Task: {701373C3-B9AC-4366-AB0A-2C02AB3D0793} - System32\Tasks\Component Rest2 => Rundll32.exe "C:\Users\Newtech\AppData\Local\Component Rest\{FD4CC765-1481-CDAD-9777-52C070E0D4C1}\xnulwu.dll",#1 <==== ATTENTION
Task: {784029FB-A467-4020-BFE5-079F28393FA8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003Core => C:\Users\safa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {7A921CDA-8ED7-49C2-AFFD-CC44E308CF8D} - System32\Tasks\{431DAEA2-7A9E-4603-8AC5-8D2F8A9541BC} => pcalua.exe -a "C:\Program Files (x86)\Dim@net\uninst.exe"
Task: {8FC8B59C-8553-4168-94C3-B095656F7C6A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000Core => C:\Users\Newtech\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.)
Task: {903AD3A3-C9BC-4861-A9BC-67FDE4496360} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3391672212-682471421-219627172-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {92CE98C2-6B75-4F89-93BF-2C5A30FE4CF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {9792D8EB-D00E-440C-BAAD-C60DD416BE2A} - System32\Tasks\{18B8A968-5711-4BE1-93F5-6E5FE052BADF} => pcalua.exe -a C:\Windows\system32\AxSWindCx64.cpl -c Alcohol iSCSI Sharing Center
Task: {985E26E3-5554-412F-AC4C-4B8E7016DE9C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3391672212-682471421-219627172-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9A174839-C717-4BB7-9850-006B680E193B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {B42E063B-D0EA-4ADF-B83F-0EE333AF6C71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B727D07D-1810-4AC0-9708-AFC4A167E5D8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3391672212-682471421-219627172-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C63E75E3-8051-4A38-8BA2-A95E0D9C5CBD} - System32\Tasks\{A89EEAC5-077F-44C8-8877-129FB4E2EC83} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe" -c -runfromtemp -l0x0409
Task: {CB40283B-98DE-404E-889F-E89AC7BE6B2D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000UA => C:\Users\Newtech\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.)
Task: {CEE361C0-F229-4EDB-AE1F-2AA664D38DC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003UA => C:\Users\safa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E232BDA6-44F9-4CAF-A52F-902D8F17D121} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3391672212-682471421-219627172-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E6600BE3-7F9A-4253-BCBC-F0BE9B019B38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {EA8EC854-2432-4325-A1D8-4ED6B53D6559} - System32\Tasks\{DFA008F4-4346-4290-803B-CFB6570FA35C} => pcalua.exe -a "C:\Users\Newtech\Desktop\Mes documents\ORDI DEPOT\Nouveau dossier (2)\programs\Compression\Ouvrir Les Fichier Nfo\Damn NFO Viewer v2.10.0032 RC3.exe" -d "C:\Users\Newtech\Desktop\Mes documents\ORDI DEPOT\Nouveau dossier (2)\programs\Compression\Ouvrir Les Fichier Nfo"
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {F0A7C8B0-8E08-478F-8ED9-45F09B05AD30} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3391672212-682471421-219627172-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F20AA42C-D390-45B6-BACF-5917F28079ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-16] (Adobe Systems Incorporated)
Task: {F32222A1-2F79-4EEC-9639-33C5B220C3BC} - System32\Tasks\Component Rest => Rundll32.exe "C:\Users\Newtech\AppData\Local\Component Rest\{FD4CC765-1481-CDAD-9777-52C070E0D4C1}\ComponentRest.dll",#1 <==== ATTENTION
Task: {FA9F48CC-79A4-4661-B43E-08C10CBE5BBF} - System32\Tasks\Extension Bubble => Rundll32.exe "C:\Users\Newtech\AppData\Local\Extension Bubble\xBin\ExtensionBubble.dll",#3 <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000Core.job => C:\Users\Newtech\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000UA.job => C:\Users\Newtech\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003Core.job => C:\Users\safa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003UA.job => C:\Users\safa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000Core.job => C:\Users\Newtech\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000UA.job => C:\Users\Newtech\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003Core.job => C:\Users\safa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003UA.job => C:\Users\safa\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-05-29 15:58 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-01-06 15:38 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-11-24 16:12 - 2015-11-24 16:12 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2010-03-09 11:31 - 2010-03-09 11:31 - 03409256 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-03-03 11:15 - 2010-03-03 11:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 10:26 - 2009-11-03 10:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 11:15 - 2010-03-03 11:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 11:15 - 2010-03-03 11:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-06 09:13 - 2009-06-22 11:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 16:08 - 2009-03-12 16:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 13:38 - 2009-07-25 13:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2014-05-30 09:50 - 2013-01-23 13:43 - 00772712 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2014-05-30 09:50 - 2013-01-23 13:43 - 00150264 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
2010-02-05 14:44 - 2010-02-05 14:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-28 21:20 - 2015-10-13 09:12 - 00045608 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2012-11-26 13:49 - 2012-11-26 13:49 - 00216632 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2014-03-24 11:31 - 2014-03-24 11:31 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-11-24 16:02 - 2015-11-24 16:02 - 00604288 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-24 11:34 - 2014-03-24 11:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-03-24 11:36 - 2014-03-24 11:36 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-11-28 21:35 - 2013-11-28 21:35 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-11-28 21:20 - 2015-06-14 23:02 - 00175144 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Gemini\fsgem.dll
2013-11-28 21:20 - 2016-01-10 21:13 - 00945192 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2014-05-30 09:50 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2014-05-30 09:50 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2014-05-30 09:50 - 2009-05-27 07:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacats.dll
2014-05-30 09:50 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2014-05-30 09:50 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2014-05-30 09:50 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL
2014-05-30 09:50 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
2014-05-30 09:50 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL
2014-05-30 09:50 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL
2014-05-30 09:50 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL
2014-05-30 09:50 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll
2014-05-30 09:50 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
2014-05-30 09:50 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll
2014-05-30 09:50 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
2014-05-30 09:50 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
2013-11-22 16:45 - 2013-11-22 16:45 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-11-28 21:20 - 2015-10-13 09:12 - 00056360 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
2013-11-28 21:20 - 2015-10-13 09:12 - 00093224 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng
2013-11-28 21:20 - 2015-10-13 09:12 - 00154664 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\flyerres.eng
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:FD082FD4
AlternateDataStreams: C:\Users\safa\Downloads\20130113_200655.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\292306_255171161266410_905700452_n.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\293258_257668694253423_7495741_n (1).jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\40134_444673222868_7132227_n.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\740591_10151224037857869_2048082988_o.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\pink dress.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\SAF.jpg:Roxio EMC Stream
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3391672212-682471421-219627172-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Newtech\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvaFind => "C:\Program Files (x86)\AvaFind\AvaFind.exe" /minimized
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LogMeIn GUI =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1065F7E9-E301-448D-AA86-9ED3696C5193}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3B8B376-33B7-4DEA-8D2E-493AB1A24E23}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{D2FB6FC9-168F-4270-B242-D85FFE963E12}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{084D87E8-2688-4A36-8C6C-6F06BB50E3BF}] => (Allow) svchost.exe
FirewallRules: [{873AF774-6236-4B1C-A0AB-4F7DDE65641D}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{A868C2F2-2386-458E-9CE8-89BD9FFF26DC}C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{30700B61-BD26-4F0E-A944-CAB8102EE902}C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [TCP Query User{8EE2AEA6-0A96-4320-AFB2-19E410D81DE7}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{A81550E5-F3E0-460A-8A8D-7E5E5A56B727}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{F7AFDD74-DD2A-4046-89CC-270AC12B3391}C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{A08E499E-B2AE-4331-AD22-ADCEB17E4217}C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [TCP Query User{11ADA519-7CDE-4DE7-8BA6-8350CD61031F}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{2F9E9B88-AC39-425B-A8BD-DFB832410001}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{F9544155-6B46-4DBB-9BDF-7E8FA44B0DAE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E3E9571A-AD78-4DEA-B7B4-B3E434203995}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{17AEE854-CB74-4D7A-8C93-7238BB465098}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{9589ECFD-8906-46B1-9A3F-90CE5103C91A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{F7671EE2-3F2B-4848-82C9-BB1A8F3BF4C0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{CFEE2B23-1473-4887-958F-0F370A1964D8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{DD456418-8183-44D3-9FAA-04838CF85D65}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{9D716005-CBC0-4BA2-971C-8288139AAC54}] => (Allow) C:\Windows\system32\lxeacoms.exe
FirewallRules: [{EB59143C-3A74-4A78-97F3-6CA61EB99252}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{F94642AC-86CA-49A0-862A-57C435D58E7E}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{BB023CCA-38ED-42AD-A593-A02568FC6412}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{E193D3EA-6FDE-46A6-9E73-D09E1BA783AE}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{6B849CB7-480C-493F-AF9C-46F69F0647CB}] => (Allow) C:\Users\Newtech\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{334CD7BE-BE81-4618-AC7C-C506EFB95648}] => (Allow) C:\Users\Newtech\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8DC2CCED-A01F-453B-B37C-6BFBC79A1816}] => (Allow) C:\Users\Newtech\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{BDDFF6CA-5335-4B74-9BAB-FA497692B11E}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [UDP Query User{0D8A1E3D-904F-43F5-9B5A-1E62B20AFA05}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [{98EF07DE-C3C8-492A-B46B-B08A8E3CAB0C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{58487B53-6CC4-4D9D-BF7B-0FDEA874D82F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{0C02C9B1-CB9A-4724-B31B-6A661A237591}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [UDP Query User{ADBC81B3-5E63-4FAC-AAE3-3EF3A89E1732}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{D971F29C-17F2-455E-8D52-70229737896C}] => (Block) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{F955CBE8-5602-4A5B-A875-1524A914A52D}] => (Block) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{735D94D8-725B-45A8-8A97-08CC0291B08F}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
==================== Restore Points =========================
17-01-2016 15:20:53 Removed Skype Toolbars
17-01-2016 15:30:54 Configured TRORMCLauncher
17-01-2016 15:32:50 削除 PMB
17-01-2016 15:33:46 削除 PMB
17-01-2016 15:48:42 Removed Bonjour
17-01-2016 15:53:34 Removed Photo Service - powered by myphotobook
17-01-2016 16:02:41 Configured TRORMCLauncher
17-01-2016 16:26:37 Windows Update
18-01-2016 21:01:02 Configured TOSHIBA eco Utility
==================== Faulty Device Manager Devices =============
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2016 09:12:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2016-01-18 21:12:35+02:00 NEWTECH-TOSH Newtech-TOSH\Newtech F-Secure Anti-Virus
Malicious code found in file C:\ProgramData\mscrrn.0xe.
Infection: Trojan:W32/Gamarue.F
Action: failed.
Error: (01/18/2016 09:10:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2016-01-18 21:10:54+02:00 NEWTECH-TOSH Newtech-TOSH\Newtech F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: Application.Bundler.DownloadMR
Object: D:\Downloads\Cracklock.exe
Error: (01/18/2016 08:57:42 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (01/18/2016 08:57:42 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Impossible de démarrer le service TMachInfo sur l'ordinateur '.'.
Error: (01/18/2016 08:50:45 PM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2016-01-18 20:50:45+02:00 NEWTECH-TOSH NEWTECH-TOSH\Newtech F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (01/18/2016 08:50:22 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (01/18/2016 08:50:22 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Impossible de démarrer le service TMachInfo sur l'ordinateur '.'.
Error: (01/18/2016 08:45:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme Explorer.EXE version 6.1.7601.17567 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
ID de processus : 12b0
Heure de début : 01d1521da8d52046
Heure de fin : 146
Chemin d’accès de l’application : C:\Windows\Explorer.EXE
ID de rapport : 0db12926-be1c-11e5-b0b7-00266c916a5b
Error: (01/18/2016 07:50:47 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3 2016-01-18 19:50:47+02:00 NEWTECH-TOSH Newtech-TOSH\Newtech F-Secure Anti-Virus
Malicious code found in file C:\Users\Newtech\Downloads\Non confirmé 886967.crdownload.
Infection: Application:W32/Generic.e177f40e7a!Online
Action: The file was quarantined.
Error: (01/18/2016 07:50:12 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2016-01-18 19:50:11+02:00 NEWTECH-TOSH Newtech-TOSH\Newtech F-Secure Anti-Virus
Malicious code found in file C:\Users\Newtech\Downloads\Non confirmé 823801.crdownload.
Infection: Application:W32/Generic.e177f40e7a!Online
Action: The file was quarantined.
System errors:
=============
Error: (01/18/2016 08:54:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service lxeaCATSCustConnectService n’a pas pu démarrer en raison de l’erreur :
%%1053
Error: (01/18/2016 08:54:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service lxeaCATSCustConnectService.
Error: (01/18/2016 08:54:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service LogMeIn Kernel Information Provider n’a pas pu démarrer en raison de l’erreur :
%%3
Error: (01/18/2016 08:52:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service iolo System Service s’est terminé de façon inattendue pour la 1ème fois.
Error: (01/18/2016 08:48:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service lxeaCATSCustConnectService n’a pas pu démarrer en raison de l’erreur :
%%1053
Error: (01/18/2016 08:48:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service lxeaCATSCustConnectService.
Error: (01/18/2016 08:48:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service LogMeIn Kernel Information Provider n’a pas pu démarrer en raison de l’erreur :
%%3
Error: (01/18/2016 08:57:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service lxeaCATSCustConnectService n’a pas pu démarrer en raison de l’erreur :
%%1053
Error: (01/18/2016 08:57:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service lxeaCATSCustConnectService.
Error: (01/18/2016 08:57:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service LogMeIn Kernel Information Provider n’a pas pu démarrer en raison de l’erreur :
%%3
CodeIntegrity:
===================================
Date: 2013-11-28 19:34:51.827
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-28 19:12:54.586
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-28 18:58:39.844
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-27 14:50:04.800
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-27 14:40:24.287
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-27 13:12:00.730
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-27 13:04:40.466
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-26 23:04:09.521
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-26 21:43:51.523
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-26 14:59:59.094
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 2998.9 MB
Available physical RAM: 1703.2 MB
Total Virtual: 5996 MB
Available Virtual: 4218.37 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:148.89 GB) (Free:57.34 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.81 GB) (Free:85.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 82751065)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by Newtech (2016-01-18 21:12:49)
Running from C:\Users\Newtech\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-31 15:14:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3391672212-682471421-219627172-500 - Administrator - Disabled)
Guest (S-1-5-21-3391672212-682471421-219627172-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3391672212-682471421-219627172-1005 - Limited - Enabled)
Newtech (S-1-5-21-3391672212-682471421-219627172-1000 - Administrator - Enabled) => C:\Users\Newtech
safa (S-1-5-21-3391672212-682471421-219627172-1003 - Limited - Enabled) => C:\Users\safa
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Computer Security (Enabled - Out of date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Out of date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced PDF Password Recovery (HKLM-x32\...\{6A2B148A-5D96-40D2-8450-692713BB7457}) (Version: 5.05.97.1109 - Elcomsoft Co. Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{61D4B846-49F8-2639-A4EB-977875265F37}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Ava Find (HKLM-x32\...\{909577E9-BFB5-48E2-8237-71DCA373F147}) (Version: 1.4.112 - Think Less Do More)
BitTorrent (HKU\S-1-5-21-3391672212-682471421-219627172-1000\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.492 - Camshare, Inc.)
ccc-core-static (x32 Version: 2010.0426.2136.36953 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Component Rest (HKU\S-1-5-21-3391672212-682471421-219627172-1000\...\{2C4E8E83-1A06-F5F1-A280-139A671FD7D6}) (Version: 1.3.3 - Bus Plugin corp) <==== ATTENTION
Computer Security 12.71.109.0 (release) (x32 Version: 12.71.109.0 - F-Secure Corporation) Hidden
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Effective Measure 2.0.4 (HKLM\...\{0376BC0E-477C-4B6E-A6D6-0852927D4FDA}) (Version: 2.0.4 - Effective Measure)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FiscaVision (Etape 2) (HKLM-x32\...\{A069E974-18D2-11D6-9DE7-00001CB59F00}) (Version: 13.0.0.0 - e-vision)
FiscaVision (Etape 1) (HKLM-x32\...\{49D4F3A6-0DDB-11D6-9DE7-00001CB59F00}) (Version: 13.0.0.0 - e-vision [Imed Eddine OUEDERNI])
Free FLAC to MP3 Converter 1.0 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version: - PolySoft Solutions)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
F-Secure CCF Reputation (x32 Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Launch pad (HKLM-x32\...\F-Secure ServiceEnabler 49360) (Version: 1.71.340.0 - F-Secure Corporation)
F-Secure Launch pad (x32 Version: 1.71.340.0 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.126 (x32 Version: 1.02.126 - F-Secure Corporation) Hidden
Google Chrome (HKU\S-1-5-21-3391672212-682471421-219627172-1000\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Photos Backup (HKU\S-1-5-21-3391672212-682471421-219627172-1000\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.64.0 - HTC)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 8.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0030 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.6.10600 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10600.28.0 - Nero AG)
NFO viewer v 2.1 (HKLM-x32\...\NFO viewer_is1) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}) (Version: 8.0.29 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.62 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.01 (32 bits) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
XML-based import for OpenText eDOCS (Hummingbird DM) (HKLM-x32\...\XML-based import for OpenText eDOCS (Hummingbird DM)_is1) (Version: 1.3 - SmartEcmTools.com)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391672212-682471421-219627172-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Newtech\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3391672212-682471421-219627172-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Newtech\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00090DBA-6BBC-4747-AE2A-A1716E8A50F1} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-22] (TOSHIBA CORPORATION)
Task: {03E94A63-C6DE-44D3-BAD1-C04847F468F3} - System32\Tasks\{3C066FE4-B012-402E-9B49-87D901E4D75F} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {17006B28-8514-42D0-90D7-42AB91F1C39C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3391672212-682471421-219627172-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {20B44BA1-86E0-40D2-9AC2-6A4939241FE9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000Core => C:\Users\Newtech\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {232204DF-FD5E-4EB6-BF4C-B417F601CA41} - System32\Tasks\{9827365E-FBE4-4343-940E-BAE559C97AAA} => pcalua.exe -a C:\Users\Newtech\Downloads\SamsungPCStudio322.exe -d C:\Users\Newtech\Downloads
Task: {24DB87A2-CBCC-46AF-BBC6-289FA50B6104} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003UA => C:\Users\safa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {26392EE9-962B-41F8-84D1-064A6165C001} - System32\Tasks\{9DC98CD4-DBBA-449E-8D26-0E5BCC391021} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {47BE7D75-CD44-469C-9B7F-42D8F0C74A20} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3391672212-682471421-219627172-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {566FE171-D167-433C-A5AD-6804C7A3C0E0} - System32\Tasks\{EF47D321-AAC6-47A9-B65B-0205070AF1E3} => pcalua.exe -a C:\Users\Newtech\Downloads\20080128135518500_Samsung_PC_Studio_313_HA4.exe -d C:\Users\Newtech\Downloads
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5F3930E3-A5EF-4109-BB96-725CAFCDC37F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003Core => C:\Users\safa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {61A6B771-C15E-479B-BAF6-298F9075BBBE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000UA => C:\Users\Newtech\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {629031C7-A03C-4CCB-A92F-B3B52EDB6000} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3391672212-682471421-219627172-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6EE96E4B-6D5B-40CF-8F81-D31DC6554BE8} - System32\Tasks\{9953D6C3-7AB5-4E62-AB92-0EB594731CFD} => pcalua.exe -a C:\Users\Newtech\AppData\Local\Temp\{66F1F013-008F-4875-B283-5A814B820347}\CleanerUI\cleanapi.exe -d C:\Users\Newtech\AppData\Local\Temp\{66F1F013-008F-4875-B283-5A814B820347}\CleanerUI -c -d -s
Task: {701373C3-B9AC-4366-AB0A-2C02AB3D0793} - System32\Tasks\Component Rest2 => Rundll32.exe "C:\Users\Newtech\AppData\Local\Component Rest\{FD4CC765-1481-CDAD-9777-52C070E0D4C1}\xnulwu.dll",#1 <==== ATTENTION
Task: {784029FB-A467-4020-BFE5-079F28393FA8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003Core => C:\Users\safa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {7A921CDA-8ED7-49C2-AFFD-CC44E308CF8D} - System32\Tasks\{431DAEA2-7A9E-4603-8AC5-8D2F8A9541BC} => pcalua.exe -a "C:\Program Files (x86)\Dim@net\uninst.exe"
Task: {8FC8B59C-8553-4168-94C3-B095656F7C6A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000Core => C:\Users\Newtech\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.)
Task: {903AD3A3-C9BC-4861-A9BC-67FDE4496360} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3391672212-682471421-219627172-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {92CE98C2-6B75-4F89-93BF-2C5A30FE4CF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {9792D8EB-D00E-440C-BAAD-C60DD416BE2A} - System32\Tasks\{18B8A968-5711-4BE1-93F5-6E5FE052BADF} => pcalua.exe -a C:\Windows\system32\AxSWindCx64.cpl -c Alcohol iSCSI Sharing Center
Task: {985E26E3-5554-412F-AC4C-4B8E7016DE9C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3391672212-682471421-219627172-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9A174839-C717-4BB7-9850-006B680E193B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {B42E063B-D0EA-4ADF-B83F-0EE333AF6C71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B727D07D-1810-4AC0-9708-AFC4A167E5D8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3391672212-682471421-219627172-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C63E75E3-8051-4A38-8BA2-A95E0D9C5CBD} - System32\Tasks\{A89EEAC5-077F-44C8-8877-129FB4E2EC83} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe" -c -runfromtemp -l0x0409
Task: {CB40283B-98DE-404E-889F-E89AC7BE6B2D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000UA => C:\Users\Newtech\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.)
Task: {CEE361C0-F229-4EDB-AE1F-2AA664D38DC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003UA => C:\Users\safa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-13] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E232BDA6-44F9-4CAF-A52F-902D8F17D121} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3391672212-682471421-219627172-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E6600BE3-7F9A-4253-BCBC-F0BE9B019B38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {EA8EC854-2432-4325-A1D8-4ED6B53D6559} - System32\Tasks\{DFA008F4-4346-4290-803B-CFB6570FA35C} => pcalua.exe -a "C:\Users\Newtech\Desktop\Mes documents\ORDI DEPOT\Nouveau dossier (2)\programs\Compression\Ouvrir Les Fichier Nfo\Damn NFO Viewer v2.10.0032 RC3.exe" -d "C:\Users\Newtech\Desktop\Mes documents\ORDI DEPOT\Nouveau dossier (2)\programs\Compression\Ouvrir Les Fichier Nfo"
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {F0A7C8B0-8E08-478F-8ED9-45F09B05AD30} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3391672212-682471421-219627172-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F20AA42C-D390-45B6-BACF-5917F28079ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-16] (Adobe Systems Incorporated)
Task: {F32222A1-2F79-4EEC-9639-33C5B220C3BC} - System32\Tasks\Component Rest => Rundll32.exe "C:\Users\Newtech\AppData\Local\Component Rest\{FD4CC765-1481-CDAD-9777-52C070E0D4C1}\ComponentRest.dll",#1 <==== ATTENTION
Task: {FA9F48CC-79A4-4661-B43E-08C10CBE5BBF} - System32\Tasks\Extension Bubble => Rundll32.exe "C:\Users\Newtech\AppData\Local\Extension Bubble\xBin\ExtensionBubble.dll",#3 <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000Core.job => C:\Users\Newtech\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000UA.job => C:\Users\Newtech\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003Core.job => C:\Users\safa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003UA.job => C:\Users\safa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000Core.job => C:\Users\Newtech\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1000UA.job => C:\Users\Newtech\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003Core.job => C:\Users\safa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3391672212-682471421-219627172-1003UA.job => C:\Users\safa\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-05-29 15:58 - 2009-11-04 13:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-01-06 15:38 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-11-24 16:12 - 2015-11-24 16:12 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2010-03-09 11:31 - 2010-03-09 11:31 - 03409256 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-03-03 11:15 - 2010-03-03 11:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 10:26 - 2009-11-03 10:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 11:15 - 2010-03-03 11:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 11:15 - 2010-03-03 11:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-06 09:13 - 2009-06-22 11:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 16:08 - 2009-03-12 16:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 13:38 - 2009-07-25 13:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2014-05-30 09:50 - 2013-01-23 13:43 - 00772712 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2014-05-30 09:50 - 2013-01-23 13:43 - 00150264 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
2010-02-05 14:44 - 2010-02-05 14:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-28 21:20 - 2015-10-13 09:12 - 00045608 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2012-11-26 13:49 - 2012-11-26 13:49 - 00216632 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2014-03-24 11:31 - 2014-03-24 11:31 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-11-24 16:02 - 2015-11-24 16:02 - 00604288 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-24 11:34 - 2014-03-24 11:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-03-24 11:36 - 2014-03-24 11:36 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-11-28 21:35 - 2013-11-28 21:35 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-11-28 21:20 - 2015-06-14 23:02 - 00175144 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Gemini\fsgem.dll
2013-11-28 21:20 - 2016-01-10 21:13 - 00945192 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2014-05-30 09:50 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2014-05-30 09:50 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2014-05-30 09:50 - 2009-05-27 07:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacats.dll
2014-05-30 09:50 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2014-05-30 09:50 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2014-05-30 09:50 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL
2014-05-30 09:50 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
2014-05-30 09:50 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL
2014-05-30 09:50 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL
2014-05-30 09:50 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL
2014-05-30 09:50 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll
2014-05-30 09:50 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
2014-05-30 09:50 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll
2014-05-30 09:50 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
2014-05-30 09:50 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
2013-11-22 16:45 - 2013-11-22 16:45 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-11-28 21:20 - 2015-10-13 09:12 - 00056360 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
2013-11-28 21:20 - 2015-10-13 09:12 - 00093224 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng
2013-11-28 21:20 - 2015-10-13 09:12 - 00154664 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\flyerres.eng
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:FD082FD4
AlternateDataStreams: C:\Users\safa\Downloads\20130113_200655.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\292306_255171161266410_905700452_n.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\293258_257668694253423_7495741_n (1).jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\40134_444673222868_7132227_n.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\740591_10151224037857869_2048082988_o.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\pink dress.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\safa\Downloads\SAF.jpg:Roxio EMC Stream
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3391672212-682471421-219627172-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Newtech\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvaFind => "C:\Program Files (x86)\AvaFind\AvaFind.exe" /minimized
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LogMeIn GUI =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1065F7E9-E301-448D-AA86-9ED3696C5193}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3B8B376-33B7-4DEA-8D2E-493AB1A24E23}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{D2FB6FC9-168F-4270-B242-D85FFE963E12}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{084D87E8-2688-4A36-8C6C-6F06BB50E3BF}] => (Allow) svchost.exe
FirewallRules: [{873AF774-6236-4B1C-A0AB-4F7DDE65641D}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{A868C2F2-2386-458E-9CE8-89BD9FFF26DC}C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{30700B61-BD26-4F0E-A944-CAB8102EE902}C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [TCP Query User{8EE2AEA6-0A96-4320-AFB2-19E410D81DE7}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{A81550E5-F3E0-460A-8A8D-7E5E5A56B727}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{F7AFDD74-DD2A-4046-89CC-270AC12B3391}C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{A08E499E-B2AE-4331-AD22-ADCEB17E4217}C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\safa\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [TCP Query User{11ADA519-7CDE-4DE7-8BA6-8350CD61031F}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{2F9E9B88-AC39-425B-A8BD-DFB832410001}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{F9544155-6B46-4DBB-9BDF-7E8FA44B0DAE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E3E9571A-AD78-4DEA-B7B4-B3E434203995}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{17AEE854-CB74-4D7A-8C93-7238BB465098}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{9589ECFD-8906-46B1-9A3F-90CE5103C91A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{F7671EE2-3F2B-4848-82C9-BB1A8F3BF4C0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{CFEE2B23-1473-4887-958F-0F370A1964D8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{DD456418-8183-44D3-9FAA-04838CF85D65}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{9D716005-CBC0-4BA2-971C-8288139AAC54}] => (Allow) C:\Windows\system32\lxeacoms.exe
FirewallRules: [{EB59143C-3A74-4A78-97F3-6CA61EB99252}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{F94642AC-86CA-49A0-862A-57C435D58E7E}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{BB023CCA-38ED-42AD-A593-A02568FC6412}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{E193D3EA-6FDE-46A6-9E73-D09E1BA783AE}] => (Allow) C:\Windows\system32\LXEAcoms.exe
FirewallRules: [{6B849CB7-480C-493F-AF9C-46F69F0647CB}] => (Allow) C:\Users\Newtech\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{334CD7BE-BE81-4618-AC7C-C506EFB95648}] => (Allow) C:\Users\Newtech\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8DC2CCED-A01F-453B-B37C-6BFBC79A1816}] => (Allow) C:\Users\Newtech\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{BDDFF6CA-5335-4B74-9BAB-FA497692B11E}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [UDP Query User{0D8A1E3D-904F-43F5-9B5A-1E62B20AFA05}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [{98EF07DE-C3C8-492A-B46B-B08A8E3CAB0C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{58487B53-6CC4-4D9D-BF7B-0FDEA874D82F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{0C02C9B1-CB9A-4724-B31B-6A661A237591}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [UDP Query User{ADBC81B3-5E63-4FAC-AAE3-3EF3A89E1732}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{D971F29C-17F2-455E-8D52-70229737896C}] => (Block) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{F955CBE8-5602-4A5B-A875-1524A914A52D}] => (Block) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{735D94D8-725B-45A8-8A97-08CC0291B08F}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
==================== Restore Points =========================
17-01-2016 15:20:53 Removed Skype Toolbars
17-01-2016 15:30:54 Configured TRORMCLauncher
17-01-2016 15:32:50 削除 PMB
17-01-2016 15:33:46 削除 PMB
17-01-2016 15:48:42 Removed Bonjour
17-01-2016 15:53:34 Removed Photo Service - powered by myphotobook
17-01-2016 16:02:41 Configured TRORMCLauncher
17-01-2016 16:26:37 Windows Update
18-01-2016 21:01:02 Configured TOSHIBA eco Utility
==================== Faulty Device Manager Devices =============
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2016 09:12:35 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2016-01-18 21:12:35+02:00 NEWTECH-TOSH Newtech-TOSH\Newtech F-Secure Anti-Virus
Malicious code found in file C:\ProgramData\mscrrn.0xe.
Infection: Trojan:W32/Gamarue.F
Action: failed.
Error: (01/18/2016 09:10:54 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2016-01-18 21:10:54+02:00 NEWTECH-TOSH Newtech-TOSH\Newtech F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: Application.Bundler.DownloadMR
Object: D:\Downloads\Cracklock.exe
Error: (01/18/2016 08:57:42 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (01/18/2016 08:57:42 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Impossible de démarrer le service TMachInfo sur l'ordinateur '.'.
Error: (01/18/2016 08:50:45 PM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2016-01-18 20:50:45+02:00 NEWTECH-TOSH NEWTECH-TOSH\Newtech F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (01/18/2016 08:50:22 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (01/18/2016 08:50:22 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Impossible de démarrer le service TMachInfo sur l'ordinateur '.'.
Error: (01/18/2016 08:45:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme Explorer.EXE version 6.1.7601.17567 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
ID de processus : 12b0
Heure de début : 01d1521da8d52046
Heure de fin : 146
Chemin d’accès de l’application : C:\Windows\Explorer.EXE
ID de rapport : 0db12926-be1c-11e5-b0b7-00266c916a5b
Error: (01/18/2016 07:50:47 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 3 2016-01-18 19:50:47+02:00 NEWTECH-TOSH Newtech-TOSH\Newtech F-Secure Anti-Virus
Malicious code found in file C:\Users\Newtech\Downloads\Non confirmé 886967.crdownload.
Infection: Application:W32/Generic.e177f40e7a!Online
Action: The file was quarantined.
Error: (01/18/2016 07:50:12 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2 2016-01-18 19:50:11+02:00 NEWTECH-TOSH Newtech-TOSH\Newtech F-Secure Anti-Virus
Malicious code found in file C:\Users\Newtech\Downloads\Non confirmé 823801.crdownload.
Infection: Application:W32/Generic.e177f40e7a!Online
Action: The file was quarantined.
System errors:
=============
Error: (01/18/2016 08:54:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service lxeaCATSCustConnectService n’a pas pu démarrer en raison de l’erreur :
%%1053
Error: (01/18/2016 08:54:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service lxeaCATSCustConnectService.
Error: (01/18/2016 08:54:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service LogMeIn Kernel Information Provider n’a pas pu démarrer en raison de l’erreur :
%%3
Error: (01/18/2016 08:52:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service iolo System Service s’est terminé de façon inattendue pour la 1ème fois.
Error: (01/18/2016 08:48:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service lxeaCATSCustConnectService n’a pas pu démarrer en raison de l’erreur :
%%1053
Error: (01/18/2016 08:48:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service lxeaCATSCustConnectService.
Error: (01/18/2016 08:48:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service LogMeIn Kernel Information Provider n’a pas pu démarrer en raison de l’erreur :
%%3
Error: (01/18/2016 08:57:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service lxeaCATSCustConnectService n’a pas pu démarrer en raison de l’erreur :
%%1053
Error: (01/18/2016 08:57:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service lxeaCATSCustConnectService.
Error: (01/18/2016 08:57:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service LogMeIn Kernel Information Provider n’a pas pu démarrer en raison de l’erreur :
%%3
CodeIntegrity:
===================================
Date: 2013-11-28 19:34:51.827
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-28 19:12:54.586
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-28 18:58:39.844
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-27 14:50:04.800
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-27 14:40:24.287
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-27 13:12:00.730
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-27 13:04:40.466
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-26 23:04:09.521
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-26 21:43:51.523
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2013-11-26 14:59:59.094
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\sysfer.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 2998.9 MB
Available physical RAM: 1703.2 MB
Total Virtual: 5996 MB
Available Virtual: 4218.37 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:148.89 GB) (Free:57.34 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.81 GB) (Free:85.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 82751065)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================