Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015 Ran by akrem (administrator) on AKREM-PC on 22-07-2015 14:55:52 Running from C:\Users\akrem\Downloads Loaded Profiles: akrem (Available Profiles: akrem) Platform: Microsoft Windows 7 Édition Intégrale (X86) OS Language: Français (France) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe (Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe (XTab system) C:\Program Files\MiuiTab\ProtectService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe () C:\Program Files\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe () C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe (Aztec Media Inc) C:\Program Files\Assets Manager\smdmf\SmdmFService.exe () C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe (Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe () C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\8\Plugin.exe () C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\6\Plugin.exe () C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\7\Plugin.exe () C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\5\Plugin.exe () C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\3\Plugin.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lid) C:\Program Files\App Lid\acdd9e28-6a78-489c-82f9-85f922b00dcf-1-6.exe (Lid) C:\Program Files\App Lid\acdd9e28-6a78-489c-82f9-85f922b00dcf-6.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Lid) C:\Program Files\App Lid\acdd9e28-6a78-489c-82f9-85f922b00dcf-10.exe (Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Hex-RAYS SA) C:\Users\akrem\AppData\Roaming\kureg\lasix.exe (Hex-RayS SA) C:\Users\akrem\AppData\Roaming\bonomex\gopidul.exe (Hex-RaYS SA) C:\Users\akrem\AppData\Roaming\wajez\qesiwa.exe () C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\7\Plugin.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (ooVoo LLC) C:\Program Files\ooVoo\ooVoo.exe (BitTorrent Inc.) C:\Users\akrem\AppData\Roaming\BitTorrent\BitTorrent.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Hex-RayS SA) C:\Users\akrem\AppData\Roaming\misa\pawoko.exe (Hex-RayS SA) C:\Users\akrem\AppData\Roaming\tej\yisifa.exe () C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\3\Plugin.exe () C:\Users\akrem\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (SearchProtect) C:\Program Files\MiuiTab\CmdShell.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics) C:\Program Files\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\MovieColorEnhancer.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (The Eraser Project ) C:\Users\akrem\AppData\Local\Unmedia\tmpC0D9.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (XTab system) C:\Program Files\MiuiTab\HPNotify.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-06-13] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [874144 2012-02-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [695456 2012-02-13] (Atheros Commnucations) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2194256 2012-06-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [bino] => C:\Users\akrem\AppData\Roaming\tej\yisifa.exe [300544 2015-03-30] (Hex-RayS SA) HKLM\...\Run: [dec] => C:\Users\akrem\AppData\Roaming\kureg\lasix.exe [301056 2015-04-10] (Hex-RAYS SA) HKLM\...\Run: [pey] => C:\Users\akrem\AppData\Roaming\bonomex\gopidul.exe [299008 2015-04-01] (Hex-RayS SA) HKLM\...\Run: [siwa] => C:\Users\akrem\AppData\Roaming\wajez\qesiwa.exe [303616 2015-04-06] (Hex-RaYS SA) HKLM\...\Run: [puxo] => C:\Users\akrem\AppData\Roaming\misa\pawoko.exe [304128 2015-03-28] (Hex-RayS SA) HKLM\...\Run: [NetworkVerifyer] => C:\Windows\TEMP\temp561917692.exe [1066960 2015-07-10] () <===== ATTENTION HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31283328 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [ooVoo.exe] => C:\Program Files\ooVoo\oovoo.exe [36202560 2014-09-01] (ooVoo LLC) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [BitTorrent] => C:\Users\akrem\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-05-21] (BitTorrent Inc.) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Unmedia] => C:\Users\akrem\AppData\Local\Unmedia\tmpC0D9.exe [260376 2015-02-11] (The Eraser Project ) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Odqics] => regsvr32.exe C:\Users\akrem\AppData\Local\Odqics\loader_u.dll <===== ATTENTION HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Ocics] => C:\Windows\System32\regsvr32.exe C:\Users\akrem\AppData\Local\Unmedia\loader_u.dll HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [puxo] => C:\Users\akrem\AppData\Roaming\misa\pawoko.exe [304128 2015-03-28] (Hex-RayS SA) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [bino] => C:\Users\akrem\AppData\Roaming\tej\yisifa.exe [300544 2015-03-30] (Hex-RayS SA) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [pey] => C:\Users\akrem\AppData\Roaming\bonomex\gopidul.exe [299008 2015-04-01] (Hex-RayS SA) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [siwa] => C:\Users\akrem\AppData\Roaming\wajez\qesiwa.exe [303616 2015-04-06] (Hex-RaYS SA) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [dec] => C:\Users\akrem\AppData\Roaming\kureg\lasix.exe [301056 2015-04-10] (Hex-RAYS SA) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [GoogleChromeAutoLaunch_6D5B6ADD8C7DBADA758F0FF7F44F69C4] => C:\Users\akrem\AppData\Local\Chromium\Application\chrome.exe [656384 2015-05-18] (The Chromium Authors) HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [AppsHat] => C:\Users\akrem\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] () HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\RunOnce: [Software Removal Tool] => "C:\Users\akrem\AppData\Local\Temp\BCE.exe" --chrome-prompt --post-reboot <===== ATTENTION HKU\S-1-5-18\...\Run: [b13b88da-c3c4-00a0-9f6a-140db6409885] => C:\Users\akrem\AppData\Local\Microsoft\ee696559-8c61-0111-9027-54bf2daeb58f\1b38b176-523c-4d3e-a650-316e6b799a24.exe [194560 2013-02-27] () AppInit_DLLs: C:\Users\akrem\AppData\Local\Linkey\IEEXTE~1\ietlb.dll => C:\Users\akrem\AppData\Local\Linkey\IEExtension\ietlb.dll [129040 2014-10-22] () Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ENGLISH FOR LOW LEVELS_LESSON 01.avi - YouTube.webm.lnk [2015-01-31] ShortcutTarget: ENGLISH FOR LOW LEVELS_LESSON 01.avi - YouTube.webm.lnk -> C:\ProgramData\{d20c2f49-f1ae-6bd7-d20c-c2f49f1abd27}\ENGLISH FOR LOW LEVELS_LESSON 01.avi - YouTube.webm.exe () Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-06-01] () Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-06-01] () Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-06-14] () Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT.cdhnsvk [2015-06-01] () InternetURL: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.paygateawayoros.com/1Rjs8oU Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-24] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll [2015-02-11] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-810618705-3542997047-1480512222-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-xl/?ocid=iehp SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_338a9f29-8257-4587-bb9b-77a59d069939&q={searchTerms} SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = http://q.search-simple.com/?affID=bl_338a9f29-8257-4587-bb9b-77a59d069939&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=114&itype=a&ver=15511&tm=530&src=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> OldSearch URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\akrem\AppData\Local\Linkey\IEExtension\iedll.dll [2014-10-22] (Aztec Media Inc) BHO: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> No File BHO: uniosAlleis -> {7849bfa9-a5b9-4834-b735-1c28995a28c4} -> C:\Program Files\uniosAlleis\Lt37e3WGEvA16N.dll [2015-01-31] () BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2012-02-13] (Atheros Commnucations) BHO: youtubeadblocker -> {ae63257a-410e-4c0c-8cec-aab34c414cc4} -> C:\Program Files\youtubeadblocker\FKrTmdLGqjAEfg.dll [2015-01-31] () BHO: Internet Program -> {ff0021ad-2cc3-4e0d-8e3c-b4153a64a495} -> C:\Program Files\Internet Program\Extensions\ff0021ad-2cc3-4e0d-8e3c-b4153a64a495.dll [2015-01-30] () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6625148B-2F27-4BC6-B5F2-B392054B613E}: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357 FF SelectedSearchEngine: Yahoo Search! FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357 FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_788_bl-is-26__alt__ddc_dss_bd_com&p={searchTerms} FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] () FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-16] (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-16] (globalUpdate) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF user.js: detected! => C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\user.js [2015-07-22] FF SearchPlugin: C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\searchplugins\default-search.xml [2015-02-18] FF SearchPlugin: C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\searchplugins\search-provided-by-yahoo.xml [2015-05-22] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2015-02-18] FF Extension: App Lid - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com [2015-07-16] FF Extension: Linkey for Firefox - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\extension@linkeyproject.com [2014-11-13] FF Extension: QuickSearch - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\searchffv2@gmail.com [2015-07-16] FF Extension: Search Enginer - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\sweetsearch@gmail.com [2015-07-16] FF Extension: youtubeadblocker - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\yBOvIhCx@T.com [2015-01-31] FF Extension: uuniissAles - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\ZFa@Mbn.edu [2015-01-31] FF Extension: Xpert-Web - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\{58e3c1c9-2dc1-4762-bd45-1df9da9d0820} [2014-11-17] FF Extension: InkWordList Class - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\{9DD4C48C-56C0-9803-064A-D41A48BF5714} [2015-02-11] FF Extension: ooVoo Search App powered by Ask - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\toolbar_OVO2-SP@apn.ask.com.xpi [2014-12-13] FF Extension: Internet Program - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\{4336b0e4-2dcf-4c63-95e2-54bc01ce798c}.xpi [2015-01-31] FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\extensions\searchffv2@gmail.com FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\extensions\sweetsearch@gmail.com FF HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24] CHR Extension: (App Lid) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemgobnhmjkokaanfjcikbeddfpfbcce [2015-07-16] CHR Extension: (Google Docs) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-14] CHR Extension: (Google Drive) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-14] CHR Extension: (YouTube) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-14] CHR Extension: (Google Search) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24] CHR Extension: (Google Sheets) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-14] CHR Extension: (Google Wallet) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-14] CHR Extension: (Gmail) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-14] CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-810618705-3542997047-1480512222-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357 Opera: ======= OPR Extension: (App Lid) - C:\Users\akrem\AppData\Roaming\Opera Software\Opera Stable\Extensions\aemgobnhmjkokaanfjcikbeddfpfbcce [2015-07-16] OPR Extension: (Internet Program) - C:\Users\akrem\AppData\Roaming\Opera Software\Opera Stable\Extensions\lceiomaldlbdpggkknflmpmafmhpodac [2015-05-07] StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.istartsurf.com/?type=sc&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357 ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 95b0aa1e-a934-4569-b056-67b0849ff460; C:\Users\akrem\AppData\Local\Microsoft\ee696559-8c61-0111-9027-54bf2daeb58f\1b38b176-523c-4d3e-a650-316e6b799a24.exe [194560 2013-02-27] () [File not signed] S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-23] () [File not signed] R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [85664 2012-02-13] (Atheros Commnucations) [File not signed] S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-06-13] (Intel Corporation) S2 d770ef06-7e04-473e-9384-af2c8ad9b429; C:\Users\akrem\AppData\Local\Microsoft\ee696559-8c61-0111-9027-54bf2daeb58f\1b38b176-523c-4d3e-a650-316e6b799a24.exe [194560 2013-02-27] () [File not signed] R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2139328 2014-05-27] (Comodo Security Solutions, Inc.) S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-16] (globalUpdate) [File not signed] <==== ATTENTION S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-16] (globalUpdate) [File not signed] <==== ATTENTION R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-06-13] () R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-06-13] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6086640 2015-05-19] (Reimage®) R2 SamsungDeviceConfigurationWinService; C:\Program Files\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed] R2 Service Mgr InternetProgram; C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe [660760 2015-07-16] () R2 SmdmFService; C:\Program Files\Assets Manager\smdmf\SmdmFService.exe [3570704 2015-01-28] (Aztec Media Inc) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771968 2015-07-22] (Enigma Software Group USA, LLC.) R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-08-03] (Microsoft Corporation) [File not signed] R2 Update Mgr InternetProgram; C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe [573208 2015-07-21] () S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed] S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed] S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-13] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35488 2012-02-13] (Atheros) R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [298144 2012-02-13] (Atheros) R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [97952 2012-02-13] (Atheros) R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25248 2012-02-13] (Atheros) R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [147616 2012-02-13] (Atheros) R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60064 2012-02-13] (Atheros) R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [263968 2012-02-13] (Atheros) R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [468640 2012-02-13] (Atheros) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-07-22] () R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [211280 2012-03-14] (ELAN Microelectronics Corp.) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Assets Manager\smdmf\smdmfmgrc3.cfg [38288 2015-01-28] (Aztec Media Inc) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation) S3 cpuz134; \??\C:\Users\akrem\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-22 14:16 - 2014-09-16 16:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.decryptedKLR.Wdf 2015-07-22 14:16 - 2014-09-16 16:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.decryptedKLR.Wdf 2015-07-22 14:16 - 2014-05-31 21:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SABI_01009.decryptedKLR.Wdf 2015-07-22 14:16 - 2014-05-31 21:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btath_hcrp_01009.decryptedKLR.Wdf 2015-07-22 14:16 - 2014-05-31 21:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.decryptedKLR.Wdf 2015-07-22 14:16 - 2012-02-13 10:27 - 00020963 _____ C:\Windows\system32\Drivers\RampsFile_index_table.decryptedKLR.xlsx 2015-07-22 14:16 - 2009-07-14 06:39 - 00000000 _____ C:\Windows\setuperr.decryptedKLR.log 2015-07-22 14:13 - 2015-06-29 16:46 - 00407911 _____ C:\Users\akrem\Downloads\Action-Man.decryptedKLR.zip 2015-07-22 14:13 - 2015-06-14 18:12 - 04037564 _____ C:\Users\akrem\Downloads\Soft_starbox300HD_Cup_wolrd@avatar.decryptedKLR.rar 2015-07-22 14:13 - 2015-06-05 15:26 - 00203203 _____ C:\Users\akrem\Downloads\webfontkit-20150604-102429.decryptedKLR.zip 2015-07-22 14:07 - 2015-07-22 14:07 - 00001200 _____ C:\Users\akrem\Desktop\SpyHunter.lnk 2015-07-22 14:07 - 2015-07-22 14:07 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Enigma Software Group 2015-07-22 14:06 - 2015-07-22 14:07 - 00000000 ____D C:\sh4ldr 2015-07-22 14:03 - 2015-07-22 14:03 - 00786080 _____ (Kaspersky Lab ZAO) C:\Users\akrem\Downloads\rectordecryptor.exe 2015-07-22 13:59 - 2015-07-22 13:59 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2015-07-22 13:57 - 2015-07-22 13:57 - 00000000 ____D C:\Program Files\Enigma Software Group 2015-07-22 13:55 - 2015-07-22 13:56 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\akrem\Downloads\SpyHunter-Installer (1).exe 2015-07-22 13:52 - 2015-07-22 13:52 - 00000000 ___RD C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-07-21 22:23 - 2015-07-21 22:27 - 00000240 _____ C:\Users\akrem\Downloads\Search.txt 2015-07-21 22:21 - 2015-07-21 22:21 - 00074969 _____ C:\Users\akrem\Downloads\Shortcut.txt 2015-07-21 22:19 - 2015-07-21 22:21 - 00038552 _____ C:\Users\akrem\Downloads\Addition.txt 2015-07-21 22:18 - 2015-07-22 14:56 - 00027503 _____ C:\Users\akrem\Downloads\FRST.txt 2015-07-21 22:17 - 2015-07-22 14:55 - 00000000 ____D C:\FRST 2015-07-21 22:17 - 2015-07-21 22:17 - 01638912 _____ (Farbar) C:\Users\akrem\Downloads\FRST.exe 2015-07-21 22:05 - 2015-07-21 22:05 - 03502080 _____ C:\Users\akrem\Documents\ffdshow.ax 2015-07-21 22:05 - 2015-07-21 22:05 - 00001154 _____ C:\Users\akrem\Documents\Wave.hlsl 2015-07-21 22:05 - 2015-07-21 22:05 - 00000923 _____ C:\Users\akrem\Documents\Grayscale.hlsl 2015-07-21 21:51 - 2015-07-21 21:51 - 09485552 _____ (MPC-HC Team) C:\Users\akrem\Documents\mpc-hc.exe 2015-07-21 21:51 - 2015-07-21 21:51 - 01998168 _____ C:\Users\akrem\Documents\d3dx9_43.dll 2015-07-21 21:51 - 2015-07-21 21:51 - 00171760 _____ C:\Users\akrem\Documents\mpcresources.es.dll 2015-07-21 21:51 - 2015-07-21 21:51 - 00169712 _____ (MPC-HC Team) C:\Users\akrem\Documents\mpcresources.ca.dll 2015-07-21 21:51 - 2015-07-21 21:51 - 00160496 _____ C:\Users\akrem\Documents\mpcresources.hr.dll 2015-07-21 21:51 - 2015-07-21 21:51 - 00137728 _____ C:\Users\akrem\Documents\mkv2vfr.exe 2015-07-21 21:51 - 2015-07-21 21:51 - 00097792 _____ C:\Users\akrem\Documents\ac3config.exe 2015-07-21 21:51 - 2015-07-21 21:51 - 00025664 _____ C:\Users\akrem\Documents\basswv.dll 2015-07-21 21:50 - 2015-07-21 22:05 - 00556032 _____ C:\Users\akrem\Documents\splitter.ax 2015-07-21 21:50 - 2015-07-21 22:05 - 00233984 _____ (http://www.dsp-worx.de) C:\Users\akrem\Documents\DCBassSourceMod.ax 2015-07-21 21:49 - 2015-07-21 22:05 - 01406976 _____ C:\Users\akrem\Documents\ac3filter.ax 2015-07-21 21:49 - 2015-07-21 22:05 - 00980040 _____ C:\Users\akrem\Documents\LAVVideo.ax 2015-07-21 21:49 - 2015-07-21 22:05 - 00490496 _____ (www.madshi.net) C:\Users\akrem\Documents\madFlac.ax 2015-07-21 21:49 - 2015-07-21 22:05 - 00291408 _____ (Packed With Joy !) C:\Users\akrem\Documents\DivXa32.acm 2015-07-21 21:49 - 2015-07-21 22:05 - 00001758 _____ C:\Users\akrem\Documents\LAV Video Configuration.lnk 2015-07-21 21:49 - 2015-07-21 22:05 - 00000974 _____ C:\Users\akrem\Documents\16-235 to 0-255 [SD][HD].hlsl 2015-07-21 21:49 - 2015-07-21 21:49 - 00018431 _____ C:\Users\akrem\Documents\COPYING 2015-07-21 21:49 - 2015-07-21 21:49 - 00008230 _____ C:\Users\akrem\Documents\noConnect[1] 2015-07-21 21:49 - 2015-07-21 21:49 - 00005326 _____ C:\Users\akrem\Documents\c_pioneeringad_com[6] 2015-07-21 21:49 - 2015-07-21 21:49 - 00004096 _____ C:\Users\akrem\Documents\c_pioneeringad_com[8] 2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCAIZORIV.aspx 2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCAHDVZAH.aspx 2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCAC30M0I.aspx 2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCA1V8WLV.aspx 2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAd[10].aspx 2015-07-21 21:49 - 2015-07-21 21:49 - 00001082 _____ C:\Users\akrem\Documents\BG31RTCAC37SLXCABID4G6CA8BVH1VCAOVP8UECAW0SEOPCA4ONILWCAVI82LBCANXX9IWCA8J5NL8CA2H74G4CAE52R73CAGQ73HACA3RHDA4CAHKSS34CASQMVX3CAPV5SPLCAIYGHS9CATAPB7TCAEDB3O7 2015-07-21 21:49 - 2015-07-21 21:49 - 00001077 _____ C:\Users\akrem\Documents\GetAdCASBA5Q4.aspx 2015-07-21 21:49 - 2015-07-21 21:49 - 00001077 _____ C:\Users\akrem\Documents\GetAdCA5S1ZVF.aspx 2015-07-21 21:49 - 2015-07-21 21:49 - 00000509 _____ C:\Users\akrem\Documents\q[2] 2015-07-21 21:47 - 2015-07-21 21:47 - 00004096 _____ C:\Users\akrem\Documents\47e02a[1].eot 2015-07-21 21:41 - 2015-07-21 21:41 - 02572304 _____ (File Recovery Ltd. ) C:\Users\akrem\Downloads\undelete-360-setup (1).exe 2015-07-21 21:30 - 2015-07-21 21:30 - 00000000 ____D C:\Users\akrem\AppData\Roaming\MPC-HC 2015-07-21 21:29 - 2015-07-21 21:29 - 00001091 _____ C:\Users\Public\Desktop\Media Player Classic.lnk 2015-07-21 21:29 - 2015-07-21 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-07-21 21:29 - 2015-07-21 21:29 - 00000000 ____D C:\Program Files\K-Lite Codec Pack 2015-07-21 21:22 - 2015-07-21 21:22 - 00000047 _____ C:\Windows\wininit.ini 2015-07-21 21:07 - 2015-07-21 21:08 - 36783747 _____ ( ) C:\Users\akrem\Downloads\K-Lite_Codec_Pack_1128_Full.exe 2015-07-16 17:45 - 2015-07-16 17:47 - 08858704 _____ (1f0.de ) C:\Users\akrem\Downloads\LAVFilters-0.65-Installer.exe 2015-07-16 17:45 - 2015-07-16 17:45 - 00604800 _____ (1f0.de ) C:\Users\akrem\Downloads\Non confirmé 592996.crdownload 2015-07-16 17:43 - 2015-07-16 17:44 - 03220736 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\akrem\Downloads\UsbFix_2015_7.996.exe 2015-07-16 17:36 - 2015-07-22 13:52 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-07-16 17:16 - 2015-07-16 17:20 - 41006544 _____ (Media Player - Codec Pack) C:\Users\akrem\Downloads\media.player.codec.pack.v4.3.8.setup.exe 2015-07-16 17:10 - 2015-07-21 21:42 - 00001132 _____ C:\Users\akrem\Desktop\Undelete 360.lnk 2015-07-16 17:10 - 2015-07-21 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undelete360 2015-07-16 17:10 - 2015-07-16 17:10 - 00000000 ____D C:\Program Files\File Recovery 2015-07-16 17:08 - 2015-07-16 17:08 - 02572304 _____ (File Recovery Ltd. ) C:\Users\akrem\Downloads\undelete-360-setup.exe 2015-07-16 17:05 - 2015-07-16 17:05 - 01073608 _____ (File Repair ) C:\Users\akrem\Downloads\file-repair-setup_2.1.2.exe 2015-07-16 17:05 - 2015-07-16 17:05 - 00001113 _____ C:\Users\akrem\Desktop\File Repair.lnk 2015-07-16 17:05 - 2015-07-16 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair 2015-07-16 17:05 - 2015-07-16 17:05 - 00000000 ____D C:\Program Files\Repair File 2015-07-16 16:56 - 2014-03-18 06:06 - 01392640 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe 2015-07-16 16:50 - 2015-07-16 16:50 - 00002068 _____ C:\Users\akrem\Desktop\AppsHat.lnk 2015-07-16 16:50 - 2015-07-16 16:50 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat 2015-07-16 16:50 - 2015-07-16 16:50 - 00000000 ____D C:\Users\akrem\AppData\Local\WebPlayer 2015-07-16 16:49 - 2015-07-22 14:49 - 00005478 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-6.job 2015-07-16 16:49 - 2015-07-22 14:49 - 00002754 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-1-6.job 2015-07-16 16:49 - 2015-07-22 13:52 - 00005142 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-7.job 2015-07-16 16:49 - 2015-07-22 13:52 - 00004800 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-11.job 2015-07-16 16:49 - 2015-07-22 13:52 - 00004798 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-4.job 2015-07-16 16:49 - 2015-07-22 13:52 - 00004118 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-3.job 2015-07-16 16:49 - 2015-07-22 13:52 - 00003098 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-1-7.job 2015-07-16 16:49 - 2015-07-22 13:52 - 00002406 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-5_user.job 2015-07-16 16:49 - 2015-07-22 13:52 - 00002406 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-5.job 2015-07-16 16:49 - 2015-07-22 13:52 - 00000874 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-07-16 16:49 - 2015-07-21 22:54 - 00000878 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-07-16 16:49 - 2015-07-16 16:49 - 00000000 ____D C:\Users\akrem\AppData\Local\globalUpdate 2015-07-16 16:49 - 2015-07-16 16:49 - 00000000 ____D C:\Program Files\globalUpdate 2015-07-16 16:49 - 2015-07-16 16:49 - 00000000 ____D C:\Program Files\2bc04ec8-9495-4dee-b94b-0321b2c86733 2015-07-16 16:48 - 2015-07-22 14:48 - 00002072 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-10_user.job 2015-07-16 16:48 - 2015-07-17 04:17 - 00000000 ____D C:\Program Files\App Lid 2015-07-16 16:48 - 2015-07-16 16:48 - 00000000 ____D C:\ProgramData\IHProtectUpDate 2015-07-16 16:48 - 2015-07-16 16:48 - 00000000 ____D C:\Program Files\MiuiTab 2015-07-16 16:47 - 2015-07-16 16:47 - 00000000 ____D C:\ProgramData\WindowsMangerProtect 2015-07-16 16:46 - 2015-07-16 16:46 - 00000000 ____D C:\Users\akrem\AppData\Roaming\istartsurf 2015-07-16 16:46 - 2015-07-16 16:46 - 00000000 ____D C:\Program Files\Shark007 2015-07-16 16:45 - 2015-07-21 21:26 - 00000000 ____D C:\ProgramData\Advanced 2015-07-16 16:33 - 2015-07-16 16:45 - 52332336 _____ C:\Users\akrem\Downloads\ADVANCED_Codecs_v529.exe 2015-07-10 16:35 - 2015-07-10 16:35 - 00149792 _____ C:\Windows\Minidump\071015-16317-01.dmp 2015-07-03 19:44 - 2015-07-03 19:44 - 00149792 _____ C:\Windows\Minidump\070315-16582-01.dmp 2015-06-29 17:14 - 2015-07-02 14:14 - 00000103 _____ C:\Users\akrem\AppData\Roaming\WB.CFG 2015-06-29 16:46 - 2015-06-29 16:46 - 00407911 _____ C:\Users\akrem\Downloads\Action-Man.zip 2015-06-29 16:46 - 2015-06-29 16:46 - 00090784 _____ C:\Users\akrem\Downloads\Action_Man_Shaded_Italic.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00090596 _____ C:\Users\akrem\Downloads\Action_Man_Shaded.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00052544 _____ C:\Users\akrem\Downloads\Action_Man_Extended_Italic.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00052472 _____ C:\Users\akrem\Downloads\Action_Man_Extended.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00051948 _____ C:\Users\akrem\Downloads\Action_Man_Extended_Bold_Italic.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00051744 _____ C:\Users\akrem\Downloads\Action_Man_Extended_Bold.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00049424 _____ C:\Users\akrem\Downloads\Action_Man_Italic.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00049408 _____ C:\Users\akrem\Downloads\Action_Man.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00049008 _____ C:\Users\akrem\Downloads\Action_Man_Bold_Italic.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00048976 _____ C:\Users\akrem\Downloads\Action_Man_Bold.ttf 2015-06-29 16:46 - 2015-06-29 16:46 - 00001031 _____ C:\Users\akrem\Downloads\Iconian Fonts License.txt 2015-06-29 16:45 - 2015-07-02 16:51 - 00012018 _____ C:\Windows\system32\ScanResults.xml 2015-06-29 16:35 - 2015-07-02 16:45 - 00000464 _____ C:\Windows\system32\ScannerSettings 2015-06-28 16:59 - 2015-06-28 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyPHP DevServer 14.1 VC11 2015-06-28 16:59 - 2015-06-28 16:59 - 00000000 ____D C:\Program Files\EasyPHP-DevServer-14.1VC11 2015-06-28 16:32 - 2015-06-28 16:54 - 35082749 _____ (EasyPHP Team ) C:\Users\akrem\Downloads\EasyPHP-DevServer-14.1VC11-install.exe 2015-06-27 15:33 - 2015-06-27 15:33 - 00149792 _____ C:\Windows\Minidump\062715-13993-01.dmp 2015-06-27 02:36 - 2015-06-27 02:43 - 00000000 ____D C:\rei 2015-06-27 02:36 - 2015-06-27 02:38 - 00000000 ____D C:\ProgramData\Reimage Protector 2015-06-27 02:36 - 2015-06-27 02:38 - 00000000 ____D C:\Program Files\Reimage 2015-06-27 02:36 - 2015-06-27 02:36 - 00002054 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk 2015-06-27 02:36 - 2015-06-27 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2015-06-27 02:34 - 2015-06-27 02:38 - 00000156 _____ C:\Windows\Reimage.ini 2015-06-27 02:34 - 2015-06-27 02:34 - 00772016 _____ (Reimage®) C:\Users\akrem\Downloads\ReimageRepair.exe 2015-06-25 14:50 - 2015-06-25 14:56 - 00000281 _____ C:\Users\akrem\Desktop\session.php 2015-06-25 14:47 - 2015-06-25 14:48 - 00000000 ____D C:\Program Files\EasyPHP-DevServer-13.1VC9 2015-06-25 14:47 - 2015-06-25 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyPHP DevServer 13.1 VC9 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-22 14:54 - 2015-01-18 17:54 - 00000000 ____D C:\Users\akrem\AppData\Roaming\vlc 2015-07-22 14:53 - 2015-01-10 17:37 - 00000000 ____D C:\Users\akrem\AppData\Roaming\BitTorrent 2015-07-22 14:45 - 2015-02-18 19:08 - 00000000 ____D C:\ProgramData\smdmf 2015-07-22 14:36 - 2014-05-31 21:11 - 00000000 ____D C:\Users\akrem 2015-07-22 14:22 - 2015-06-14 17:31 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-22 14:17 - 2014-11-13 16:43 - 00000000 ____D C:\Users\akrem\AppData\Local\CrashDumps 2015-07-22 14:15 - 2014-05-31 23:05 - 00000000 ____D C:\Windows\Panther 2015-07-22 14:14 - 2015-05-22 12:18 - 00000000 ____D C:\wamp 2015-07-22 14:14 - 2015-05-22 12:14 - 00000328 _____ C:\Windows\Tasks\Chromium.job 2015-07-22 14:12 - 2015-06-05 13:43 - 00000000 ____D C:\Users\akrem\Desktop\site clubafricain 2015-07-22 14:12 - 2015-06-04 15:09 - 00000000 ____D C:\Users\akrem\Desktop\site 2015-07-22 14:12 - 2015-06-01 16:28 - 00000000 ____D C:\Users\akrem\Desktop\essais 2015-07-22 14:12 - 2014-12-30 23:45 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Skype 2015-07-22 14:08 - 2014-05-31 21:13 - 00000000 ____D C:\Program Files\WinRAR 2015-07-22 14:06 - 2014-05-31 21:33 - 00000000 ____D C:\Program Files\Elantech 2015-07-22 14:04 - 2014-05-31 21:29 - 00000000 ____D C:\Program Files\Bluetooth Suite 2015-07-22 14:04 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\Services 2015-07-22 13:53 - 2014-11-19 17:42 - 00000000 ____D C:\Users\akrem\AppData\Local\Google 2015-07-22 13:52 - 2015-06-14 17:31 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-22 13:52 - 2014-05-31 21:22 - 00000818 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2015-07-22 13:52 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-22 13:52 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-22 13:50 - 2015-01-31 23:04 - 00000000 ____D C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9 2015-07-22 13:46 - 2015-01-31 23:05 - 00000000 ____D C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9 2015-07-22 13:45 - 2015-02-02 16:39 - 00000650 __RSH C:\ProgramData\ntuser.pol 2015-07-22 13:45 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-22 13:45 - 2009-07-14 06:39 - 00044164 _____ C:\Windows\setupact.log 2015-07-21 21:34 - 2015-01-16 15:10 - 00000000 ____D C:\Users\akrem\Downloads\films 2015-07-21 21:23 - 2014-10-17 15:27 - 00013930 _____ C:\Windows\PFRO.log 2015-07-21 19:36 - 2015-06-05 13:36 - 00000354 _____ C:\Windows\Tasks\AelousIntern.job 2015-07-21 19:28 - 2009-07-14 06:53 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-20 17:23 - 2014-05-31 21:19 - 01524562 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-16 17:44 - 2015-06-14 17:04 - 00000000 ____D C:\UsbFix 2015-07-16 17:41 - 2015-01-31 23:04 - 00000000 ____D C:\Program Files\Opera 2015-07-16 17:33 - 2015-01-10 17:38 - 00000000 ____D C:\Users\akrem\AppData\Roaming\OpenCandy 2015-07-16 17:14 - 2009-07-14 11:00 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-07-16 16:54 - 2015-01-18 17:53 - 00000984 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-07-16 16:46 - 2015-06-14 17:31 - 00002375 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-16 16:46 - 2015-01-31 23:14 - 00001369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-07-16 16:46 - 2015-01-31 23:14 - 00001357 _____ C:\Users\Public\Desktop\Opera.lnk 2015-07-16 16:46 - 2014-06-01 20:34 - 00001405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-16 16:46 - 2014-06-01 20:34 - 00001393 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-07-16 16:46 - 2014-05-31 21:12 - 00001717 _____ C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-10 16:35 - 2015-04-13 17:00 - 00000000 ____D C:\Windows\Minidump 2015-07-10 16:34 - 2015-04-13 17:00 - 359200285 _____ C:\Windows\MEMORY.DMP 2015-07-10 15:05 - 2014-05-31 21:22 - 00000820 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2015-07-08 17:21 - 2015-06-14 17:46 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Solvusoft ==================== Files in the root of some directories ======= 2015-02-22 19:38 - 2015-02-20 23:28 - 0765952 _____ () C:\Users\akrem\AppData\Roaming\C17uO.exe 2015-06-01 16:52 - 2015-06-01 16:52 - 0008690 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.HTML 2015-06-01 16:52 - 2015-06-01 16:52 - 0045479 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.PNG 2015-06-01 16:52 - 2015-06-01 16:52 - 0001408 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.TXT.cdhnsvk 2015-06-01 16:52 - 2015-06-01 16:52 - 0000304 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.URL 2015-02-18 18:07 - 2015-02-11 23:57 - 0805888 _____ (Ghisler Software GmbH) C:\Users\akrem\AppData\Roaming\UOC55.exe 2015-02-16 22:13 - 2015-02-16 22:13 - 0802816 _____ (Alexander Roshal) C:\Users\akrem\AppData\Roaming\W5uOC.exe 2015-06-29 17:14 - 2015-07-02 14:14 - 0000103 _____ () C:\Users\akrem\AppData\Roaming\WB.CFG 2015-02-13 23:59 - 2015-02-13 23:59 - 0731648 _____ (Microsoft Corporation) C:\Users\akrem\AppData\Roaming\YWSKU.exe 2015-06-01 16:52 - 2015-06-01 16:52 - 0008690 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.HTML 2015-06-01 16:52 - 2015-06-01 16:52 - 0045479 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.PNG 2015-06-01 16:52 - 2015-06-01 16:52 - 0001408 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.TXT.cdhnsvk 2015-06-01 16:52 - 2015-06-01 16:52 - 0000304 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.URL 2015-06-01 16:51 - 2015-06-01 16:51 - 0008690 _____ () C:\ProgramData\HELP_DECRYPT.HTML 2015-06-01 16:51 - 2015-06-01 16:51 - 0045479 _____ () C:\ProgramData\HELP_DECRYPT.PNG 2015-06-01 16:51 - 2015-06-01 16:51 - 0001408 _____ () C:\ProgramData\HELP_DECRYPT.TXT.cdhnsvk 2015-06-01 16:51 - 2015-06-01 16:51 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL 2015-06-02 18:35 - 2015-06-02 18:37 - 0358595 _____ () C:\ProgramData\hslbkub.html Files to move or delete: ==================== C:\Windows\TEMP\temp561917692.exe Some files in TEMP: ==================== C:\Users\akrem\AppData\Local\Temp\appshat_generic.exe C:\Users\akrem\AppData\Local\Temp\bitool.dll C:\Users\akrem\AppData\Local\Temp\ReimagePackage.exe C:\Users\akrem\AppData\Local\Temp\ReiSysUpdate.exe C:\Users\akrem\AppData\Local\Temp\smt_istartsurf.exe C:\Users\akrem\AppData\Local\Temp\vlc-2.2.1-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 00:22 ==================== End of log ============================