Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014 Ran by Selma (administrator) on SELMA-VAIO on 16-11-2014 10:58:33 Running from C:\Users\Selma\Downloads Loaded Profile: Selma (Available profiles: Selma & Invité) Platform: Windows 7 Home Premium (X64) OS Language: Français (France) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Google Inc.) C:\Users\Selma\AppData\Local\Google\Update\GoogleUpdate.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Google Inc.) C:\Users\Selma\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Selma\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Selma\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Selma\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Selma\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Selma\AppData\Local\Google\Chrome\Application\chrome.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe (Google Inc.) C:\Users\Selma\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2010-08-17] (Avira GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-240529973-2975974449-2026987148-1001\...\Run: [Google Update] => C:\Users\Selma\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.) HKU\S-1-5-21-240529973-2975974449-2026987148-1001\...\MountPoints2: E - E:\LaunchU3.exe -a HKU\S-1-5-21-240529973-2975974449-2026987148-1001\...\MountPoints2: {59cda1bf-502b-11e2-8e1f-c0cb38f1ebe6} - E:\LaunchU3.exe -a GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {3F1E8DD1-FEBB-4486-A144-E51CBF4FECE9} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices SearchScopes: HKCU - {3F1E8DD1-FEBB-4486-A144-E51CBF4FECE9} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices SearchScopes: HKCU - {690828D2-C66E-4466-A136-E142C918E2A5} URL = http://fr.shopping.com/?linkin_id=8056351 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Selma\AppData\Roaming\Mozilla\Firefox\Profiles\felro8r7.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-240529973-2975974449-2026987148-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Selma\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-240529973-2975974449-2026987148-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Selma\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\Selma\AppData\Roaming\Mozilla\Firefox\Profiles\felro8r7.default\searchplugins\yahoo_ff.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml FF Extension: Avira Browser Safety - C:\Users\Selma\AppData\Roaming\Mozilla\Firefox\Profiles\felro8r7.default\Extensions\abs@avira.com [2014-11-11] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-11] Chrome: ======= CHR HomePage: Default -> https://fr.search.yahoo.com/?type=994519&fr=yo-yhp-ch CHR StartupUrls: Default -> "https://fr.search.yahoo.com/?type=994519&fr=yo-yhp-ch", "hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EFR&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EFR&apn_dbr=cr_35.0.1916.153&apn_uid=5BA77C50-3270-4333-AAB4-534BEBCBE66F&itbv=12.12.2.83&doi=2014-06-29&psv=&pt=tb", "hxxp://start.mysearchdial.com/?f=1&a=tele_14_25_ch&cd=2XzuyEtN2Y1L1QzuyDyEyEtByEzy0EzyyD0CyDzz0EyB0ByCtN0D0Tzu0SzzzyzztN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtCtAtCtDtAyB0AtGtCyBtBzztGyDyByD0AtG0CtAtA0CtGtDyD0EyD0BtByCtDyEzz0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDyCyEyEtCyC0EtGtBzzyD0DtGtAzztD0AtGyD0DtCyDtGtCtCyE0CtDyDzzyD0CtAtDtC2Q&cr=2073637894&ir=" CHR DefaultSearchKeyword: Default -> yahoo.com search CHR DefaultSearchURL: Default -> https://fr.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=994519&p={searchTerms} CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Profile: C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-01] CHR Extension: (Google Drive) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-01] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03] CHR Extension: (YouTube) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16] CHR Extension: (Recherche Google) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16] CHR Extension: (Avira Browser Safety) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-12] CHR Extension: (Skype Click to Call) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-01] CHR Extension: (Google Wallet) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-09-07] CHR Extension: (Gmail) - C:\Users\Selma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16] CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2012-01-17] CHR StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [135336 2010-08-17] (Avira GmbH) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [267944 2010-08-17] (Avira GmbH) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-11-05] (Elex do Brasil Participações Ltda) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation) R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [81584 2010-08-17] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [116568 2010-08-17] (Avira GmbH) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-25] (Avira Operations GmbH & Co. KG) S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed] S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel(R) Corporation) [File not signed] R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-11-05] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-11-05] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-11-05] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-11-05] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-11-03] (Elex do Brasil Participações Ltda) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-21] (Duplex Secure Ltd.) U3 a5df3ghr; C:\Windows\System32\Drivers\a5df3ghr.sys [0 ] (Intel Corporation) U3 awy499xv; C:\Windows\System32\Drivers\awy499xv.sys [0 ] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-16 10:58 - 2014-11-16 10:59 - 00019162 _____ () C:\Users\Selma\Downloads\FRST.txt 2014-11-16 10:58 - 2014-11-16 10:58 - 02116608 _____ (Farbar) C:\Users\Selma\Downloads\FRST64 (1).exe 2014-11-16 10:58 - 2014-11-16 10:58 - 00000000 ____D () C:\FRST 2014-11-16 10:56 - 2014-11-16 10:56 - 02116608 _____ (Farbar) C:\Users\Selma\Downloads\FRST64.exe 2014-11-16 10:03 - 2014-11-16 10:03 - 00120372 _____ () C:\Users\Selma\Desktop\ZHPDiag.txt 2014-11-16 10:02 - 2014-11-16 10:02 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin 2014-11-16 09:54 - 2014-11-16 10:03 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\ZHP 2014-11-16 09:54 - 2014-11-16 09:54 - 00001947 _____ () C:\Users\Selma\Desktop\ZHPFix.lnk 2014-11-16 09:54 - 2014-11-16 09:54 - 00001820 _____ () C:\Users\Selma\Desktop\ZHPDiag.lnk 2014-11-16 09:54 - 2014-11-16 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2014-11-16 09:54 - 2014-11-16 09:54 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag 2014-11-16 09:53 - 2014-11-16 09:53 - 06863988 _____ (Nicolas Coolman ) C:\Users\Selma\Downloads\ZHPDiag2.exe 2014-11-15 23:18 - 2014-11-05 03:48 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-15 23:18 - 2014-11-05 03:47 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-15 23:18 - 2014-11-05 03:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-11 21:53 - 2014-11-11 22:30 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-11 17:19 - 2014-11-11 17:17 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-11-11 17:17 - 2014-11-11 17:17 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\Avira 2014-11-11 17:16 - 2014-11-11 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-11 17:16 - 2014-11-11 17:16 - 00002026 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-11-11 17:15 - 2014-11-11 22:30 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-11 17:15 - 2014-11-11 21:53 - 00000000 ____D () C:\ProgramData\Avira 2014-11-11 17:15 - 2014-09-25 17:27 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-11-11 17:15 - 2010-08-17 13:39 - 00116568 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys 2014-11-11 17:15 - 2010-08-17 13:39 - 00081584 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys 2014-11-11 17:11 - 2014-11-11 17:13 - 151223664 _____ () C:\Users\Selma\Downloads\avira_free_antivirus_fr.exe 2014-11-11 17:10 - 2014-11-11 17:10 - 00001862 _____ () C:\Users\Public\Desktop\YAC.lnk 2014-11-11 17:10 - 2014-11-11 17:10 - 00000000 ____D () C:\Windows\system32\log 2014-11-11 17:10 - 2014-11-11 17:10 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\Elex-tech 2014-11-11 17:10 - 2014-11-11 17:10 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\eCyber 2014-11-11 17:10 - 2014-11-11 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC 2014-11-11 17:10 - 2014-11-11 17:10 - 00000000 ____D () C:\Program Files (x86)\Elex-tech 2014-11-11 17:10 - 2014-11-05 14:10 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys 2014-11-11 17:10 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2014-11-11 17:09 - 2014-11-11 17:09 - 00911824 _____ (Elex do Brasil Participações Ltda) C:\Users\Selma\Downloads\yet_another_cleaner_mat.exe 2014-11-11 01:46 - 2014-11-11 01:46 - 00812704 _____ ( ) C:\Users\Selma\Downloads\FileExtractorSetup.exe 2014-11-09 15:20 - 2014-11-09 15:22 - 00000000 ____D () C:\Users\Selma\Desktop\kristina 2014-11-09 12:02 - 2014-11-09 12:02 - 15077897 _____ (The GIMP Team ) C:\Users\Selma\Downloads\Non confirmé 89152.crdownload 2014-11-09 11:54 - 2014-11-09 11:54 - 00009127 _____ () C:\Users\Selma\Downloads\gimp-2.8.14-setup-1.exe.torrent 2014-11-09 11:51 - 2014-11-09 11:53 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\Scribus 2014-11-09 10:57 - 2014-11-11 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.4 2014-11-09 10:56 - 2014-11-11 01:42 - 00000000 ____D () C:\Program Files (x86)\Scribus 1.4.4 2014-10-25 22:55 - 2014-10-25 22:55 - 01585904 _____ (SquareClock SAS) C:\Users\Selma\Downloads\HomeByMe.exe 2014-10-24 22:46 - 2014-11-11 01:41 - 00000000 ____D () C:\Users\Selma\Desktop\films téléchargés 2014-10-24 22:45 - 2014-10-24 22:45 - 00028953 _____ () C:\Users\Selma\Downloads\The Walking Dead S05E02 FASTSUB VOSTFR HDTV XviD [www.OMGTORRENT.com].torrent 2014-10-24 22:45 - 2014-10-24 22:45 - 00028899 _____ () C:\Users\Selma\Downloads\The Walking Dead S05E01 FASTSUB VOSTFR HDTV XviD [www.OMGTORRENT.com].torrent 2014-10-23 21:16 - 2014-10-23 21:16 - 00000000 ____D () C:\Users\Selma\Desktop\Da.Vinci.Code-EXTENDED.CUT-TRUEFRENCH.DVDRIP.XviD.AC3-PoneyClub 2014-10-19 18:41 - 2014-10-19 18:41 - 01230792 _____ () C:\Users\Selma\Downloads\Setup (2).exe 2014-10-19 11:10 - 2014-10-19 11:10 - 01230792 _____ () C:\Users\Selma\Downloads\Setup (1).exe 2014-10-19 11:08 - 2014-10-19 11:08 - 01230784 _____ () C:\Users\Selma\Downloads\Setup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-16 10:55 - 2014-05-11 09:03 - 01925262 _____ () C:\Windows\WindowsUpdate.log 2014-11-16 10:27 - 2013-02-22 11:55 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-16 10:22 - 2011-04-21 21:22 - 00001078 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240529973-2975974449-2026987148-1001UA.job 2014-11-16 10:11 - 2009-07-14 05:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-16 10:11 - 2009-07-14 05:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-16 09:55 - 2010-08-03 14:14 - 00705166 _____ () C:\Windows\system32\perfh00C.dat 2014-11-16 09:55 - 2010-08-03 14:14 - 00131182 _____ () C:\Windows\system32\perfc00C.dat 2014-11-16 09:55 - 2009-07-14 06:13 - 01551552 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-16 09:54 - 2011-01-29 20:40 - 00003944 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{64819CFD-19AD-47A0-B700-E82186C6EDC7} 2014-11-16 09:50 - 2014-09-20 20:20 - 00002184 _____ () C:\Windows\setupact.log 2014-11-16 09:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-16 09:48 - 2014-07-11 00:41 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-16 09:47 - 2013-08-15 01:03 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-16 05:47 - 2011-04-21 21:22 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240529973-2975974449-2026987148-1001Core.job 2014-11-15 23:46 - 2011-02-20 09:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-12 07:13 - 2014-09-20 20:20 - 00232906 _____ () C:\Windows\PFRO.log 2014-11-11 17:08 - 2014-06-02 16:30 - 00001602 _____ () C:\DelFix.txt 2014-11-11 09:18 - 2014-06-01 10:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-11 01:42 - 2014-06-15 23:27 - 00000000 ____D () C:\ProgramData\NCH Software 2014-11-11 01:42 - 2014-06-15 23:27 - 00000000 ____D () C:\Program Files (x86)\NCH Software 2014-11-11 01:42 - 2014-06-01 10:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-11 01:42 - 2013-08-29 17:59 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\Azureus 2014-11-11 01:42 - 2013-08-29 17:59 - 00000000 ____D () C:\Program Files\Vuze 2014-11-11 01:42 - 2011-10-29 04:02 - 00000000 ____D () C:\Program Files\Bonjour 2014-11-11 01:42 - 2011-03-03 12:15 - 00000000 ____D () C:\Users\Invité 2014-11-11 01:42 - 2011-01-29 20:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client 2014-11-11 01:42 - 2011-01-29 20:35 - 00000000 ____D () C:\Users\Selma 2014-11-11 01:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-11 01:41 - 2011-01-29 20:41 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\SoftGrid Client 2014-11-11 01:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-10-28 06:34 - 2011-01-30 19:52 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-25 23:17 - 2011-04-21 21:22 - 00004052 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-240529973-2975974449-2026987148-1001UA 2014-10-25 23:17 - 2011-04-21 21:22 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-240529973-2975974449-2026987148-1001Core 2014-10-24 14:32 - 2011-02-09 16:00 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\vlc 2014-10-23 22:21 - 2013-01-28 22:55 - 00105706 _____ () C:\test.xml 2014-10-19 08:59 - 2009-07-14 05:45 - 04952960 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-19 08:56 - 2013-08-29 18:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Selma\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 13:06 ==================== End Of Log ============================