Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02 Ran by pyrom_000 (administrator) on PC-YANNICK on 16-05-2015 22:22:24 Running from C:\Users\pyrom_000\Downloads Loaded Profiles: pyrom_000 (Available profiles: pyrom_000) Platform: Windows 8.1 (X64) OS Language: Français (France) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe () C:\Users\pyrom_000\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe () C:\Users\pyrom_000\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-04-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320 2015-03-27] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-271949284-2953824820-2789736469-1002\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.) HKU\S-1-5-21-271949284-2953824820-2789736469-1002\...\Run: [GoogleChromeAutoLaunch_72FBF5426954259D75E40FCF9F1C49EB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-28] (Google Inc.) HKU\S-1-5-21-271949284-2953824820-2789736469-1002\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-271949284-2953824820-2789736469-1002\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-14] (IObit) HKU\S-1-5-21-271949284-2953824820-2789736469-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) HKU\S-1-5-21-271949284-2953824820-2789736469-1002\...\MountPoints2: {1fa57ca5-2f01-11e4-be93-28e3479126d5} - "F:\LG_PC_Programs.exe" HKU\S-1-5-21-271949284-2953824820-2789736469-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-04-17] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-07-24] ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide de SolidWorks 2013.lnk [2014-06-22] ShortcutTarget: Lancement rapide de SolidWorks 2013.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.) Startup: C:\Users\pyrom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Photosmart 6520 series (réseau).lnk [2014-10-21] ShortcutTarget: Alertes de surveillance de l'encre - HP Photosmart 6520 series (réseau).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\pyrom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk [2014-07-03] ShortcutTarget: Logitech . Enregistrement du produit.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms} HKU\S-1-5-21-271949284-2953824820-2789736469-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ HKU\S-1-5-21-271949284-2953824820-2789736469-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-271949284-2953824820-2789736469-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9EF207598&ts=1424977446&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-271949284-2953824820-2789736469-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9EF207598&ts=1424977446&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-271949284-2953824820-2789736469-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9EF207598&ts=1424977446&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-271949284-2953824820-2789736469-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST1000LM024XHN-M101MBB_S2Y4J9EF207598&ts=1424977446&type=default&q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-11-30] (IObit) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2 Tcpip\..\Interfaces\{AADB8A4A-DECA-4C75-8E8D-2610B1B39621}: [NameServer] 8.8.8.8,8.8.4.4 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\pyrom_000\AppData\Roaming\Mozilla\Firefox\Profiles\zyq53830.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.fr/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems) FF Plugin HKU\S-1-5-21-271949284-2953824820-2789736469-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pyrom_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS) FF user.js: detected! => C:\Users\pyrom_000\AppData\Roaming\Mozilla\Firefox\Profiles\zyq53830.default\user.js [2015-03-05] FF Extension: Avira Browser Safety - C:\Users\pyrom_000\AppData\Roaming\Mozilla\Firefox\Profiles\zyq53830.default\Extensions\abs@avira.com [2015-04-30] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> ?type=hppp CHR StartupUrls: Default -> "?type=hppp" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (QR Creator) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2014-09-19] CHR Extension: (Google Translate) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-09-19] CHR Extension: (Google Slides) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-19] CHR Extension: (Angry Birds) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-19] CHR Extension: (3DTin) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi [2014-09-19] CHR Extension: (Bob Marley) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\alpnhingmddeadgmgjbfefmaanaeifak [2014-09-19] CHR Extension: (Google Docs) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19] CHR Extension: (Google Drive) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19] CHR Extension: (Fast Proxy) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjcdfmmpdfjohenejbkaaafkoeknjnh [2014-09-19] CHR Extension: (YouTube) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19] CHR Extension: (Adblock Plus) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-19] CHR Extension: (Google Search) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19] CHR Extension: (Fun Switcher) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2014-09-19] CHR Extension: (Pixlr-o-matic) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2014-09-19] CHR Extension: (Box) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-09-19] CHR Extension: (Weather) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fapbbpdnlcmiolkdfjnnjhabmcndadad [2014-09-19] CHR Extension: (Google Sheets) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-19] CHR Extension: (Virtual Piano Black) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjagcpcbacoaogfljhglghpjhkmmfeeo [2014-09-19] CHR Extension: (Avira Browser Safety) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-05-01] CHR Extension: (The QR Code Generator) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2014-09-19] CHR Extension: (Bookmark Manager) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27] CHR Extension: (Jookees Writer) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacaoopdbhdofomejdjoobbncgekfnlp [2014-09-19] CHR Extension: (Chrome to Mobile) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2014-09-19] CHR Extension: (Happy Wheels) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdkholnaicpfohajdhfladkefjpipgah [2014-09-19] CHR Extension: (Montreal Canadiens) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\keoobdifkmkphclkhbenbembpommjhni [2014-09-19] CHR Extension: (Little Alchemy) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-09-19] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04] CHR Extension: (AudioSauna) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-09-19] CHR Extension: (Google Wallet) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-19] CHR Extension: (Gmail) - C:\Users\pyrom_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [603312 2015-04-20] (Adobe Systems Incorporated) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [815920 2015-03-27] (Avira Operations GmbH & Co. KG) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-03-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-03-27] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1004280 2015-03-27] (Avira Operations GmbH & Co. KG) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-12-28] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-31] (Ellora Assets Corp.) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit) R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2818888 2014-04-01] (CybelSoft) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-06-22] (SolidWorks) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-27] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-27] (Avira Operations GmbH & Co. KG) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8462000 2014-04-17] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 LVPr2M64; C:\Windows\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-24] (CybelSoft) S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.) S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 PVUSB; C:\Windows\System32\drivers\CESG64.sys [63808 2007-02-19] (CASIO COMPUTER CO.,LTD.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-04] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 22:22 - 2015-05-16 22:23 - 00037378 _____ () C:\Users\pyrom_000\Downloads\FRST.txt 2015-05-16 22:22 - 2015-05-16 22:22 - 00000000 ____D () C:\FRST 2015-05-16 22:20 - 2015-05-16 22:21 - 02107392 _____ (Farbar) C:\Users\pyrom_000\Downloads\FRST64.exe 2015-05-15 22:38 - 2015-05-16 21:43 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-15 22:38 - 2015-05-15 22:43 - 00001094 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-15 22:35 - 2015-05-15 22:35 - 00003400 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1 2015-05-15 22:35 - 2015-05-15 22:35 - 00003390 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2 2015-05-11 20:43 - 2015-05-11 20:43 - 00002597 _____ () C:\Users\Public\Desktop\Realtime Analyzer RAL.lnk 2015-05-11 20:43 - 2015-05-11 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtime Analyzer RAL 2015-05-11 20:43 - 2015-05-11 20:43 - 00000000 ____D () C:\Program Files (x86)\RALE 2015-05-11 20:41 - 2015-05-11 20:41 - 04698505 _____ (Yoshimasa Electronic Inc ) C:\Users\pyrom_000\Downloads\PcAudioLTEMe.exe 2015-05-11 20:41 - 2015-05-11 20:41 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2015-05-10 20:43 - 2015-05-10 20:48 - 00000000 ____D () C:\Users\pyrom_000\AppData\Local\AviraSpeedup 2015-05-10 20:34 - 2015-05-10 20:34 - 00138810 _____ () C:\WINDOWS\PFRO.log 2015-05-05 23:17 - 2015-05-05 23:17 - 00000000 ____D () C:\Users\pyrom_000\Prezi 2015-05-05 23:16 - 2015-05-05 23:16 - 00001899 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi Desktop.lnk 2015-05-05 23:16 - 2015-05-05 23:16 - 00001887 _____ () C:\Users\Public\Desktop\Prezi Desktop.lnk 2015-05-05 23:14 - 2015-05-05 23:16 - 00000000 ____D () C:\Program Files (x86)\Prezi 2015-05-05 22:51 - 2015-05-05 22:57 - 570318288 _____ (Prezi.com) C:\Users\pyrom_000\Downloads\Install_Prezi_5.2.8.exe 2015-05-03 23:59 - 2015-05-15 07:04 - 00001159 _____ () C:\WINDOWS\setupact.log 2015-05-03 23:59 - 2015-05-03 23:59 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-04-30 23:07 - 2015-04-30 23:07 - 00001163 _____ () C:\Users\Public\Desktop\Avira System Speedup.lnk 2015-04-30 23:07 - 2015-04-30 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup 2015-04-30 23:04 - 2015-04-30 23:04 - 00003320 _____ () C:\WINDOWS\System32\Tasks\AviraSpeedup 2015-04-30 23:03 - 2015-05-14 20:51 - 00000000 ____D () C:\Users\pyrom_000\AppData\Roaming\Avira 2015-04-29 23:22 - 2015-03-27 14:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-04-29 23:22 - 2015-03-27 14:21 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-04-29 23:22 - 2015-03-27 14:21 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-04-29 23:22 - 2015-03-27 14:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2015-04-29 23:16 - 2015-05-14 20:32 - 00000000 ____D () C:\ProgramData\Avira 2015-04-29 23:16 - 2015-05-14 20:32 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-04-28 14:01 - 2015-04-28 14:01 - 00003860 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1421781164 2015-04-28 14:00 - 2015-04-28 14:00 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-04-26 23:12 - 2015-04-26 23:12 - 00001277 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2015-04-26 23:12 - 2015-04-26 23:12 - 00001265 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2015-04-26 23:08 - 2015-05-10 21:10 - 00005094 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-YANNICK-pyrom_000 PC-Yannick 2015-04-25 22:22 - 2015-04-14 01:24 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-04-25 22:22 - 2015-04-14 01:24 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-18 22:58 - 2015-04-18 22:58 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-04-17 22:58 - 2015-04-17 22:58 - 00003324 _____ () C:\WINDOWS\System32\Tasks\Microsoft System Certificates ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 22:23 - 2015-03-04 21:53 - 00000000 ____D () C:\Users\pyrom_000\AppData\Local\CrashDumps 2015-05-16 22:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-16 21:54 - 2014-06-30 11:25 - 01956450 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-16 21:33 - 2014-05-31 16:23 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-271949284-2953824820-2789736469-1002 2015-05-16 21:29 - 2015-02-12 21:11 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-05-16 21:29 - 2014-06-30 12:40 - 00007021 _____ () C:\WINDOWS\system32\lvcoinst.log 2015-05-16 21:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-16 21:28 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-16 21:12 - 2014-05-31 23:38 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-05-16 20:49 - 2014-05-31 23:38 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-05-16 20:29 - 2014-03-18 11:41 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-16 19:45 - 2014-06-08 17:03 - 00003960 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{128D27E1-5D71-484B-BD95-FE9C38CD8F38} 2015-05-15 22:45 - 2015-03-04 21:51 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-15 22:38 - 2014-05-31 17:47 - 00004070 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-15 22:38 - 2014-05-31 17:47 - 00003834 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-15 22:30 - 2014-07-12 22:25 - 00000000 ____D () C:\Users\pyrom_000\AppData\Local\Adobe 2015-05-15 07:04 - 2014-12-29 22:47 - 00000000 ____D () C:\Users\pyrom_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth 2015-05-14 20:32 - 2014-06-06 21:41 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-14 20:20 - 2014-03-18 12:02 - 01824010 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-14 20:20 - 2014-03-18 11:26 - 00812350 _____ () C:\WINDOWS\system32\perfh00C.dat 2015-05-14 20:20 - 2014-03-18 11:26 - 00159412 _____ () C:\WINDOWS\system32\perfc00C.dat 2015-05-10 20:44 - 2014-06-06 23:04 - 00000000 ___DO () C:\Users\pyrom_000\OneDrive 2015-05-10 20:36 - 2014-11-30 21:14 - 00000000 ____D () C:\ProgramData\ProductData 2015-05-10 20:35 - 2014-06-06 22:37 - 00000000 ____D () C:\Users\pyrom_000 2015-05-10 20:34 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-10 20:34 - 2013-08-22 16:44 - 05201176 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-10 10:40 - 2014-06-20 22:30 - 00000000 ____D () C:\Users\pyrom_000\AppData\Roaming\Skype 2015-05-07 21:52 - 2014-08-24 22:47 - 00000000 ____D () C:\Users\pyrom_000\AppData\Roaming\Audacity 2015-05-05 23:01 - 2015-02-15 21:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-05 21:46 - 2014-07-18 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-05-05 21:44 - 2014-07-18 16:51 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-05-01 19:03 - 2014-07-21 19:13 - 00000000 ____D () C:\Users\pyrom_000\AppData\Roaming\uTorrent 2015-04-28 14:01 - 2015-01-20 21:11 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-04-28 13:52 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Web 2015-04-28 13:52 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-27 22:57 - 2014-06-08 13:03 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-04-26 23:15 - 2014-07-13 11:33 - 00000000 ____D () C:\ProgramData\Adobe 2015-04-26 23:12 - 2013-04-26 01:15 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-04-26 01:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-04-25 23:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-04-18 22:58 - 2014-12-29 21:47 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-04-18 22:24 - 2014-09-13 20:42 - 00000000 ____D () C:\ProgramData\Visicom Media 2015-04-18 22:24 - 2014-09-13 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visicom Media 2015-04-18 22:24 - 2014-09-13 20:41 - 00000000 ____D () C:\Program Files\Visicom Media ==================== Files in the root of some directories ======= 2014-07-10 14:51 - 2014-09-17 19:22 - 0000034 _____ () C:\Users\pyrom_000\AppData\Roaming\AdobeWLCMCache.dat 2014-07-04 16:39 - 2014-07-04 16:39 - 0000021 _____ () C:\Users\pyrom_000\AppData\Roaming\my_intel.sys 2014-05-31 16:14 - 2014-08-14 18:29 - 0000074 _____ () C:\Users\pyrom_000\AppData\Roaming\sp_data.sys 2014-11-02 19:14 - 2014-11-08 23:14 - 0000068 _____ () C:\Users\pyrom_000\AppData\Roaming\WB.CFG 2014-08-10 19:33 - 2014-09-21 16:59 - 0001456 _____ () C:\Users\pyrom_000\AppData\Local\Adobe Enregistrer pour le Web 13.0 Prefs 2014-07-17 19:27 - 2014-11-28 23:13 - 0007680 _____ () C:\Users\pyrom_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-21 16:52 - 2014-10-21 16:52 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some content of TEMP: ==================== C:\Users\pyrom_000\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-25 22:36 ==================== End Of Log ============================