Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by sadaik (administrator) on PC-DE-SADAIK on 01-06-2015 22:05:08
Running from C:\Users\sadaik\Downloads
Loaded Profiles: sadaik (Available Profiles: sadaik)
Platform: Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86) OS Language: Français (France)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Macrovision) C:\Windows\System32\drivers\CDAC11BA.EXE
() C:\Program Files\orange\Assistance Livebox\dedicarz\DedicarzService.exe
(Devguru Co., Ltd.) C:\Windows\System32\dgdersvc.exe
() C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Orange) C:\Program Files\orange\Assistance Livebox\AssistanceLivebox.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(France Telecom SA) C:\Program Files\Orange HSS\Systray\SystrayApp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
(Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Google Inc.) C:\Users\sadaik\AppData\Local\Google\Update\GoogleUpdate.exe
(Micro Application) C:\Program Files\Micro Application\LauncherMA.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
(Google Inc.) C:\Users\sadaik\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Orange) C:\Program Files\orange\Assistance Livebox\dist\ST2.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(acer) C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\NotificationCenter\Framework.NotificationCenter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Farbar) C:\Users\sadaik\Downloads\FRST(2).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SmpcSys] => C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [SystrayORAHSS] => C:\Program Files\Orange HSS\Systray\SystrayApp.exe [94208 2007-07-24] (France Telecom SA)
HKLM\...\Run: [ORAHSSSessionManager] => C:\Program Files\Orange HSS\SessionManager\SessionManager.exe [102400 2007-07-24] (France Telecom SA)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2503704 2015-03-18] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [SmpcSys] => C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [ccleaner] => "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-04-28] (Nero AG)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [] => C:\ [0 ] ()
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [orangeinside] => C:\Users\sadaik\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1508864 2012-04-16] (Orange)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3365176 2010-09-06] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [Google Update] => C:\Users\sadaik\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-05-31] (Google Inc.)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
Startup: C:\Users\sadaik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk [2011-06-13]
ShortcutTarget: Lanceur.lnk -> C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)
BootExecute: autocheck autochk * lsdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0209&m=easynote_sl35
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113357&tt=071012_17_4012_4&babsrc=HP_ss&mntrId=e61f95d70000000000000017c4687701
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0209&m=easynote_sl35
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
URLSearchHook: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 - (No Name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - No File
URLSearchHook: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll ()
URLSearchHook: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box
SearchScopes: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://fr.search.yahoo.com/search?p={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-25] (Oracle Corporation)
BHO: Programme d'aide de l'Assistant de connexion Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {D3028143-6145-4318-99D3-3EDCE54A95A9} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll [2009-11-01] (Skyline software systems Inc.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-31] (AVG Secure Search)
ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll [49152 2009-04-25] (EasyBits Software Corp.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-01] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2009-11-07] (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-04-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin: @www.dlmanager.net/omaha/tools//Software Update;version=8 -> C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll [2012-10-07] (Boxore OU.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\sadaik\Program Files\DNA\plugins\npbtdna.dll No File
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\sadaik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @talk.google.com/O1DPlugin -> C:\Users\sadaik\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sadaik\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sadaik\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF user.js: detected! => C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\user.js [2015-05-31]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2008-09-04] (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadaik\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\sadaik\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Menu Contextuel Orange - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\menu_contextuel_orange@orange.fr [2012-05-08]
FF Extension: KwiClick - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\vinceturk@gmail.com [2011-05-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-29]
FF Extension: Google Toolbar for Firefox - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-10-12]
FF Extension: Plugin Orange Installeur - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF} [2012-05-08]
FF Extension: Yahoo! Toolbar - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-05-31]
FF Extension: PriceGong - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2015-05-31]
FF Extension: DownloadHelper - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-31]
FF Extension: Adblock Plus - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-04-15]
FF Extension: AutoPager - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\autopager@mozilla.org.xpi [2011-11-05]
FF Extension: Add-on Compatibility Reporter - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-11-13]
FF Extension: Adblock Plus - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-25]
FF HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\sadaik\Program Files\DNA
Chrome:
=======
CHR StartupUrls: Default -> "", "hxxp://www.google.com/webhp?source=search_app", "hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_CH"
CHR Profile: C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-17]
CHR Extension: (Adblock Plus) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-17]
CHR Extension: (AVG Secure Search) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx [2013-10-28]
StartMenuInternet: Google Chrome - C:\Users\sadaik\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-07-09] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [54784 2010-08-25] (Macrovision) [File not signed]
R2 Dedicarz Service; C:\Program Files\Orange\Assistance Livebox\dedicarz\DedicarzService.exe [1966960 2013-06-10] () [File not signed]
R2 dgdersvc; C:\Windows\system32\dgdersvc.exe [95568 2010-09-06] (Devguru Co., Ltd.)
R2 ETService; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576 2008-07-16] () [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-12-23] (Macrovision Europe Ltd.) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [217088 2010-09-06] (Teruten) [File not signed]
R2 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536 2007-07-31] (France Telecom SA) [File not signed]
S2 gupdate1c9d7fd8c97c5dd; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-03-17] (Google Inc.)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-24] (Lavasoft Limited ) [File not signed]
R2 o2flash; C:\Windows\system32\DRIVERS\o2flash.exe [71512 2008-08-22] (O2Micro International)
S2 Orange update Core Service; C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe [699912 2014-01-21] (Orange SA)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832 2015-05-06] (IBM Corp.)
R2 vToolbarUpdater18.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-31] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 supdate; "C:\Program Files\Software\Update\SoftwareUpdate.exe" /svc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R2 CdaC15BA; C:\Windows\system32\drivers\CdaC15BA.SYS [12464 2010-08-25] (Macrovision Europe Ltd) [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-09-06] () [File not signed]
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-05-25] (Lavasoft AB)
S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-03-17] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-05-06] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-05-06] (IBM Corp.)
R3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-05-06] (IBM Corp.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [147168 2008-06-18] (Realtek Semiconductor Corp.)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2009-10-26] (RapidSolution Software AG)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 22:05 - 2015-06-01 22:06 - 00027058 _____ () C:\Users\sadaik\Downloads\FRST.txt
2015-06-01 22:04 - 2015-06-01 22:05 - 00000000 ____D () C:\FRST
2015-06-01 22:04 - 2015-06-01 22:04 - 01147392 _____ (Farbar) C:\Users\sadaik\Downloads\FRST(2).exe
2015-06-01 22:02 - 2015-06-01 22:02 - 01147392 _____ (Farbar) C:\Users\sadaik\Downloads\FRST(1).exe
2015-06-01 21:52 - 2015-06-01 21:52 - 01147392 _____ (Farbar) C:\Users\sadaik\Downloads\FRST.exe
2015-06-01 00:33 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-01 00:31 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-01 00:29 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-01 00:24 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-01 00:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-01 00:23 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-01 00:23 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-01 00:23 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-01 00:18 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-01 00:18 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-01 00:18 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-01 00:18 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-01 00:18 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-01 00:18 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-01 00:18 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-01 00:18 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-01 00:18 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-01 00:18 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-01 00:14 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-31 23:38 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-31 23:08 - 2015-05-31 23:08 - 00243536 _____ () C:\Users\sadaik\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-31 17:36 - 2015-05-31 17:36 - 00000000 __SHD () C:\found.000
2015-05-31 16:24 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-31 16:24 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-31 16:24 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-31 16:24 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-31 16:24 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-31 16:24 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-31 16:24 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-31 16:24 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-31 16:24 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-31 16:24 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-31 14:48 - 2015-05-31 14:48 - 00000000 ____H () C:\Users\sadaik\AppData\Local\BITFD38.tmp
2015-05-31 14:38 - 2015-05-31 14:38 - 00000000 _____ () C:\Users\sadaik\AppData\Local\{3CE5BFDB-116A-43A0-8612-F42FF8E6D00A}
2015-05-06 15:21 - 2015-05-06 15:21 - 00208856 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 21:50 - 2006-11-02 14:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:50 - 2006-11-02 14:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:46 - 2009-04-25 17:13 - 00000000 ____D () C:\Users\sadaik\AppData\Local\Adobe
2015-06-01 21:44 - 2012-04-04 12:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-01 21:44 - 2012-04-04 12:17 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 21:44 - 2011-05-20 07:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-01 21:11 - 2009-06-30 14:32 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 21:08 - 2012-10-18 19:24 - 01300597 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 18:18 - 2012-05-28 12:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-06-01 18:13 - 2011-06-17 00:00 - 00000064 _____ () C:\Windows\system32\rp_stats.dat
2015-06-01 18:13 - 2011-06-17 00:00 - 00000044 _____ () C:\Windows\system32\rp_rules.dat
2015-06-01 07:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-06-01 07:16 - 2008-01-21 09:24 - 01625902 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 07:14 - 2013-10-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Sécurité des points d'accès
2015-06-01 07:07 - 2009-02-21 04:36 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-06-01 07:07 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 07:06 - 2006-11-02 14:44 - 00407792 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-06-01 07:04 - 2009-04-27 16:22 - 00245768 _____ () C:\aaw7boot.log
2015-06-01 07:02 - 2013-04-25 14:05 - 00221932 _____ () C:\Windows\PFRO.log
2015-06-01 07:02 - 2006-11-02 14:35 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-06-01 00:36 - 2006-11-02 14:58 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-01 00:35 - 2008-12-23 06:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-06-01 00:35 - 2006-11-02 12:23 - 00000219 _____ () C:\Windows\win.ini
2015-06-01 00:13 - 2013-10-28 22:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-31 23:33 - 2010-06-04 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-31 23:32 - 2009-12-17 21:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-31 23:12 - 2011-10-12 09:03 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-31 23:12 - 2011-09-29 20:47 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-31 23:12 - 2009-04-25 13:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-31 23:11 - 2012-06-06 21:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-31 23:01 - 2010-02-09 22:12 - 00000000 ____D () C:\Users\sadaik\AppData\Roaming\vlc
2015-05-31 22:24 - 2012-04-04 12:38 - 00002091 _____ () C:\Users\sadaik\Desktop\Google Chrome.lnk
2015-05-31 19:01 - 2012-10-07 22:01 - 00000000 ____D () C:\ProgramData\Browser Manager
2015-05-31 18:05 - 2015-03-17 17:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 16:43 - 2009-04-25 13:00 - 00000000 ____D () C:\Users\sadaik\AppData\Roaming\Mozilla
2015-05-31 16:32 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-31 15:08 - 2009-06-30 14:32 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 15:06 - 2010-08-26 00:52 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1243563072-2189662949-1172452096-1000UA.job
2015-05-31 15:06 - 2010-08-26 00:52 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1243563072-2189662949-1172452096-1000Core.job
2015-05-31 14:37 - 2013-04-25 16:08 - 00000000 ____D () C:\Program Files\AVG Secure Search
==================== Files in the root of some directories =======
2013-10-28 18:48 - 2013-10-28 18:48 - 50053120 _____ () C:\Program Files\GUT4A88.tmp
2009-05-26 21:04 - 2009-06-10 19:45 - 0087608 _____ () C:\Users\sadaik\AppData\Roaming\inst.exe
2009-05-26 21:04 - 2009-06-10 19:45 - 0007887 _____ () C:\Users\sadaik\AppData\Roaming\pcouffin.cat
2009-05-26 21:04 - 2009-06-10 19:45 - 0001144 _____ () C:\Users\sadaik\AppData\Roaming\pcouffin.inf
2009-05-26 21:04 - 2009-06-10 19:45 - 0000033 _____ () C:\Users\sadaik\AppData\Roaming\pcouffin.log
2009-05-26 21:04 - 2009-06-10 19:45 - 0047360 _____ (VSO Software) C:\Users\sadaik\AppData\Roaming\pcouffin.sys
2012-02-08 22:07 - 2012-02-08 22:07 - 0000000 _____ () C:\Users\sadaik\AppData\Roaming\UUlUg.txt
2009-05-26 21:05 - 2009-05-26 23:46 - 0000668 _____ () C:\Users\sadaik\AppData\Roaming\vso_ts_preview.xml
2009-06-08 20:26 - 2011-11-30 17:21 - 0000152 _____ () C:\Users\sadaik\AppData\Roaming\wklnhst.dat
2012-02-08 22:07 - 2012-02-08 22:07 - 0000000 _____ () C:\Users\sadaik\AppData\Roaming\yykVD.txt
2015-05-31 14:48 - 2015-05-31 14:48 - 0000000 ____H () C:\Users\sadaik\AppData\Local\BITFD38.tmp
2012-04-14 12:56 - 2013-04-25 18:29 - 0007052 _____ () C:\Users\sadaik\AppData\Local\d3d9caps.dat
2009-04-27 23:30 - 2014-08-29 16:25 - 0098304 _____ () C:\Users\sadaik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-17 00:20 - 2010-01-25 16:19 - 0000090 _____ () C:\Users\sadaik\AppData\Local\gwohxpi.bat
2015-05-31 14:38 - 2015-05-31 14:38 - 0000000 _____ () C:\Users\sadaik\AppData\Local\{3CE5BFDB-116A-43A0-8612-F42FF8E6D00A}
2011-07-18 18:51 - 2012-05-27 10:47 - 0000012 _____ () C:\ProgramData\ReminderNextRun
Some files in TEMP:
====================
C:\Users\sadaik\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\sadaik\AppData\Local\Temp\oi_{FD225A7B-F482-425D-AC78-34125C83646F}.exe
C:\Users\sadaik\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\sadaik\AppData\Local\Temp\vlc-2.0.8-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-01 19:50
==================== End of log ============================
Ran by sadaik (administrator) on PC-DE-SADAIK on 01-06-2015 22:05:08
Running from C:\Users\sadaik\Downloads
Loaded Profiles: sadaik (Available Profiles: sadaik)
Platform: Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86) OS Language: Français (France)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Macrovision) C:\Windows\System32\drivers\CDAC11BA.EXE
() C:\Program Files\orange\Assistance Livebox\dedicarz\DedicarzService.exe
(Devguru Co., Ltd.) C:\Windows\System32\dgdersvc.exe
() C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Orange) C:\Program Files\orange\Assistance Livebox\AssistanceLivebox.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(France Telecom SA) C:\Program Files\Orange HSS\Systray\SystrayApp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
(Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Google Inc.) C:\Users\sadaik\AppData\Local\Google\Update\GoogleUpdate.exe
(Micro Application) C:\Program Files\Micro Application\LauncherMA.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(France Telecom SA) C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
(Google Inc.) C:\Users\sadaik\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Orange) C:\Program Files\orange\Assistance Livebox\dist\ST2.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(acer) C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\NotificationCenter\Framework.NotificationCenter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Farbar) C:\Users\sadaik\Downloads\FRST(2).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SmpcSys] => C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [SystrayORAHSS] => C:\Program Files\Orange HSS\Systray\SystrayApp.exe [94208 2007-07-24] (France Telecom SA)
HKLM\...\Run: [ORAHSSSessionManager] => C:\Program Files\Orange HSS\SessionManager\SessionManager.exe [102400 2007-07-24] (France Telecom SA)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2503704 2015-03-18] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [SmpcSys] => C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [ccleaner] => "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-04-28] (Nero AG)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [] => C:\ [0 ] ()
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [orangeinside] => C:\Users\sadaik\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1508864 2012-04-16] (Orange)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3365176 2010-09-06] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Run: [Google Update] => C:\Users\sadaik\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-05-31] (Google Inc.)
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
Startup: C:\Users\sadaik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk [2011-06-13]
ShortcutTarget: Lanceur.lnk -> C:\Program Files\Micro Application\LauncherMA.exe (Micro Application)
BootExecute: autocheck autochk * lsdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0209&m=easynote_sl35
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113357&tt=071012_17_4012_4&babsrc=HP_ss&mntrId=e61f95d70000000000000017c4687701
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0209&m=easynote_sl35
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
URLSearchHook: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 - (No Name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - No File
URLSearchHook: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll ()
URLSearchHook: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box
SearchScopes: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://fr.search.yahoo.com/search?p={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-25] (Oracle Corporation)
BHO: Programme d'aide de l'Assistant de connexion Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1243563072-2189662949-1172452096-1000 -> No Name - {D3028143-6145-4318-99D3-3EDCE54A95A9} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll [2009-11-01] (Skyline software systems Inc.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-31] (AVG Secure Search)
ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll [49152 2009-04-25] (EasyBits Software Corp.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-01] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2009-11-07] (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-04-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin: @www.dlmanager.net/omaha/tools//Software Update;version=8 -> C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll [2012-10-07] (Boxore OU.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\sadaik\Program Files\DNA\plugins\npbtdna.dll No File
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\sadaik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @talk.google.com/O1DPlugin -> C:\Users\sadaik\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sadaik\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-1243563072-2189662949-1172452096-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sadaik\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF user.js: detected! => C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\user.js [2015-05-31]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2008-09-04] (BitTorrent, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\sadaik\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\sadaik\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Menu Contextuel Orange - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\menu_contextuel_orange@orange.fr [2012-05-08]
FF Extension: KwiClick - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\vinceturk@gmail.com [2011-05-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-29]
FF Extension: Google Toolbar for Firefox - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-10-12]
FF Extension: Plugin Orange Installeur - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF} [2012-05-08]
FF Extension: Yahoo! Toolbar - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-05-31]
FF Extension: PriceGong - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2015-05-31]
FF Extension: DownloadHelper - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-31]
FF Extension: Adblock Plus - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-04-15]
FF Extension: AutoPager - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\autopager@mozilla.org.xpi [2011-11-05]
FF Extension: Add-on Compatibility Reporter - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-11-13]
FF Extension: Adblock Plus - C:\Users\sadaik\AppData\Roaming\Mozilla\Firefox\Profiles\tso01sl2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-25]
FF HKU\S-1-5-21-1243563072-2189662949-1172452096-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\sadaik\Program Files\DNA
Chrome:
=======
CHR StartupUrls: Default -> "", "hxxp://www.google.com/webhp?source=search_app", "hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_CH"
CHR Profile: C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-17]
CHR Extension: (Adblock Plus) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-17]
CHR Extension: (AVG Secure Search) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\sadaik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx [2013-10-28]
StartMenuInternet: Google Chrome - C:\Users\sadaik\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-07-09] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [54784 2010-08-25] (Macrovision) [File not signed]
R2 Dedicarz Service; C:\Program Files\Orange\Assistance Livebox\dedicarz\DedicarzService.exe [1966960 2013-06-10] () [File not signed]
R2 dgdersvc; C:\Windows\system32\dgdersvc.exe [95568 2010-09-06] (Devguru Co., Ltd.)
R2 ETService; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [24576 2008-07-16] () [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-12-23] (Macrovision Europe Ltd.) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [217088 2010-09-06] (Teruten) [File not signed]
R2 FTRTSVC; C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536 2007-07-31] (France Telecom SA) [File not signed]
S2 gupdate1c9d7fd8c97c5dd; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-03-17] (Google Inc.)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-24] (Lavasoft Limited ) [File not signed]
R2 o2flash; C:\Windows\system32\DRIVERS\o2flash.exe [71512 2008-08-22] (O2Micro International)
S2 Orange update Core Service; C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe [699912 2014-01-21] (Orange SA)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832 2015-05-06] (IBM Corp.)
R2 vToolbarUpdater18.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-31] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 supdate; "C:\Program Files\Software\Update\SoftwareUpdate.exe" /svc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R2 CdaC15BA; C:\Windows\system32\drivers\CdaC15BA.SYS [12464 2010-08-25] (Macrovision Europe Ltd) [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-09-06] () [File not signed]
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-05-25] (Lavasoft AB)
S3 PCAMp50; C:\Windows\System32\Drivers\PCAMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-03-17] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-05-06] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-05-06] (IBM Corp.)
R3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-05-06] (IBM Corp.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [147168 2008-06-18] (Realtek Semiconductor Corp.)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2009-10-26] (RapidSolution Software AG)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 22:05 - 2015-06-01 22:06 - 00027058 _____ () C:\Users\sadaik\Downloads\FRST.txt
2015-06-01 22:04 - 2015-06-01 22:05 - 00000000 ____D () C:\FRST
2015-06-01 22:04 - 2015-06-01 22:04 - 01147392 _____ (Farbar) C:\Users\sadaik\Downloads\FRST(2).exe
2015-06-01 22:02 - 2015-06-01 22:02 - 01147392 _____ (Farbar) C:\Users\sadaik\Downloads\FRST(1).exe
2015-06-01 21:52 - 2015-06-01 21:52 - 01147392 _____ (Farbar) C:\Users\sadaik\Downloads\FRST.exe
2015-06-01 00:33 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-01 00:31 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-01 00:29 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-01 00:24 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-01 00:24 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-01 00:23 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-01 00:23 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-01 00:23 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-01 00:18 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-01 00:18 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-01 00:18 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-01 00:18 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-01 00:18 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-01 00:18 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-01 00:18 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-01 00:18 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-01 00:18 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-01 00:18 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-01 00:14 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-31 23:38 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-31 23:08 - 2015-05-31 23:08 - 00243536 _____ () C:\Users\sadaik\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-31 17:36 - 2015-05-31 17:36 - 00000000 __SHD () C:\found.000
2015-05-31 16:24 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-31 16:24 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-31 16:24 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-31 16:24 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-31 16:24 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-31 16:24 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-31 16:24 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-31 16:24 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-31 16:24 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-31 16:24 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-31 16:24 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-31 16:24 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-31 14:48 - 2015-05-31 14:48 - 00000000 ____H () C:\Users\sadaik\AppData\Local\BITFD38.tmp
2015-05-31 14:38 - 2015-05-31 14:38 - 00000000 _____ () C:\Users\sadaik\AppData\Local\{3CE5BFDB-116A-43A0-8612-F42FF8E6D00A}
2015-05-06 15:21 - 2015-05-06 15:21 - 00208856 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 21:50 - 2006-11-02 14:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:50 - 2006-11-02 14:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:46 - 2009-04-25 17:13 - 00000000 ____D () C:\Users\sadaik\AppData\Local\Adobe
2015-06-01 21:44 - 2012-04-04 12:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-01 21:44 - 2012-04-04 12:17 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 21:44 - 2011-05-20 07:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-01 21:11 - 2009-06-30 14:32 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 21:08 - 2012-10-18 19:24 - 01300597 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 18:18 - 2012-05-28 12:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-06-01 18:13 - 2011-06-17 00:00 - 00000064 _____ () C:\Windows\system32\rp_stats.dat
2015-06-01 18:13 - 2011-06-17 00:00 - 00000044 _____ () C:\Windows\system32\rp_rules.dat
2015-06-01 07:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-06-01 07:16 - 2008-01-21 09:24 - 01625902 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 07:14 - 2013-10-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Sécurité des points d'accès
2015-06-01 07:07 - 2009-02-21 04:36 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-06-01 07:07 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 07:06 - 2006-11-02 14:44 - 00407792 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-06-01 07:04 - 2009-04-27 16:22 - 00245768 _____ () C:\aaw7boot.log
2015-06-01 07:02 - 2013-04-25 14:05 - 00221932 _____ () C:\Windows\PFRO.log
2015-06-01 07:02 - 2006-11-02 14:35 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-06-01 00:36 - 2006-11-02 14:58 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-01 00:35 - 2008-12-23 06:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-06-01 00:35 - 2006-11-02 12:23 - 00000219 _____ () C:\Windows\win.ini
2015-06-01 00:13 - 2013-10-28 22:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-31 23:33 - 2010-06-04 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-31 23:32 - 2009-12-17 21:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-31 23:12 - 2011-10-12 09:03 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-31 23:12 - 2011-09-29 20:47 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-31 23:12 - 2009-04-25 13:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-31 23:11 - 2012-06-06 21:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-31 23:01 - 2010-02-09 22:12 - 00000000 ____D () C:\Users\sadaik\AppData\Roaming\vlc
2015-05-31 22:24 - 2012-04-04 12:38 - 00002091 _____ () C:\Users\sadaik\Desktop\Google Chrome.lnk
2015-05-31 19:01 - 2012-10-07 22:01 - 00000000 ____D () C:\ProgramData\Browser Manager
2015-05-31 18:05 - 2015-03-17 17:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 16:43 - 2009-04-25 13:00 - 00000000 ____D () C:\Users\sadaik\AppData\Roaming\Mozilla
2015-05-31 16:32 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2015-05-31 15:08 - 2009-06-30 14:32 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 15:06 - 2010-08-26 00:52 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1243563072-2189662949-1172452096-1000UA.job
2015-05-31 15:06 - 2010-08-26 00:52 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1243563072-2189662949-1172452096-1000Core.job
2015-05-31 14:37 - 2013-04-25 16:08 - 00000000 ____D () C:\Program Files\AVG Secure Search
==================== Files in the root of some directories =======
2013-10-28 18:48 - 2013-10-28 18:48 - 50053120 _____ () C:\Program Files\GUT4A88.tmp
2009-05-26 21:04 - 2009-06-10 19:45 - 0087608 _____ () C:\Users\sadaik\AppData\Roaming\inst.exe
2009-05-26 21:04 - 2009-06-10 19:45 - 0007887 _____ () C:\Users\sadaik\AppData\Roaming\pcouffin.cat
2009-05-26 21:04 - 2009-06-10 19:45 - 0001144 _____ () C:\Users\sadaik\AppData\Roaming\pcouffin.inf
2009-05-26 21:04 - 2009-06-10 19:45 - 0000033 _____ () C:\Users\sadaik\AppData\Roaming\pcouffin.log
2009-05-26 21:04 - 2009-06-10 19:45 - 0047360 _____ (VSO Software) C:\Users\sadaik\AppData\Roaming\pcouffin.sys
2012-02-08 22:07 - 2012-02-08 22:07 - 0000000 _____ () C:\Users\sadaik\AppData\Roaming\UUlUg.txt
2009-05-26 21:05 - 2009-05-26 23:46 - 0000668 _____ () C:\Users\sadaik\AppData\Roaming\vso_ts_preview.xml
2009-06-08 20:26 - 2011-11-30 17:21 - 0000152 _____ () C:\Users\sadaik\AppData\Roaming\wklnhst.dat
2012-02-08 22:07 - 2012-02-08 22:07 - 0000000 _____ () C:\Users\sadaik\AppData\Roaming\yykVD.txt
2015-05-31 14:48 - 2015-05-31 14:48 - 0000000 ____H () C:\Users\sadaik\AppData\Local\BITFD38.tmp
2012-04-14 12:56 - 2013-04-25 18:29 - 0007052 _____ () C:\Users\sadaik\AppData\Local\d3d9caps.dat
2009-04-27 23:30 - 2014-08-29 16:25 - 0098304 _____ () C:\Users\sadaik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-17 00:20 - 2010-01-25 16:19 - 0000090 _____ () C:\Users\sadaik\AppData\Local\gwohxpi.bat
2015-05-31 14:38 - 2015-05-31 14:38 - 0000000 _____ () C:\Users\sadaik\AppData\Local\{3CE5BFDB-116A-43A0-8612-F42FF8E6D00A}
2011-07-18 18:51 - 2012-05-27 10:47 - 0000012 _____ () C:\ProgramData\ReminderNextRun
Some files in TEMP:
====================
C:\Users\sadaik\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\sadaik\AppData\Local\Temp\oi_{FD225A7B-F482-425D-AC78-34125C83646F}.exe
C:\Users\sadaik\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\sadaik\AppData\Local\Temp\vlc-2.0.8-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-01 19:50
==================== End of log ============================