Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by akrem (administrator) on AKREM-PC on 22-07-2015 14:55:52
Running from C:\Users\akrem\Downloads
Loaded Profiles: akrem (Available Profiles: akrem)
Platform: Microsoft Windows 7 Édition Intégrale (X86) OS Language: Français (France)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(XTab system) C:\Program Files\MiuiTab\ProtectService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe
(Aztec Media Inc) C:\Program Files\Assets Manager\smdmf\SmdmFService.exe
() C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\8\Plugin.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\6\Plugin.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\7\Plugin.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\5\Plugin.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\3\Plugin.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lid) C:\Program Files\App Lid\acdd9e28-6a78-489c-82f9-85f922b00dcf-1-6.exe
(Lid) C:\Program Files\App Lid\acdd9e28-6a78-489c-82f9-85f922b00dcf-6.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Lid) C:\Program Files\App Lid\acdd9e28-6a78-489c-82f9-85f922b00dcf-10.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Hex-RAYS SA) C:\Users\akrem\AppData\Roaming\kureg\lasix.exe
(Hex-RayS SA) C:\Users\akrem\AppData\Roaming\bonomex\gopidul.exe
(Hex-RaYS SA) C:\Users\akrem\AppData\Roaming\wajez\qesiwa.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\7\Plugin.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ooVoo LLC) C:\Program Files\ooVoo\ooVoo.exe
(BitTorrent Inc.) C:\Users\akrem\AppData\Roaming\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Hex-RayS SA) C:\Users\akrem\AppData\Roaming\misa\pawoko.exe
(Hex-RayS SA) C:\Users\akrem\AppData\Roaming\tej\yisifa.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\3\Plugin.exe
() C:\Users\akrem\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SearchProtect) C:\Program Files\MiuiTab\CmdShell.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\MovieColorEnhancer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(The Eraser Project ) C:\Users\akrem\AppData\Local\Unmedia\tmpC0D9.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(XTab system) C:\Program Files\MiuiTab\HPNotify.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [874144 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [695456 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2194256 2012-06-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bino] => C:\Users\akrem\AppData\Roaming\tej\yisifa.exe [300544 2015-03-30] (Hex-RayS SA)
HKLM\...\Run: [dec] => C:\Users\akrem\AppData\Roaming\kureg\lasix.exe [301056 2015-04-10] (Hex-RAYS SA)
HKLM\...\Run: [pey] => C:\Users\akrem\AppData\Roaming\bonomex\gopidul.exe [299008 2015-04-01] (Hex-RayS SA)
HKLM\...\Run: [siwa] => C:\Users\akrem\AppData\Roaming\wajez\qesiwa.exe [303616 2015-04-06] (Hex-RaYS SA)
HKLM\...\Run: [puxo] => C:\Users\akrem\AppData\Roaming\misa\pawoko.exe [304128 2015-03-28] (Hex-RayS SA)
HKLM\...\Run: [NetworkVerifyer] => C:\Windows\TEMP\temp561917692.exe [1066960 2015-07-10] () <===== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31283328 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [ooVoo.exe] => C:\Program Files\ooVoo\oovoo.exe [36202560 2014-09-01] (ooVoo LLC)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [BitTorrent] => C:\Users\akrem\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Unmedia] => C:\Users\akrem\AppData\Local\Unmedia\tmpC0D9.exe [260376 2015-02-11] (The Eraser Project )
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Odqics] => regsvr32.exe C:\Users\akrem\AppData\Local\Odqics\loader_u.dll <===== ATTENTION
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Ocics] => C:\Windows\System32\regsvr32.exe C:\Users\akrem\AppData\Local\Unmedia\loader_u.dll
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [puxo] => C:\Users\akrem\AppData\Roaming\misa\pawoko.exe [304128 2015-03-28] (Hex-RayS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [bino] => C:\Users\akrem\AppData\Roaming\tej\yisifa.exe [300544 2015-03-30] (Hex-RayS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [pey] => C:\Users\akrem\AppData\Roaming\bonomex\gopidul.exe [299008 2015-04-01] (Hex-RayS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [siwa] => C:\Users\akrem\AppData\Roaming\wajez\qesiwa.exe [303616 2015-04-06] (Hex-RaYS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [dec] => C:\Users\akrem\AppData\Roaming\kureg\lasix.exe [301056 2015-04-10] (Hex-RAYS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [GoogleChromeAutoLaunch_6D5B6ADD8C7DBADA758F0FF7F44F69C4] => C:\Users\akrem\AppData\Local\Chromium\Application\chrome.exe [656384 2015-05-18] (The Chromium Authors)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [AppsHat] => C:\Users\akrem\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\RunOnce: [Software Removal Tool] => "C:\Users\akrem\AppData\Local\Temp\BCE.exe" --chrome-prompt --post-reboot <===== ATTENTION
HKU\S-1-5-18\...\Run: [b13b88da-c3c4-00a0-9f6a-140db6409885] => C:\Users\akrem\AppData\Local\Microsoft\ee696559-8c61-0111-9027-54bf2daeb58f\1b38b176-523c-4d3e-a650-316e6b799a24.exe [194560 2013-02-27] ()
AppInit_DLLs: C:\Users\akrem\AppData\Local\Linkey\IEEXTE~1\ietlb.dll => C:\Users\akrem\AppData\Local\Linkey\IEExtension\ietlb.dll [129040 2014-10-22] ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ENGLISH FOR LOW LEVELS_LESSON 01.avi - YouTube.webm.lnk [2015-01-31]
ShortcutTarget: ENGLISH FOR LOW LEVELS_LESSON 01.avi - YouTube.webm.lnk -> C:\ProgramData\{d20c2f49-f1ae-6bd7-d20c-c2f49f1abd27}\ENGLISH FOR LOW LEVELS_LESSON 01.avi - YouTube.webm.exe ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-06-01] ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-06-01] ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-06-14] ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT.cdhnsvk [2015-06-01] ()
InternetURL: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.paygateawayoros.com/1Rjs8oU
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll [2015-02-11] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-xl/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_338a9f29-8257-4587-bb9b-77a59d069939&q={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = http://q.search-simple.com/?affID=bl_338a9f29-8257-4587-bb9b-77a59d069939&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=114&itype=a&ver=15511&tm=530&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> OldSearch URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\akrem\AppData\Local\Linkey\IEExtension\iedll.dll [2014-10-22] (Aztec Media Inc)
BHO: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> No File
BHO: uniosAlleis -> {7849bfa9-a5b9-4834-b735-1c28995a28c4} -> C:\Program Files\uniosAlleis\Lt37e3WGEvA16N.dll [2015-01-31] ()
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2012-02-13] (Atheros Commnucations)
BHO: youtubeadblocker -> {ae63257a-410e-4c0c-8cec-aab34c414cc4} -> C:\Program Files\youtubeadblocker\FKrTmdLGqjAEfg.dll [2015-01-31] ()
BHO: Internet Program -> {ff0021ad-2cc3-4e0d-8e3c-b4153a64a495} -> C:\Program Files\Internet Program\Extensions\ff0021ad-2cc3-4e0d-8e3c-b4153a64a495.dll [2015-01-30] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6625148B-2F27-4BC6-B5F2-B392054B613E}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_788_bl-is-26__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-16] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-16] (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF user.js: detected! => C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\user.js [2015-07-22]
FF SearchPlugin: C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\searchplugins\default-search.xml [2015-02-18]
FF SearchPlugin: C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\searchplugins\search-provided-by-yahoo.xml [2015-05-22]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2015-02-18]
FF Extension: App Lid - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com [2015-07-16]
FF Extension: Linkey for Firefox - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\extension@linkeyproject.com [2014-11-13]
FF Extension: QuickSearch - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\searchffv2@gmail.com [2015-07-16]
FF Extension: Search Enginer - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\sweetsearch@gmail.com [2015-07-16]
FF Extension: youtubeadblocker - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\yBOvIhCx@T.com [2015-01-31]
FF Extension: uuniissAles - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\ZFa@Mbn.edu [2015-01-31]
FF Extension: Xpert-Web - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\{58e3c1c9-2dc1-4762-bd45-1df9da9d0820} [2014-11-17]
FF Extension: InkWordList Class - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\{9DD4C48C-56C0-9803-064A-D41A48BF5714} [2015-02-11]
FF Extension: ooVoo Search App powered by Ask - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\toolbar_OVO2-SP@apn.ask.com.xpi [2014-12-13]
FF Extension: Internet Program - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\{4336b0e4-2dcf-4c63-95e2-54bc01ce798c}.xpi [2015-01-31]
FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\extensions\searchffv2@gmail.com
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\extensions\sweetsearch@gmail.com
FF HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (App Lid) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemgobnhmjkokaanfjcikbeddfpfbcce [2015-07-16]
CHR Extension: (Google Docs) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-14]
CHR Extension: (Google Drive) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-14]
CHR Extension: (YouTube) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-14]
CHR Extension: (Google Search) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Google Sheets) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-14]
CHR Extension: (Google Wallet) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-14]
CHR Extension: (Gmail) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-14]
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-810618705-3542997047-1480512222-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357
Opera:
=======
OPR Extension: (App Lid) - C:\Users\akrem\AppData\Roaming\Opera Software\Opera Stable\Extensions\aemgobnhmjkokaanfjcikbeddfpfbcce [2015-07-16]
OPR Extension: (Internet Program) - C:\Users\akrem\AppData\Roaming\Opera Software\Opera Stable\Extensions\lceiomaldlbdpggkknflmpmafmhpodac [2015-05-07]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.istartsurf.com/?type=sc&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 95b0aa1e-a934-4569-b056-67b0849ff460; C:\Users\akrem\AppData\Local\Microsoft\ee696559-8c61-0111-9027-54bf2daeb58f\1b38b176-523c-4d3e-a650-316e6b799a24.exe [194560 2013-02-27] () [File not signed]
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-23] () [File not signed]
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [85664 2012-02-13] (Atheros Commnucations) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-06-13] (Intel Corporation)
S2 d770ef06-7e04-473e-9384-af2c8ad9b429; C:\Users\akrem\AppData\Local\Microsoft\ee696559-8c61-0111-9027-54bf2daeb58f\1b38b176-523c-4d3e-a650-316e6b799a24.exe [194560 2013-02-27] () [File not signed]
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2139328 2014-05-27] (Comodo Security Solutions, Inc.)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-16] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-16] (globalUpdate) [File not signed] <==== ATTENTION
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-06-13] ()
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-06-13] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6086640 2015-05-19] (Reimage®)
R2 SamsungDeviceConfigurationWinService; C:\Program Files\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 Service Mgr InternetProgram; C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe [660760 2015-07-16] ()
R2 SmdmFService; C:\Program Files\Assets Manager\smdmf\SmdmFService.exe [3570704 2015-01-28] (Aztec Media Inc)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771968 2015-07-22] (Enigma Software Group USA, LLC.)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-08-03] (Microsoft Corporation) [File not signed]
R2 Update Mgr InternetProgram; C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe [573208 2015-07-21] ()
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-13] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35488 2012-02-13] (Atheros)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [298144 2012-02-13] (Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [97952 2012-02-13] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25248 2012-02-13] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [147616 2012-02-13] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60064 2012-02-13] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [263968 2012-02-13] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [468640 2012-02-13] (Atheros)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-07-22] ()
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [211280 2012-03-14] (ELAN Microelectronics Corp.)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Assets Manager\smdmf\smdmfmgrc3.cfg [38288 2015-01-28] (Aztec Media Inc)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation)
S3 cpuz134; \??\C:\Users\akrem\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 14:16 - 2014-09-16 16:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.decryptedKLR.Wdf
2015-07-22 14:16 - 2014-09-16 16:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.decryptedKLR.Wdf
2015-07-22 14:16 - 2014-05-31 21:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SABI_01009.decryptedKLR.Wdf
2015-07-22 14:16 - 2014-05-31 21:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btath_hcrp_01009.decryptedKLR.Wdf
2015-07-22 14:16 - 2014-05-31 21:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.decryptedKLR.Wdf
2015-07-22 14:16 - 2012-02-13 10:27 - 00020963 _____ C:\Windows\system32\Drivers\RampsFile_index_table.decryptedKLR.xlsx
2015-07-22 14:16 - 2009-07-14 06:39 - 00000000 _____ C:\Windows\setuperr.decryptedKLR.log
2015-07-22 14:13 - 2015-06-29 16:46 - 00407911 _____ C:\Users\akrem\Downloads\Action-Man.decryptedKLR.zip
2015-07-22 14:13 - 2015-06-14 18:12 - 04037564 _____ C:\Users\akrem\Downloads\Soft_starbox300HD_Cup_wolrd@avatar.decryptedKLR.rar
2015-07-22 14:13 - 2015-06-05 15:26 - 00203203 _____ C:\Users\akrem\Downloads\webfontkit-20150604-102429.decryptedKLR.zip
2015-07-22 14:07 - 2015-07-22 14:07 - 00001200 _____ C:\Users\akrem\Desktop\SpyHunter.lnk
2015-07-22 14:07 - 2015-07-22 14:07 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Enigma Software Group
2015-07-22 14:06 - 2015-07-22 14:07 - 00000000 ____D C:\sh4ldr
2015-07-22 14:03 - 2015-07-22 14:03 - 00786080 _____ (Kaspersky Lab ZAO) C:\Users\akrem\Downloads\rectordecryptor.exe
2015-07-22 13:59 - 2015-07-22 13:59 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-07-22 13:57 - 2015-07-22 13:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-07-22 13:55 - 2015-07-22 13:56 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\akrem\Downloads\SpyHunter-Installer (1).exe
2015-07-22 13:52 - 2015-07-22 13:52 - 00000000 ___RD C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-21 22:23 - 2015-07-21 22:27 - 00000240 _____ C:\Users\akrem\Downloads\Search.txt
2015-07-21 22:21 - 2015-07-21 22:21 - 00074969 _____ C:\Users\akrem\Downloads\Shortcut.txt
2015-07-21 22:19 - 2015-07-21 22:21 - 00038552 _____ C:\Users\akrem\Downloads\Addition.txt
2015-07-21 22:18 - 2015-07-22 14:56 - 00027503 _____ C:\Users\akrem\Downloads\FRST.txt
2015-07-21 22:17 - 2015-07-22 14:55 - 00000000 ____D C:\FRST
2015-07-21 22:17 - 2015-07-21 22:17 - 01638912 _____ (Farbar) C:\Users\akrem\Downloads\FRST.exe
2015-07-21 22:05 - 2015-07-21 22:05 - 03502080 _____ C:\Users\akrem\Documents\ffdshow.ax
2015-07-21 22:05 - 2015-07-21 22:05 - 00001154 _____ C:\Users\akrem\Documents\Wave.hlsl
2015-07-21 22:05 - 2015-07-21 22:05 - 00000923 _____ C:\Users\akrem\Documents\Grayscale.hlsl
2015-07-21 21:51 - 2015-07-21 21:51 - 09485552 _____ (MPC-HC Team) C:\Users\akrem\Documents\mpc-hc.exe
2015-07-21 21:51 - 2015-07-21 21:51 - 01998168 _____ C:\Users\akrem\Documents\d3dx9_43.dll
2015-07-21 21:51 - 2015-07-21 21:51 - 00171760 _____ C:\Users\akrem\Documents\mpcresources.es.dll
2015-07-21 21:51 - 2015-07-21 21:51 - 00169712 _____ (MPC-HC Team) C:\Users\akrem\Documents\mpcresources.ca.dll
2015-07-21 21:51 - 2015-07-21 21:51 - 00160496 _____ C:\Users\akrem\Documents\mpcresources.hr.dll
2015-07-21 21:51 - 2015-07-21 21:51 - 00137728 _____ C:\Users\akrem\Documents\mkv2vfr.exe
2015-07-21 21:51 - 2015-07-21 21:51 - 00097792 _____ C:\Users\akrem\Documents\ac3config.exe
2015-07-21 21:51 - 2015-07-21 21:51 - 00025664 _____ C:\Users\akrem\Documents\basswv.dll
2015-07-21 21:50 - 2015-07-21 22:05 - 00556032 _____ C:\Users\akrem\Documents\splitter.ax
2015-07-21 21:50 - 2015-07-21 22:05 - 00233984 _____ (http://www.dsp-worx.de) C:\Users\akrem\Documents\DCBassSourceMod.ax
2015-07-21 21:49 - 2015-07-21 22:05 - 01406976 _____ C:\Users\akrem\Documents\ac3filter.ax
2015-07-21 21:49 - 2015-07-21 22:05 - 00980040 _____ C:\Users\akrem\Documents\LAVVideo.ax
2015-07-21 21:49 - 2015-07-21 22:05 - 00490496 _____ (www.madshi.net) C:\Users\akrem\Documents\madFlac.ax
2015-07-21 21:49 - 2015-07-21 22:05 - 00291408 _____ (Packed With Joy !) C:\Users\akrem\Documents\DivXa32.acm
2015-07-21 21:49 - 2015-07-21 22:05 - 00001758 _____ C:\Users\akrem\Documents\LAV Video Configuration.lnk
2015-07-21 21:49 - 2015-07-21 22:05 - 00000974 _____ C:\Users\akrem\Documents\16-235 to 0-255 [SD][HD].hlsl
2015-07-21 21:49 - 2015-07-21 21:49 - 00018431 _____ C:\Users\akrem\Documents\COPYING
2015-07-21 21:49 - 2015-07-21 21:49 - 00008230 _____ C:\Users\akrem\Documents\noConnect[1]
2015-07-21 21:49 - 2015-07-21 21:49 - 00005326 _____ C:\Users\akrem\Documents\c_pioneeringad_com[6]
2015-07-21 21:49 - 2015-07-21 21:49 - 00004096 _____ C:\Users\akrem\Documents\c_pioneeringad_com[8]
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCAIZORIV.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCAHDVZAH.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCAC30M0I.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCA1V8WLV.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAd[10].aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001082 _____ C:\Users\akrem\Documents\BG31RTCAC37SLXCABID4G6CA8BVH1VCAOVP8UECAW0SEOPCA4ONILWCAVI82LBCANXX9IWCA8J5NL8CA2H74G4CAE52R73CAGQ73HACA3RHDA4CAHKSS34CASQMVX3CAPV5SPLCAIYGHS9CATAPB7TCAEDB3O7
2015-07-21 21:49 - 2015-07-21 21:49 - 00001077 _____ C:\Users\akrem\Documents\GetAdCASBA5Q4.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001077 _____ C:\Users\akrem\Documents\GetAdCA5S1ZVF.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00000509 _____ C:\Users\akrem\Documents\q[2]
2015-07-21 21:47 - 2015-07-21 21:47 - 00004096 _____ C:\Users\akrem\Documents\47e02a[1].eot
2015-07-21 21:41 - 2015-07-21 21:41 - 02572304 _____ (File Recovery Ltd. ) C:\Users\akrem\Downloads\undelete-360-setup (1).exe
2015-07-21 21:30 - 2015-07-21 21:30 - 00000000 ____D C:\Users\akrem\AppData\Roaming\MPC-HC
2015-07-21 21:29 - 2015-07-21 21:29 - 00001091 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2015-07-21 21:29 - 2015-07-21 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-07-21 21:29 - 2015-07-21 21:29 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-07-21 21:22 - 2015-07-21 21:22 - 00000047 _____ C:\Windows\wininit.ini
2015-07-21 21:07 - 2015-07-21 21:08 - 36783747 _____ ( ) C:\Users\akrem\Downloads\K-Lite_Codec_Pack_1128_Full.exe
2015-07-16 17:45 - 2015-07-16 17:47 - 08858704 _____ (1f0.de ) C:\Users\akrem\Downloads\LAVFilters-0.65-Installer.exe
2015-07-16 17:45 - 2015-07-16 17:45 - 00604800 _____ (1f0.de ) C:\Users\akrem\Downloads\Non confirmé 592996.crdownload
2015-07-16 17:43 - 2015-07-16 17:44 - 03220736 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\akrem\Downloads\UsbFix_2015_7.996.exe
2015-07-16 17:36 - 2015-07-22 13:52 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-16 17:16 - 2015-07-16 17:20 - 41006544 _____ (Media Player - Codec Pack) C:\Users\akrem\Downloads\media.player.codec.pack.v4.3.8.setup.exe
2015-07-16 17:10 - 2015-07-21 21:42 - 00001132 _____ C:\Users\akrem\Desktop\Undelete 360.lnk
2015-07-16 17:10 - 2015-07-21 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undelete360
2015-07-16 17:10 - 2015-07-16 17:10 - 00000000 ____D C:\Program Files\File Recovery
2015-07-16 17:08 - 2015-07-16 17:08 - 02572304 _____ (File Recovery Ltd. ) C:\Users\akrem\Downloads\undelete-360-setup.exe
2015-07-16 17:05 - 2015-07-16 17:05 - 01073608 _____ (File Repair ) C:\Users\akrem\Downloads\file-repair-setup_2.1.2.exe
2015-07-16 17:05 - 2015-07-16 17:05 - 00001113 _____ C:\Users\akrem\Desktop\File Repair.lnk
2015-07-16 17:05 - 2015-07-16 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
2015-07-16 17:05 - 2015-07-16 17:05 - 00000000 ____D C:\Program Files\Repair File
2015-07-16 16:56 - 2014-03-18 06:06 - 01392640 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2015-07-16 16:50 - 2015-07-16 16:50 - 00002068 _____ C:\Users\akrem\Desktop\AppsHat.lnk
2015-07-16 16:50 - 2015-07-16 16:50 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2015-07-16 16:50 - 2015-07-16 16:50 - 00000000 ____D C:\Users\akrem\AppData\Local\WebPlayer
2015-07-16 16:49 - 2015-07-22 14:49 - 00005478 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-6.job
2015-07-16 16:49 - 2015-07-22 14:49 - 00002754 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-1-6.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00005142 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-7.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00004800 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-11.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00004798 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-4.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00004118 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-3.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00003098 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-1-7.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00002406 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-5_user.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00002406 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-5.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00000874 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-16 16:49 - 2015-07-21 22:54 - 00000878 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-07-16 16:49 - 2015-07-16 16:49 - 00000000 ____D C:\Users\akrem\AppData\Local\globalUpdate
2015-07-16 16:49 - 2015-07-16 16:49 - 00000000 ____D C:\Program Files\globalUpdate
2015-07-16 16:49 - 2015-07-16 16:49 - 00000000 ____D C:\Program Files\2bc04ec8-9495-4dee-b94b-0321b2c86733
2015-07-16 16:48 - 2015-07-22 14:48 - 00002072 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-10_user.job
2015-07-16 16:48 - 2015-07-17 04:17 - 00000000 ____D C:\Program Files\App Lid
2015-07-16 16:48 - 2015-07-16 16:48 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-16 16:48 - 2015-07-16 16:48 - 00000000 ____D C:\Program Files\MiuiTab
2015-07-16 16:47 - 2015-07-16 16:47 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-16 16:46 - 2015-07-16 16:46 - 00000000 ____D C:\Users\akrem\AppData\Roaming\istartsurf
2015-07-16 16:46 - 2015-07-16 16:46 - 00000000 ____D C:\Program Files\Shark007
2015-07-16 16:45 - 2015-07-21 21:26 - 00000000 ____D C:\ProgramData\Advanced
2015-07-16 16:33 - 2015-07-16 16:45 - 52332336 _____ C:\Users\akrem\Downloads\ADVANCED_Codecs_v529.exe
2015-07-10 16:35 - 2015-07-10 16:35 - 00149792 _____ C:\Windows\Minidump\071015-16317-01.dmp
2015-07-03 19:44 - 2015-07-03 19:44 - 00149792 _____ C:\Windows\Minidump\070315-16582-01.dmp
2015-06-29 17:14 - 2015-07-02 14:14 - 00000103 _____ C:\Users\akrem\AppData\Roaming\WB.CFG
2015-06-29 16:46 - 2015-06-29 16:46 - 00407911 _____ C:\Users\akrem\Downloads\Action-Man.zip
2015-06-29 16:46 - 2015-06-29 16:46 - 00090784 _____ C:\Users\akrem\Downloads\Action_Man_Shaded_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00090596 _____ C:\Users\akrem\Downloads\Action_Man_Shaded.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00052544 _____ C:\Users\akrem\Downloads\Action_Man_Extended_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00052472 _____ C:\Users\akrem\Downloads\Action_Man_Extended.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00051948 _____ C:\Users\akrem\Downloads\Action_Man_Extended_Bold_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00051744 _____ C:\Users\akrem\Downloads\Action_Man_Extended_Bold.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00049424 _____ C:\Users\akrem\Downloads\Action_Man_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00049408 _____ C:\Users\akrem\Downloads\Action_Man.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00049008 _____ C:\Users\akrem\Downloads\Action_Man_Bold_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00048976 _____ C:\Users\akrem\Downloads\Action_Man_Bold.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00001031 _____ C:\Users\akrem\Downloads\Iconian Fonts License.txt
2015-06-29 16:45 - 2015-07-02 16:51 - 00012018 _____ C:\Windows\system32\ScanResults.xml
2015-06-29 16:35 - 2015-07-02 16:45 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-06-28 16:59 - 2015-06-28 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyPHP DevServer 14.1 VC11
2015-06-28 16:59 - 2015-06-28 16:59 - 00000000 ____D C:\Program Files\EasyPHP-DevServer-14.1VC11
2015-06-28 16:32 - 2015-06-28 16:54 - 35082749 _____ (EasyPHP Team ) C:\Users\akrem\Downloads\EasyPHP-DevServer-14.1VC11-install.exe
2015-06-27 15:33 - 2015-06-27 15:33 - 00149792 _____ C:\Windows\Minidump\062715-13993-01.dmp
2015-06-27 02:36 - 2015-06-27 02:43 - 00000000 ____D C:\rei
2015-06-27 02:36 - 2015-06-27 02:38 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-06-27 02:36 - 2015-06-27 02:38 - 00000000 ____D C:\Program Files\Reimage
2015-06-27 02:36 - 2015-06-27 02:36 - 00002054 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-06-27 02:36 - 2015-06-27 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-06-27 02:34 - 2015-06-27 02:38 - 00000156 _____ C:\Windows\Reimage.ini
2015-06-27 02:34 - 2015-06-27 02:34 - 00772016 _____ (Reimage®) C:\Users\akrem\Downloads\ReimageRepair.exe
2015-06-25 14:50 - 2015-06-25 14:56 - 00000281 _____ C:\Users\akrem\Desktop\session.php
2015-06-25 14:47 - 2015-06-25 14:48 - 00000000 ____D C:\Program Files\EasyPHP-DevServer-13.1VC9
2015-06-25 14:47 - 2015-06-25 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyPHP DevServer 13.1 VC9
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 14:54 - 2015-01-18 17:54 - 00000000 ____D C:\Users\akrem\AppData\Roaming\vlc
2015-07-22 14:53 - 2015-01-10 17:37 - 00000000 ____D C:\Users\akrem\AppData\Roaming\BitTorrent
2015-07-22 14:45 - 2015-02-18 19:08 - 00000000 ____D C:\ProgramData\smdmf
2015-07-22 14:36 - 2014-05-31 21:11 - 00000000 ____D C:\Users\akrem
2015-07-22 14:22 - 2015-06-14 17:31 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 14:17 - 2014-11-13 16:43 - 00000000 ____D C:\Users\akrem\AppData\Local\CrashDumps
2015-07-22 14:15 - 2014-05-31 23:05 - 00000000 ____D C:\Windows\Panther
2015-07-22 14:14 - 2015-05-22 12:18 - 00000000 ____D C:\wamp
2015-07-22 14:14 - 2015-05-22 12:14 - 00000328 _____ C:\Windows\Tasks\Chromium.job
2015-07-22 14:12 - 2015-06-05 13:43 - 00000000 ____D C:\Users\akrem\Desktop\site clubafricain
2015-07-22 14:12 - 2015-06-04 15:09 - 00000000 ____D C:\Users\akrem\Desktop\site
2015-07-22 14:12 - 2015-06-01 16:28 - 00000000 ____D C:\Users\akrem\Desktop\essais
2015-07-22 14:12 - 2014-12-30 23:45 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Skype
2015-07-22 14:08 - 2014-05-31 21:13 - 00000000 ____D C:\Program Files\WinRAR
2015-07-22 14:06 - 2014-05-31 21:33 - 00000000 ____D C:\Program Files\Elantech
2015-07-22 14:04 - 2014-05-31 21:29 - 00000000 ____D C:\Program Files\Bluetooth Suite
2015-07-22 14:04 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\Services
2015-07-22 13:53 - 2014-11-19 17:42 - 00000000 ____D C:\Users\akrem\AppData\Local\Google
2015-07-22 13:52 - 2015-06-14 17:31 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 13:52 - 2014-05-31 21:22 - 00000818 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-07-22 13:52 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 13:52 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 13:50 - 2015-01-31 23:04 - 00000000 ____D C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9
2015-07-22 13:46 - 2015-01-31 23:05 - 00000000 ____D C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9
2015-07-22 13:45 - 2015-02-02 16:39 - 00000650 __RSH C:\ProgramData\ntuser.pol
2015-07-22 13:45 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 13:45 - 2009-07-14 06:39 - 00044164 _____ C:\Windows\setupact.log
2015-07-21 21:34 - 2015-01-16 15:10 - 00000000 ____D C:\Users\akrem\Downloads\films
2015-07-21 21:23 - 2014-10-17 15:27 - 00013930 _____ C:\Windows\PFRO.log
2015-07-21 19:36 - 2015-06-05 13:36 - 00000354 _____ C:\Windows\Tasks\AelousIntern.job
2015-07-21 19:28 - 2009-07-14 06:53 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-20 17:23 - 2014-05-31 21:19 - 01524562 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 17:44 - 2015-06-14 17:04 - 00000000 ____D C:\UsbFix
2015-07-16 17:41 - 2015-01-31 23:04 - 00000000 ____D C:\Program Files\Opera
2015-07-16 17:33 - 2015-01-10 17:38 - 00000000 ____D C:\Users\akrem\AppData\Roaming\OpenCandy
2015-07-16 17:14 - 2009-07-14 11:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-16 16:54 - 2015-01-18 17:53 - 00000984 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-16 16:46 - 2015-06-14 17:31 - 00002375 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-16 16:46 - 2015-01-31 23:14 - 00001369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-16 16:46 - 2015-01-31 23:14 - 00001357 _____ C:\Users\Public\Desktop\Opera.lnk
2015-07-16 16:46 - 2014-06-01 20:34 - 00001405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-16 16:46 - 2014-06-01 20:34 - 00001393 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-16 16:46 - 2014-05-31 21:12 - 00001717 _____ C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-10 16:35 - 2015-04-13 17:00 - 00000000 ____D C:\Windows\Minidump
2015-07-10 16:34 - 2015-04-13 17:00 - 359200285 _____ C:\Windows\MEMORY.DMP
2015-07-10 15:05 - 2014-05-31 21:22 - 00000820 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-07-08 17:21 - 2015-06-14 17:46 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Solvusoft
==================== Files in the root of some directories =======
2015-02-22 19:38 - 2015-02-20 23:28 - 0765952 _____ () C:\Users\akrem\AppData\Roaming\C17uO.exe
2015-06-01 16:52 - 2015-06-01 16:52 - 0008690 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.HTML
2015-06-01 16:52 - 2015-06-01 16:52 - 0045479 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.PNG
2015-06-01 16:52 - 2015-06-01 16:52 - 0001408 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.TXT.cdhnsvk
2015-06-01 16:52 - 2015-06-01 16:52 - 0000304 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.URL
2015-02-18 18:07 - 2015-02-11 23:57 - 0805888 _____ (Ghisler Software GmbH) C:\Users\akrem\AppData\Roaming\UOC55.exe
2015-02-16 22:13 - 2015-02-16 22:13 - 0802816 _____ (Alexander Roshal) C:\Users\akrem\AppData\Roaming\W5uOC.exe
2015-06-29 17:14 - 2015-07-02 14:14 - 0000103 _____ () C:\Users\akrem\AppData\Roaming\WB.CFG
2015-02-13 23:59 - 2015-02-13 23:59 - 0731648 _____ (Microsoft Corporation) C:\Users\akrem\AppData\Roaming\YWSKU.exe
2015-06-01 16:52 - 2015-06-01 16:52 - 0008690 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.HTML
2015-06-01 16:52 - 2015-06-01 16:52 - 0045479 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.PNG
2015-06-01 16:52 - 2015-06-01 16:52 - 0001408 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.TXT.cdhnsvk
2015-06-01 16:52 - 2015-06-01 16:52 - 0000304 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.URL
2015-06-01 16:51 - 2015-06-01 16:51 - 0008690 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-06-01 16:51 - 2015-06-01 16:51 - 0045479 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-06-01 16:51 - 2015-06-01 16:51 - 0001408 _____ () C:\ProgramData\HELP_DECRYPT.TXT.cdhnsvk
2015-06-01 16:51 - 2015-06-01 16:51 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-06-02 18:35 - 2015-06-02 18:37 - 0358595 _____ () C:\ProgramData\hslbkub.html
Files to move or delete:
====================
C:\Windows\TEMP\temp561917692.exe
Some files in TEMP:
====================
C:\Users\akrem\AppData\Local\Temp\appshat_generic.exe
C:\Users\akrem\AppData\Local\Temp\bitool.dll
C:\Users\akrem\AppData\Local\Temp\ReimagePackage.exe
C:\Users\akrem\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\akrem\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\akrem\AppData\Local\Temp\vlc-2.2.1-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 00:22
==================== End of log ============================
Ran by akrem (administrator) on AKREM-PC on 22-07-2015 14:55:52
Running from C:\Users\akrem\Downloads
Loaded Profiles: akrem (Available Profiles: akrem)
Platform: Microsoft Windows 7 Édition Intégrale (X86) OS Language: Français (France)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(XTab system) C:\Program Files\MiuiTab\ProtectService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe
(Aztec Media Inc) C:\Program Files\Assets Manager\smdmf\SmdmFService.exe
() C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\8\Plugin.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\6\Plugin.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\7\Plugin.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\5\Plugin.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\3\Plugin.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lid) C:\Program Files\App Lid\acdd9e28-6a78-489c-82f9-85f922b00dcf-1-6.exe
(Lid) C:\Program Files\App Lid\acdd9e28-6a78-489c-82f9-85f922b00dcf-6.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Lid) C:\Program Files\App Lid\acdd9e28-6a78-489c-82f9-85f922b00dcf-10.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Hex-RAYS SA) C:\Users\akrem\AppData\Roaming\kureg\lasix.exe
(Hex-RayS SA) C:\Users\akrem\AppData\Roaming\bonomex\gopidul.exe
(Hex-RaYS SA) C:\Users\akrem\AppData\Roaming\wajez\qesiwa.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\7\Plugin.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ooVoo LLC) C:\Program Files\ooVoo\ooVoo.exe
(BitTorrent Inc.) C:\Users\akrem\AppData\Roaming\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Hex-RayS SA) C:\Users\akrem\AppData\Roaming\misa\pawoko.exe
(Hex-RayS SA) C:\Users\akrem\AppData\Roaming\tej\yisifa.exe
() C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\3\Plugin.exe
() C:\Users\akrem\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SearchProtect) C:\Program Files\MiuiTab\CmdShell.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\MovieColorEnhancer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(The Eraser Project ) C:\Users\akrem\AppData\Local\Unmedia\tmpC0D9.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(XTab system) C:\Program Files\MiuiTab\HPNotify.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [874144 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [695456 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2194256 2012-06-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bino] => C:\Users\akrem\AppData\Roaming\tej\yisifa.exe [300544 2015-03-30] (Hex-RayS SA)
HKLM\...\Run: [dec] => C:\Users\akrem\AppData\Roaming\kureg\lasix.exe [301056 2015-04-10] (Hex-RAYS SA)
HKLM\...\Run: [pey] => C:\Users\akrem\AppData\Roaming\bonomex\gopidul.exe [299008 2015-04-01] (Hex-RayS SA)
HKLM\...\Run: [siwa] => C:\Users\akrem\AppData\Roaming\wajez\qesiwa.exe [303616 2015-04-06] (Hex-RaYS SA)
HKLM\...\Run: [puxo] => C:\Users\akrem\AppData\Roaming\misa\pawoko.exe [304128 2015-03-28] (Hex-RayS SA)
HKLM\...\Run: [NetworkVerifyer] => C:\Windows\TEMP\temp561917692.exe [1066960 2015-07-10] () <===== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31283328 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [ooVoo.exe] => C:\Program Files\ooVoo\oovoo.exe [36202560 2014-09-01] (ooVoo LLC)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [BitTorrent] => C:\Users\akrem\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Unmedia] => C:\Users\akrem\AppData\Local\Unmedia\tmpC0D9.exe [260376 2015-02-11] (The Eraser Project )
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Odqics] => regsvr32.exe C:\Users\akrem\AppData\Local\Odqics\loader_u.dll <===== ATTENTION
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [Ocics] => C:\Windows\System32\regsvr32.exe C:\Users\akrem\AppData\Local\Unmedia\loader_u.dll
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [puxo] => C:\Users\akrem\AppData\Roaming\misa\pawoko.exe [304128 2015-03-28] (Hex-RayS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [bino] => C:\Users\akrem\AppData\Roaming\tej\yisifa.exe [300544 2015-03-30] (Hex-RayS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [pey] => C:\Users\akrem\AppData\Roaming\bonomex\gopidul.exe [299008 2015-04-01] (Hex-RayS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [siwa] => C:\Users\akrem\AppData\Roaming\wajez\qesiwa.exe [303616 2015-04-06] (Hex-RaYS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [dec] => C:\Users\akrem\AppData\Roaming\kureg\lasix.exe [301056 2015-04-10] (Hex-RAYS SA)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [GoogleChromeAutoLaunch_6D5B6ADD8C7DBADA758F0FF7F44F69C4] => C:\Users\akrem\AppData\Local\Chromium\Application\chrome.exe [656384 2015-05-18] (The Chromium Authors)
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Run: [AppsHat] => C:\Users\akrem\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\RunOnce: [Software Removal Tool] => "C:\Users\akrem\AppData\Local\Temp\BCE.exe" --chrome-prompt --post-reboot <===== ATTENTION
HKU\S-1-5-18\...\Run: [b13b88da-c3c4-00a0-9f6a-140db6409885] => C:\Users\akrem\AppData\Local\Microsoft\ee696559-8c61-0111-9027-54bf2daeb58f\1b38b176-523c-4d3e-a650-316e6b799a24.exe [194560 2013-02-27] ()
AppInit_DLLs: C:\Users\akrem\AppData\Local\Linkey\IEEXTE~1\ietlb.dll => C:\Users\akrem\AppData\Local\Linkey\IEExtension\ietlb.dll [129040 2014-10-22] ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ENGLISH FOR LOW LEVELS_LESSON 01.avi - YouTube.webm.lnk [2015-01-31]
ShortcutTarget: ENGLISH FOR LOW LEVELS_LESSON 01.avi - YouTube.webm.lnk -> C:\ProgramData\{d20c2f49-f1ae-6bd7-d20c-c2f49f1abd27}\ENGLISH FOR LOW LEVELS_LESSON 01.avi - YouTube.webm.exe ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML [2015-06-01] ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-06-01] ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-06-14] ()
Startup: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT.cdhnsvk [2015-06-01] ()
InternetURL: C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://7oqnsnzwwnm6zb7y.paygateawayoros.com/1Rjs8oU
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\smdmf\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll [2015-02-11] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-810618705-3542997047-1480512222-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-xl/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_338a9f29-8257-4587-bb9b-77a59d069939&q={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = http://q.search-simple.com/?affID=bl_338a9f29-8257-4587-bb9b-77a59d069939&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=114&itype=a&ver=15511&tm=530&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> OldSearch URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-810618705-3542997047-1480512222-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357&ts=1437058082&type=default&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\akrem\AppData\Local\Linkey\IEExtension\iedll.dll [2014-10-22] (Aztec Media Inc)
BHO: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> No File
BHO: uniosAlleis -> {7849bfa9-a5b9-4834-b735-1c28995a28c4} -> C:\Program Files\uniosAlleis\Lt37e3WGEvA16N.dll [2015-01-31] ()
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2012-02-13] (Atheros Commnucations)
BHO: youtubeadblocker -> {ae63257a-410e-4c0c-8cec-aab34c414cc4} -> C:\Program Files\youtubeadblocker\FKrTmdLGqjAEfg.dll [2015-01-31] ()
BHO: Internet Program -> {ff0021ad-2cc3-4e0d-8e3c-b4153a64a495} -> C:\Program Files\Internet Program\Extensions\ff0021ad-2cc3-4e0d-8e3c-b4153a64a495.dll [2015-01-30] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6625148B-2F27-4BC6-B5F2-B392054B613E}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_788_bl-is-26__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-16] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-16] (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF user.js: detected! => C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\user.js [2015-07-22]
FF SearchPlugin: C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\searchplugins\default-search.xml [2015-02-18]
FF SearchPlugin: C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\searchplugins\search-provided-by-yahoo.xml [2015-05-22]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2015-02-18]
FF Extension: App Lid - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com [2015-07-16]
FF Extension: Linkey for Firefox - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\extension@linkeyproject.com [2014-11-13]
FF Extension: QuickSearch - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\searchffv2@gmail.com [2015-07-16]
FF Extension: Search Enginer - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\sweetsearch@gmail.com [2015-07-16]
FF Extension: youtubeadblocker - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\yBOvIhCx@T.com [2015-01-31]
FF Extension: uuniissAles - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\ZFa@Mbn.edu [2015-01-31]
FF Extension: Xpert-Web - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\{58e3c1c9-2dc1-4762-bd45-1df9da9d0820} [2014-11-17]
FF Extension: InkWordList Class - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\{9DD4C48C-56C0-9803-064A-D41A48BF5714} [2015-02-11]
FF Extension: ooVoo Search App powered by Ask - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\toolbar_OVO2-SP@apn.ask.com.xpi [2014-12-13]
FF Extension: Internet Program - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\Extensions\{4336b0e4-2dcf-4c63-95e2-54bc01ce798c}.xpi [2015-01-31]
FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\extensions\searchffv2@gmail.com
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\akrem\AppData\Roaming\Mozilla\Firefox\Profiles\sd6f8c5l.default\extensions\sweetsearch@gmail.com
FF HKU\S-1-5-21-810618705-3542997047-1480512222-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (App Lid) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemgobnhmjkokaanfjcikbeddfpfbcce [2015-07-16]
CHR Extension: (Google Docs) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-14]
CHR Extension: (Google Drive) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-14]
CHR Extension: (YouTube) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-14]
CHR Extension: (Google Search) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Google Sheets) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-14]
CHR Extension: (Google Wallet) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-14]
CHR Extension: (Gmail) - C:\Users\akrem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-14]
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-810618705-3542997047-1480512222-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357
Opera:
=======
OPR Extension: (App Lid) - C:\Users\akrem\AppData\Roaming\Opera Software\Opera Stable\Extensions\aemgobnhmjkokaanfjcikbeddfpfbcce [2015-07-16]
OPR Extension: (Internet Program) - C:\Users\akrem\AppData\Roaming\Opera Software\Opera Stable\Extensions\lceiomaldlbdpggkknflmpmafmhpodac [2015-05-07]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.istartsurf.com/?type=sc&ts=1437057969&z=402c530e9ed81dbeddfce4eg8zcc2qat1m5w2e3e9w&from=smt&uid=ST500LM012XHN-M500MBB_S2RSJ9CC977357
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 95b0aa1e-a934-4569-b056-67b0849ff460; C:\Users\akrem\AppData\Local\Microsoft\ee696559-8c61-0111-9027-54bf2daeb58f\1b38b176-523c-4d3e-a650-316e6b799a24.exe [194560 2013-02-27] () [File not signed]
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-23] () [File not signed]
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [85664 2012-02-13] (Atheros Commnucations) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-06-13] (Intel Corporation)
S2 d770ef06-7e04-473e-9384-af2c8ad9b429; C:\Users\akrem\AppData\Local\Microsoft\ee696559-8c61-0111-9027-54bf2daeb58f\1b38b176-523c-4d3e-a650-316e6b799a24.exe [194560 2013-02-27] () [File not signed]
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2139328 2014-05-27] (Comodo Security Solutions, Inc.)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-16] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-16] (globalUpdate) [File not signed] <==== ATTENTION
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-06-13] ()
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-06-13] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6086640 2015-05-19] (Reimage®)
R2 SamsungDeviceConfigurationWinService; C:\Program Files\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 Service Mgr InternetProgram; C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe [660760 2015-07-16] ()
R2 SmdmFService; C:\Program Files\Assets Manager\smdmf\SmdmFService.exe [3570704 2015-01-28] (Aztec Media Inc)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771968 2015-07-22] (Enigma Software Group USA, LLC.)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-08-03] (Microsoft Corporation) [File not signed]
R2 Update Mgr InternetProgram; C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe [573208 2015-07-21] ()
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-13] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35488 2012-02-13] (Atheros)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [298144 2012-02-13] (Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [97952 2012-02-13] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25248 2012-02-13] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [147616 2012-02-13] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60064 2012-02-13] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [263968 2012-02-13] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [468640 2012-02-13] (Atheros)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-07-22] ()
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [211280 2012-03-14] (ELAN Microelectronics Corp.)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Assets Manager\smdmf\smdmfmgrc3.cfg [38288 2015-01-28] (Aztec Media Inc)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation)
S3 cpuz134; \??\C:\Users\akrem\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 14:16 - 2014-09-16 16:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.decryptedKLR.Wdf
2015-07-22 14:16 - 2014-09-16 16:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_09_00.decryptedKLR.Wdf
2015-07-22 14:16 - 2014-05-31 21:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SABI_01009.decryptedKLR.Wdf
2015-07-22 14:16 - 2014-05-31 21:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btath_hcrp_01009.decryptedKLR.Wdf
2015-07-22 14:16 - 2014-05-31 21:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.decryptedKLR.Wdf
2015-07-22 14:16 - 2012-02-13 10:27 - 00020963 _____ C:\Windows\system32\Drivers\RampsFile_index_table.decryptedKLR.xlsx
2015-07-22 14:16 - 2009-07-14 06:39 - 00000000 _____ C:\Windows\setuperr.decryptedKLR.log
2015-07-22 14:13 - 2015-06-29 16:46 - 00407911 _____ C:\Users\akrem\Downloads\Action-Man.decryptedKLR.zip
2015-07-22 14:13 - 2015-06-14 18:12 - 04037564 _____ C:\Users\akrem\Downloads\Soft_starbox300HD_Cup_wolrd@avatar.decryptedKLR.rar
2015-07-22 14:13 - 2015-06-05 15:26 - 00203203 _____ C:\Users\akrem\Downloads\webfontkit-20150604-102429.decryptedKLR.zip
2015-07-22 14:07 - 2015-07-22 14:07 - 00001200 _____ C:\Users\akrem\Desktop\SpyHunter.lnk
2015-07-22 14:07 - 2015-07-22 14:07 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Enigma Software Group
2015-07-22 14:06 - 2015-07-22 14:07 - 00000000 ____D C:\sh4ldr
2015-07-22 14:03 - 2015-07-22 14:03 - 00786080 _____ (Kaspersky Lab ZAO) C:\Users\akrem\Downloads\rectordecryptor.exe
2015-07-22 13:59 - 2015-07-22 13:59 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-07-22 13:57 - 2015-07-22 13:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-07-22 13:55 - 2015-07-22 13:56 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\akrem\Downloads\SpyHunter-Installer (1).exe
2015-07-22 13:52 - 2015-07-22 13:52 - 00000000 ___RD C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-21 22:23 - 2015-07-21 22:27 - 00000240 _____ C:\Users\akrem\Downloads\Search.txt
2015-07-21 22:21 - 2015-07-21 22:21 - 00074969 _____ C:\Users\akrem\Downloads\Shortcut.txt
2015-07-21 22:19 - 2015-07-21 22:21 - 00038552 _____ C:\Users\akrem\Downloads\Addition.txt
2015-07-21 22:18 - 2015-07-22 14:56 - 00027503 _____ C:\Users\akrem\Downloads\FRST.txt
2015-07-21 22:17 - 2015-07-22 14:55 - 00000000 ____D C:\FRST
2015-07-21 22:17 - 2015-07-21 22:17 - 01638912 _____ (Farbar) C:\Users\akrem\Downloads\FRST.exe
2015-07-21 22:05 - 2015-07-21 22:05 - 03502080 _____ C:\Users\akrem\Documents\ffdshow.ax
2015-07-21 22:05 - 2015-07-21 22:05 - 00001154 _____ C:\Users\akrem\Documents\Wave.hlsl
2015-07-21 22:05 - 2015-07-21 22:05 - 00000923 _____ C:\Users\akrem\Documents\Grayscale.hlsl
2015-07-21 21:51 - 2015-07-21 21:51 - 09485552 _____ (MPC-HC Team) C:\Users\akrem\Documents\mpc-hc.exe
2015-07-21 21:51 - 2015-07-21 21:51 - 01998168 _____ C:\Users\akrem\Documents\d3dx9_43.dll
2015-07-21 21:51 - 2015-07-21 21:51 - 00171760 _____ C:\Users\akrem\Documents\mpcresources.es.dll
2015-07-21 21:51 - 2015-07-21 21:51 - 00169712 _____ (MPC-HC Team) C:\Users\akrem\Documents\mpcresources.ca.dll
2015-07-21 21:51 - 2015-07-21 21:51 - 00160496 _____ C:\Users\akrem\Documents\mpcresources.hr.dll
2015-07-21 21:51 - 2015-07-21 21:51 - 00137728 _____ C:\Users\akrem\Documents\mkv2vfr.exe
2015-07-21 21:51 - 2015-07-21 21:51 - 00097792 _____ C:\Users\akrem\Documents\ac3config.exe
2015-07-21 21:51 - 2015-07-21 21:51 - 00025664 _____ C:\Users\akrem\Documents\basswv.dll
2015-07-21 21:50 - 2015-07-21 22:05 - 00556032 _____ C:\Users\akrem\Documents\splitter.ax
2015-07-21 21:50 - 2015-07-21 22:05 - 00233984 _____ (http://www.dsp-worx.de) C:\Users\akrem\Documents\DCBassSourceMod.ax
2015-07-21 21:49 - 2015-07-21 22:05 - 01406976 _____ C:\Users\akrem\Documents\ac3filter.ax
2015-07-21 21:49 - 2015-07-21 22:05 - 00980040 _____ C:\Users\akrem\Documents\LAVVideo.ax
2015-07-21 21:49 - 2015-07-21 22:05 - 00490496 _____ (www.madshi.net) C:\Users\akrem\Documents\madFlac.ax
2015-07-21 21:49 - 2015-07-21 22:05 - 00291408 _____ (Packed With Joy !) C:\Users\akrem\Documents\DivXa32.acm
2015-07-21 21:49 - 2015-07-21 22:05 - 00001758 _____ C:\Users\akrem\Documents\LAV Video Configuration.lnk
2015-07-21 21:49 - 2015-07-21 22:05 - 00000974 _____ C:\Users\akrem\Documents\16-235 to 0-255 [SD][HD].hlsl
2015-07-21 21:49 - 2015-07-21 21:49 - 00018431 _____ C:\Users\akrem\Documents\COPYING
2015-07-21 21:49 - 2015-07-21 21:49 - 00008230 _____ C:\Users\akrem\Documents\noConnect[1]
2015-07-21 21:49 - 2015-07-21 21:49 - 00005326 _____ C:\Users\akrem\Documents\c_pioneeringad_com[6]
2015-07-21 21:49 - 2015-07-21 21:49 - 00004096 _____ C:\Users\akrem\Documents\c_pioneeringad_com[8]
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCAIZORIV.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCAHDVZAH.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCAC30M0I.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAdCA1V8WLV.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001290 _____ C:\Users\akrem\Documents\GetAd[10].aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001082 _____ C:\Users\akrem\Documents\BG31RTCAC37SLXCABID4G6CA8BVH1VCAOVP8UECAW0SEOPCA4ONILWCAVI82LBCANXX9IWCA8J5NL8CA2H74G4CAE52R73CAGQ73HACA3RHDA4CAHKSS34CASQMVX3CAPV5SPLCAIYGHS9CATAPB7TCAEDB3O7
2015-07-21 21:49 - 2015-07-21 21:49 - 00001077 _____ C:\Users\akrem\Documents\GetAdCASBA5Q4.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00001077 _____ C:\Users\akrem\Documents\GetAdCA5S1ZVF.aspx
2015-07-21 21:49 - 2015-07-21 21:49 - 00000509 _____ C:\Users\akrem\Documents\q[2]
2015-07-21 21:47 - 2015-07-21 21:47 - 00004096 _____ C:\Users\akrem\Documents\47e02a[1].eot
2015-07-21 21:41 - 2015-07-21 21:41 - 02572304 _____ (File Recovery Ltd. ) C:\Users\akrem\Downloads\undelete-360-setup (1).exe
2015-07-21 21:30 - 2015-07-21 21:30 - 00000000 ____D C:\Users\akrem\AppData\Roaming\MPC-HC
2015-07-21 21:29 - 2015-07-21 21:29 - 00001091 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2015-07-21 21:29 - 2015-07-21 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-07-21 21:29 - 2015-07-21 21:29 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-07-21 21:22 - 2015-07-21 21:22 - 00000047 _____ C:\Windows\wininit.ini
2015-07-21 21:07 - 2015-07-21 21:08 - 36783747 _____ ( ) C:\Users\akrem\Downloads\K-Lite_Codec_Pack_1128_Full.exe
2015-07-16 17:45 - 2015-07-16 17:47 - 08858704 _____ (1f0.de ) C:\Users\akrem\Downloads\LAVFilters-0.65-Installer.exe
2015-07-16 17:45 - 2015-07-16 17:45 - 00604800 _____ (1f0.de ) C:\Users\akrem\Downloads\Non confirmé 592996.crdownload
2015-07-16 17:43 - 2015-07-16 17:44 - 03220736 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\akrem\Downloads\UsbFix_2015_7.996.exe
2015-07-16 17:36 - 2015-07-22 13:52 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-16 17:16 - 2015-07-16 17:20 - 41006544 _____ (Media Player - Codec Pack) C:\Users\akrem\Downloads\media.player.codec.pack.v4.3.8.setup.exe
2015-07-16 17:10 - 2015-07-21 21:42 - 00001132 _____ C:\Users\akrem\Desktop\Undelete 360.lnk
2015-07-16 17:10 - 2015-07-21 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undelete360
2015-07-16 17:10 - 2015-07-16 17:10 - 00000000 ____D C:\Program Files\File Recovery
2015-07-16 17:08 - 2015-07-16 17:08 - 02572304 _____ (File Recovery Ltd. ) C:\Users\akrem\Downloads\undelete-360-setup.exe
2015-07-16 17:05 - 2015-07-16 17:05 - 01073608 _____ (File Repair ) C:\Users\akrem\Downloads\file-repair-setup_2.1.2.exe
2015-07-16 17:05 - 2015-07-16 17:05 - 00001113 _____ C:\Users\akrem\Desktop\File Repair.lnk
2015-07-16 17:05 - 2015-07-16 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Repair
2015-07-16 17:05 - 2015-07-16 17:05 - 00000000 ____D C:\Program Files\Repair File
2015-07-16 16:56 - 2014-03-18 06:06 - 01392640 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2015-07-16 16:50 - 2015-07-16 16:50 - 00002068 _____ C:\Users\akrem\Desktop\AppsHat.lnk
2015-07-16 16:50 - 2015-07-16 16:50 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
2015-07-16 16:50 - 2015-07-16 16:50 - 00000000 ____D C:\Users\akrem\AppData\Local\WebPlayer
2015-07-16 16:49 - 2015-07-22 14:49 - 00005478 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-6.job
2015-07-16 16:49 - 2015-07-22 14:49 - 00002754 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-1-6.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00005142 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-7.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00004800 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-11.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00004798 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-4.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00004118 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-3.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00003098 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-1-7.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00002406 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-5_user.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00002406 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-5.job
2015-07-16 16:49 - 2015-07-22 13:52 - 00000874 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-16 16:49 - 2015-07-21 22:54 - 00000878 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-07-16 16:49 - 2015-07-16 16:49 - 00000000 ____D C:\Users\akrem\AppData\Local\globalUpdate
2015-07-16 16:49 - 2015-07-16 16:49 - 00000000 ____D C:\Program Files\globalUpdate
2015-07-16 16:49 - 2015-07-16 16:49 - 00000000 ____D C:\Program Files\2bc04ec8-9495-4dee-b94b-0321b2c86733
2015-07-16 16:48 - 2015-07-22 14:48 - 00002072 _____ C:\Windows\Tasks\acdd9e28-6a78-489c-82f9-85f922b00dcf-10_user.job
2015-07-16 16:48 - 2015-07-17 04:17 - 00000000 ____D C:\Program Files\App Lid
2015-07-16 16:48 - 2015-07-16 16:48 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-16 16:48 - 2015-07-16 16:48 - 00000000 ____D C:\Program Files\MiuiTab
2015-07-16 16:47 - 2015-07-16 16:47 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-16 16:46 - 2015-07-16 16:46 - 00000000 ____D C:\Users\akrem\AppData\Roaming\istartsurf
2015-07-16 16:46 - 2015-07-16 16:46 - 00000000 ____D C:\Program Files\Shark007
2015-07-16 16:45 - 2015-07-21 21:26 - 00000000 ____D C:\ProgramData\Advanced
2015-07-16 16:33 - 2015-07-16 16:45 - 52332336 _____ C:\Users\akrem\Downloads\ADVANCED_Codecs_v529.exe
2015-07-10 16:35 - 2015-07-10 16:35 - 00149792 _____ C:\Windows\Minidump\071015-16317-01.dmp
2015-07-03 19:44 - 2015-07-03 19:44 - 00149792 _____ C:\Windows\Minidump\070315-16582-01.dmp
2015-06-29 17:14 - 2015-07-02 14:14 - 00000103 _____ C:\Users\akrem\AppData\Roaming\WB.CFG
2015-06-29 16:46 - 2015-06-29 16:46 - 00407911 _____ C:\Users\akrem\Downloads\Action-Man.zip
2015-06-29 16:46 - 2015-06-29 16:46 - 00090784 _____ C:\Users\akrem\Downloads\Action_Man_Shaded_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00090596 _____ C:\Users\akrem\Downloads\Action_Man_Shaded.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00052544 _____ C:\Users\akrem\Downloads\Action_Man_Extended_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00052472 _____ C:\Users\akrem\Downloads\Action_Man_Extended.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00051948 _____ C:\Users\akrem\Downloads\Action_Man_Extended_Bold_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00051744 _____ C:\Users\akrem\Downloads\Action_Man_Extended_Bold.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00049424 _____ C:\Users\akrem\Downloads\Action_Man_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00049408 _____ C:\Users\akrem\Downloads\Action_Man.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00049008 _____ C:\Users\akrem\Downloads\Action_Man_Bold_Italic.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00048976 _____ C:\Users\akrem\Downloads\Action_Man_Bold.ttf
2015-06-29 16:46 - 2015-06-29 16:46 - 00001031 _____ C:\Users\akrem\Downloads\Iconian Fonts License.txt
2015-06-29 16:45 - 2015-07-02 16:51 - 00012018 _____ C:\Windows\system32\ScanResults.xml
2015-06-29 16:35 - 2015-07-02 16:45 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-06-28 16:59 - 2015-06-28 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyPHP DevServer 14.1 VC11
2015-06-28 16:59 - 2015-06-28 16:59 - 00000000 ____D C:\Program Files\EasyPHP-DevServer-14.1VC11
2015-06-28 16:32 - 2015-06-28 16:54 - 35082749 _____ (EasyPHP Team ) C:\Users\akrem\Downloads\EasyPHP-DevServer-14.1VC11-install.exe
2015-06-27 15:33 - 2015-06-27 15:33 - 00149792 _____ C:\Windows\Minidump\062715-13993-01.dmp
2015-06-27 02:36 - 2015-06-27 02:43 - 00000000 ____D C:\rei
2015-06-27 02:36 - 2015-06-27 02:38 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-06-27 02:36 - 2015-06-27 02:38 - 00000000 ____D C:\Program Files\Reimage
2015-06-27 02:36 - 2015-06-27 02:36 - 00002054 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-06-27 02:36 - 2015-06-27 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-06-27 02:34 - 2015-06-27 02:38 - 00000156 _____ C:\Windows\Reimage.ini
2015-06-27 02:34 - 2015-06-27 02:34 - 00772016 _____ (Reimage®) C:\Users\akrem\Downloads\ReimageRepair.exe
2015-06-25 14:50 - 2015-06-25 14:56 - 00000281 _____ C:\Users\akrem\Desktop\session.php
2015-06-25 14:47 - 2015-06-25 14:48 - 00000000 ____D C:\Program Files\EasyPHP-DevServer-13.1VC9
2015-06-25 14:47 - 2015-06-25 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyPHP DevServer 13.1 VC9
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 14:54 - 2015-01-18 17:54 - 00000000 ____D C:\Users\akrem\AppData\Roaming\vlc
2015-07-22 14:53 - 2015-01-10 17:37 - 00000000 ____D C:\Users\akrem\AppData\Roaming\BitTorrent
2015-07-22 14:45 - 2015-02-18 19:08 - 00000000 ____D C:\ProgramData\smdmf
2015-07-22 14:36 - 2014-05-31 21:11 - 00000000 ____D C:\Users\akrem
2015-07-22 14:22 - 2015-06-14 17:31 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 14:17 - 2014-11-13 16:43 - 00000000 ____D C:\Users\akrem\AppData\Local\CrashDumps
2015-07-22 14:15 - 2014-05-31 23:05 - 00000000 ____D C:\Windows\Panther
2015-07-22 14:14 - 2015-05-22 12:18 - 00000000 ____D C:\wamp
2015-07-22 14:14 - 2015-05-22 12:14 - 00000328 _____ C:\Windows\Tasks\Chromium.job
2015-07-22 14:12 - 2015-06-05 13:43 - 00000000 ____D C:\Users\akrem\Desktop\site clubafricain
2015-07-22 14:12 - 2015-06-04 15:09 - 00000000 ____D C:\Users\akrem\Desktop\site
2015-07-22 14:12 - 2015-06-01 16:28 - 00000000 ____D C:\Users\akrem\Desktop\essais
2015-07-22 14:12 - 2014-12-30 23:45 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Skype
2015-07-22 14:08 - 2014-05-31 21:13 - 00000000 ____D C:\Program Files\WinRAR
2015-07-22 14:06 - 2014-05-31 21:33 - 00000000 ____D C:\Program Files\Elantech
2015-07-22 14:04 - 2014-05-31 21:29 - 00000000 ____D C:\Program Files\Bluetooth Suite
2015-07-22 14:04 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\Services
2015-07-22 13:53 - 2014-11-19 17:42 - 00000000 ____D C:\Users\akrem\AppData\Local\Google
2015-07-22 13:52 - 2015-06-14 17:31 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 13:52 - 2014-05-31 21:22 - 00000818 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-07-22 13:52 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 13:52 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 13:50 - 2015-01-31 23:04 - 00000000 ____D C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9
2015-07-22 13:46 - 2015-01-31 23:05 - 00000000 ____D C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9
2015-07-22 13:45 - 2015-02-02 16:39 - 00000650 __RSH C:\ProgramData\ntuser.pol
2015-07-22 13:45 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 13:45 - 2009-07-14 06:39 - 00044164 _____ C:\Windows\setupact.log
2015-07-21 21:34 - 2015-01-16 15:10 - 00000000 ____D C:\Users\akrem\Downloads\films
2015-07-21 21:23 - 2014-10-17 15:27 - 00013930 _____ C:\Windows\PFRO.log
2015-07-21 19:36 - 2015-06-05 13:36 - 00000354 _____ C:\Windows\Tasks\AelousIntern.job
2015-07-21 19:28 - 2009-07-14 06:53 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-20 17:23 - 2014-05-31 21:19 - 01524562 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 17:44 - 2015-06-14 17:04 - 00000000 ____D C:\UsbFix
2015-07-16 17:41 - 2015-01-31 23:04 - 00000000 ____D C:\Program Files\Opera
2015-07-16 17:33 - 2015-01-10 17:38 - 00000000 ____D C:\Users\akrem\AppData\Roaming\OpenCandy
2015-07-16 17:14 - 2009-07-14 11:00 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-16 16:54 - 2015-01-18 17:53 - 00000984 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-16 16:46 - 2015-06-14 17:31 - 00002375 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-16 16:46 - 2015-01-31 23:14 - 00001369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-16 16:46 - 2015-01-31 23:14 - 00001357 _____ C:\Users\Public\Desktop\Opera.lnk
2015-07-16 16:46 - 2014-06-01 20:34 - 00001405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-16 16:46 - 2014-06-01 20:34 - 00001393 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-16 16:46 - 2014-05-31 21:12 - 00001717 _____ C:\Users\akrem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-10 16:35 - 2015-04-13 17:00 - 00000000 ____D C:\Windows\Minidump
2015-07-10 16:34 - 2015-04-13 17:00 - 359200285 _____ C:\Windows\MEMORY.DMP
2015-07-10 15:05 - 2014-05-31 21:22 - 00000820 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-07-08 17:21 - 2015-06-14 17:46 - 00000000 ____D C:\Users\akrem\AppData\Roaming\Solvusoft
==================== Files in the root of some directories =======
2015-02-22 19:38 - 2015-02-20 23:28 - 0765952 _____ () C:\Users\akrem\AppData\Roaming\C17uO.exe
2015-06-01 16:52 - 2015-06-01 16:52 - 0008690 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.HTML
2015-06-01 16:52 - 2015-06-01 16:52 - 0045479 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.PNG
2015-06-01 16:52 - 2015-06-01 16:52 - 0001408 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.TXT.cdhnsvk
2015-06-01 16:52 - 2015-06-01 16:52 - 0000304 _____ () C:\Users\akrem\AppData\Roaming\HELP_DECRYPT.URL
2015-02-18 18:07 - 2015-02-11 23:57 - 0805888 _____ (Ghisler Software GmbH) C:\Users\akrem\AppData\Roaming\UOC55.exe
2015-02-16 22:13 - 2015-02-16 22:13 - 0802816 _____ (Alexander Roshal) C:\Users\akrem\AppData\Roaming\W5uOC.exe
2015-06-29 17:14 - 2015-07-02 14:14 - 0000103 _____ () C:\Users\akrem\AppData\Roaming\WB.CFG
2015-02-13 23:59 - 2015-02-13 23:59 - 0731648 _____ (Microsoft Corporation) C:\Users\akrem\AppData\Roaming\YWSKU.exe
2015-06-01 16:52 - 2015-06-01 16:52 - 0008690 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.HTML
2015-06-01 16:52 - 2015-06-01 16:52 - 0045479 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.PNG
2015-06-01 16:52 - 2015-06-01 16:52 - 0001408 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.TXT.cdhnsvk
2015-06-01 16:52 - 2015-06-01 16:52 - 0000304 _____ () C:\Users\akrem\AppData\Local\HELP_DECRYPT.URL
2015-06-01 16:51 - 2015-06-01 16:51 - 0008690 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-06-01 16:51 - 2015-06-01 16:51 - 0045479 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-06-01 16:51 - 2015-06-01 16:51 - 0001408 _____ () C:\ProgramData\HELP_DECRYPT.TXT.cdhnsvk
2015-06-01 16:51 - 2015-06-01 16:51 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-06-02 18:35 - 2015-06-02 18:37 - 0358595 _____ () C:\ProgramData\hslbkub.html
Files to move or delete:
====================
C:\Windows\TEMP\temp561917692.exe
Some files in TEMP:
====================
C:\Users\akrem\AppData\Local\Temp\appshat_generic.exe
C:\Users\akrem\AppData\Local\Temp\bitool.dll
C:\Users\akrem\AppData\Local\Temp\ReimagePackage.exe
C:\Users\akrem\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\akrem\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\akrem\AppData\Local\Temp\vlc-2.2.1-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 00:22
==================== End of log ============================