Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2017
Ran by PC-ABDERRAHMEN (administrator) on PC-ABDERRAHMEN (28-07-2017 00:01:34)
Running from C:\Users\PC-ABDERRAHMEN\Desktop
Loaded Profiles: PC-ABDERRAHMEN (Available Profiles: PC-ABDERRAHMEN)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(The OpenVPN Project) C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpnserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(The OpenVPN Project) C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpn.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(www.hideallip.com) C:\Program Files (x86)\Hide ALL IP\LauncherService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-08-28] (Qualcomm®Atheros®)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\Run: [uTorrent] => C:\Users\PC-ABDERRAHMEN\AppData\Roaming\uTorrent\uTorrent.exe [2252992 2016-09-05] (BitTorrent Inc.)
HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\RunOnce: [Uninstall C:\Users\PC-ABDERRAHMEN\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PC-ABDERRAHMEN\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\RunOnce: [Uninstall C:\Users\PC-ABDERRAHMEN\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PC-ABDERRAHMEN\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-256474428-2574812502-1661256676-1001] => 163.172.86.64:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25ab11d9-8b82-4024-8988-7c1df08107ca}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c5a93541-8829-46fa-a4fc-51616f815b43}: [DhcpNameServer] 10.8.0.1
Tcpip\..\Interfaces\{d18efaa5-0436-4fab-bc90-ffd214d45609}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-256474428-2574812502-1661256676-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-256474428-2574812502-1661256676-1001 -> DefaultScope {2311DD9D-5A58-455A-B69B-F122231DB7A5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-256474428-2574812502-1661256676-1001 -> {2311DD9D-5A58-455A-B69B-F122231DB7A5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-28] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-25] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-28] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-28] (AO Kaspersky Lab)
IE Session Restore: HKU\S-1-5-21-256474428-2574812502-1661256676-1001 -> is enabled.
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Edge:
======
Edge Session Restore: HKU\S-1-5-21-256474428-2574812502-1661256676-1001 -> is enabled.
FireFox:
========
FF ProfilePath: C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728 [2017-07-26]
FF Extension: (Diagnostics for Adblock Plus) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\abpwatcher@adblockplus.org.xpi [2017-07-05]
FF Extension: (AdBlocker Ultimate) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\adblockultimate@adblockultimate.net.xpi [2017-07-05]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\elemhidehelper@adblockplus.org.xpi [2017-07-05]
FF Extension: (AdBlocker for Facebook™) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2017-07-05]
FF Extension: (AdBlock) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-07-05]
FF Extension: (AdBlocker for YouTube™) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2017-07-05]
FF Extension: (youtubetmadblock) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2017-07-05]
FF Extension: (Adblock Plus) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-05]
FF Extension: (Disable Anti-Adblock) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2017-07-05]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-25]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\IDM\idmmzcc5 [2017-07-27] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1220162.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.dz/
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default [2017-07-28]
CHR Extension: (Google Slides) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-04]
CHR Extension: (Duolingo sur le Web) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-09-05]
CHR Extension: (h264ify) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2016-09-05]
CHR Extension: (Google Docs) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-04]
CHR Extension: (Google Drive) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-04]
CHR Extension: (YouTube) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-04]
CHR Extension: (Jeu de la 8) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2016-12-21]
CHR Extension: (Adblock Plus) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Adblock pour Youtube™) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Fair AdBlocker App) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-06-08]
CHR Extension: (Tampermonkey) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-10]
CHR Extension: (Google Sheets) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-04]
CHR Extension: (Kaspersky Protection) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-06-29]
CHR Extension: (Fair Ads) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-06-08]
CHR Extension: (KProxy Extension) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2017-06-16]
CHR Extension: (Google Docs hors connexion) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-05]
CHR Extension: (AdBlock) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-19]
CHR Extension: (Hide My AdBlocker) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2017-07-27]
CHR Extension: (Penalty Shootout 2010) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\heglpchjbjmchcmenfopoohbdibnnfap [2016-09-05]
CHR Extension: (Enable right click) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2017-04-27]
CHR Extension: (Insightly) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkopngnjabiaaibfkfgjhgdfpoholppn [2016-09-05]
CHR Extension: (Google Play Music) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-09-05]
CHR Extension: (Adblock pour Facebook ™) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2017-01-22]
CHR Extension: (Seo Enable Copy) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jecafjfpjgbbfagchnkocbjpbjdgambk [2016-11-26]
CHR Extension: (Fair AdBlocker) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-07-04]
CHR Extension: (Ashish Mishra) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2016-09-05]
CHR Extension: (Real Madrid Theme) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaccghdncekgcpeiomoaldbbjhpglia [2017-02-10]
CHR Extension: (IDM Integration Module) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-14]
CHR Extension: (Facebook Couvre) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhddmephbaipdbkeombmgeeanoheckgk [2016-09-05]
CHR Extension: (Anti-Adblock Popup Blocker) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjdhoikoppfngdpngepakeogdnlcilm [2016-10-18]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (SafeBrowse) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak [2017-07-04]
CHR Extension: (Gmail) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Extension: (Appel Skype) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2017-02-10]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-17]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-17]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-08-28] (Windows (R) Win 7 DDK provider) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 HideIPLaucherService; C:\Program Files (x86)\Hide ALL IP\LauncherService.exe [489328 2016-04-05] (www.hideallip.com)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-08] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-08] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-08] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-08] (NVIDIA Corporation)
R2 OpenVPNService; C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpnserv.exe [29920 2017-02-19] (The OpenVPN Project)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2169696 2017-07-05] (Electronic Arts)
S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3149664 2017-07-05] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-06-16] (Razer Inc)
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183680 2017-04-14] (Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-06-21] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-08-28] (Atheros) [File not signed]
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
S3 BM0523; C:\WINDOWS\System32\drivers\BM0523.sys [25328 2012-05-20] (ShenZhen ShanWan Technology Co., Ltd.)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-08-28] (Qualcomm Atheros)
S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corporation)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-17] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2017-02-18] (Sony Mobile Communications)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2009-09-09] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197312 2017-07-25] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520152 2017-07-25] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [187336 2017-07-27] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1021624 2017-07-25] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-04-28] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-29] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-07-16] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-06-29] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-29] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-06-29] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-28] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-07-25] (AO Kaspersky Lab)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-27] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-27] (Malwarebytes)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\neo_vpn.sys [29744 2016-12-20] (PureVPN)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvlddmkm.sys [14461344 2017-06-09] (NVIDIA Corporation)
R3 NVR0Dev; C:\WINDOWS\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-06-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-08] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [758488 2015-08-04] (Realsil Semiconductor Corporation)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
U5 SynTP; C:\Windows\System32\Drivers\SynTP.sys [468720 2013-01-10] (Synaptics Incorporated)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-06-26] (BigNox Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-28 00:01 - 2017-07-28 00:03 - 00034786 _____ C:\Users\PC-ABDERRAHMEN\Desktop\FRST.txt
2017-07-28 00:01 - 2017-07-28 00:01 - 00000000 ____D C:\FRST
2017-07-28 00:00 - 2017-07-28 00:01 - 02381824 _____ (Farbar) C:\Users\PC-ABDERRAHMEN\Desktop\FRST64.exe
2017-07-27 23:57 - 2017-07-27 23:57 - 00001928 _____ C:\Users\PC-ABDERRAHMEN\Desktop\MalwareByte's Anti-Malware.txt
2017-07-27 23:07 - 2017-07-27 23:56 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-27 23:07 - 2017-07-27 23:55 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-27 23:07 - 2017-07-27 23:55 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-27 23:06 - 2017-07-27 23:54 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-27 23:06 - 2017-07-27 23:06 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-27 23:06 - 2017-07-27 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-27 23:06 - 2017-07-27 23:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-27 22:44 - 2017-07-27 22:54 - 00000000 ____D C:\Program Files\rempl
2017-07-27 22:39 - 2017-07-27 23:05 - 64025992 _____ (Malwarebytes ) C:\Users\PC-ABDERRAHMEN\Downloads\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe
2017-07-27 22:26 - 2017-07-27 22:31 - 00005156 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPCleaner.txt
2017-07-27 22:20 - 2017-07-27 22:20 - 00000884 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPCleaner.lnk
2017-07-27 22:18 - 2017-07-27 22:20 - 02835328 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPCleaner.exe
2017-07-27 22:12 - 2017-07-27 22:16 - 00002476 _____ C:\Users\PC-ABDERRAHMEN\Desktop\Rkill.txt
2017-07-27 22:12 - 2017-07-27 22:12 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\rkill
2017-07-27 21:28 - 2017-07-27 21:28 - 00184018 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPDiag.txt
2017-07-27 21:20 - 2017-07-27 21:20 - 00000874 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPDiag.lnk
2017-07-27 21:14 - 2017-07-27 22:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\ZHP
2017-07-27 21:13 - 2017-07-27 21:14 - 02793344 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPDiag3.exe
2017-07-27 19:51 - 2017-07-27 19:51 - 00339816 _____ C:\Users\PC-ABDERRAHMEN\Downloads\3B8598AB0E4E567FDBC561B67DB8D6F68B1053AE.torrent
2017-07-27 00:36 - 2017-07-27 00:36 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-07-27 00:36 - 2017-07-27 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-27 00:35 - 2017-07-27 00:35 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-26 15:43 - 2017-07-26 15:43 - 00001410 _____ C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-07-26 15:43 - 2017-07-26 15:43 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\UNP
2017-07-26 14:22 - 2017-07-26 14:23 - 00848866 _____ C:\Users\PC-ABDERRAHMEN\Downloads\!!__Mes frame_.dzp
2017-07-26 13:49 - 2017-07-26 13:49 - 00192351 _____ C:\Users\PC-ABDERRAHMEN\Downloads\Tom Clancy's Ghost Recon Wildlands - CorePack.torrent
2017-07-26 13:49 - 2017-07-26 13:49 - 00192351 _____ C:\Users\PC-ABDERRAHMEN\Downloads\Tom Clancy's Ghost Recon Wildlands - CorePack (1).torrent
2017-07-25 15:00 - 2017-07-25 15:00 - 00062373 _____ C:\Users\PC-ABDERRAHMEN\ia_remove.sh0621.tmp
2017-07-25 13:58 - 2017-07-25 13:58 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Downloads\2.Keygen-CORE
2017-07-25 12:20 - 2017-07-25 12:21 - 00145148 _____ C:\Users\PC-ABDERRAHMEN\Downloads\TOM.CLANCYS.GHOST.RECON.WILDLANDS-STEAMPUNKS.torrent
2017-07-25 11:26 - 2017-07-27 22:52 - 00003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-07-24 16:18 - 2017-07-24 16:19 - 00000000 ____D C:\Program Files\UNP
2017-07-24 16:18 - 2017-07-24 16:18 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-24 13:31 - 2017-06-03 11:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-24 13:31 - 2017-06-03 11:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-24 12:27 - 2017-07-24 12:27 - 20164608 _____ C:\WINDOWS\system32\config\system.rctemp
2017-07-24 12:27 - 2017-07-24 12:27 - 104538112 _____ C:\WINDOWS\system32\config\software.rctemp
2017-07-24 12:27 - 2017-07-24 12:27 - 00319488 _____ C:\WINDOWS\system32\config\default.rctemp
2017-07-24 12:27 - 2017-07-24 12:27 - 00065536 _____ C:\WINDOWS\system32\config\sam.rctemp
2017-07-24 12:27 - 2017-07-24 12:27 - 00024576 _____ C:\WINDOWS\system32\config\security.rctemp
2017-07-23 22:39 - 2017-07-23 22:39 - 00001102 _____ C:\Users\Public\Desktop\Hide ALL IP.lnk
2017-07-23 21:23 - 2017-07-25 16:05 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\USB
2017-07-17 13:06 - 2017-07-17 11:34 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\PES Professionals Patch 2017 V3.2
2017-07-16 19:03 - 2017-07-16 17:32 - 36199436 _____ C:\Users\PC-ABDERRAHMEN\Desktop\Theme G7.1.1.psd
2017-07-16 01:36 - 2017-07-16 01:36 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-07-15 16:32 - 2015-05-27 14:51 - 00156160 _____ C:\WINDOWS\system32\FW1FontWrapper_x64.dll
2017-07-15 16:21 - 2017-07-16 13:27 - 00002255 _____ C:\Users\Public\Desktop\Skin Tool.lnk
2017-07-15 16:21 - 2017-07-16 13:27 - 00002182 _____ C:\Users\Public\Desktop\EVGA Precision XOC.lnk
2017-07-15 16:21 - 2017-07-15 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2017-07-15 16:21 - 2017-07-15 16:21 - 00000000 ____D C:\Program Files (x86)\EVGA
2017-07-15 16:20 - 2017-07-06 09:29 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\EVGA.Precision.XOC.6.1.10
2017-07-14 20:02 - 2017-07-14 20:02 - 00000112 ____H C:\FB157A74FCA3
2017-07-14 20:02 - 2017-07-14 20:02 - 00000112 ____H C:\E593B18CAAE2
2017-07-14 20:02 - 2017-07-14 20:02 - 00000112 ____H C:\E51C0DCC68AF
2017-07-14 20:02 - 2017-07-14 20:02 - 00000112 ____H C:\383D2894FED2
2017-07-14 20:02 - 2017-07-14 20:02 - 00000040 ____H C:\E784B78CABEC
2017-07-14 19:14 - 2017-07-15 23:15 - 00000346 _____ C:\WINDOWS\Tasks\Windows 10 Manager - Privacy Protector.job
2017-07-14 19:14 - 2017-07-14 19:14 - 00002760 _____ C:\WINDOWS\System32\Tasks\Windows 10 Manager - Privacy Protector
2017-07-14 18:28 - 2017-07-14 18:29 - 00527316 _____ C:\WINDOWS\Minidump\071417-28968-01.dmp
2017-07-14 17:53 - 2017-07-14 17:54 - 00535836 _____ C:\WINDOWS\Minidump\071417-33984-01.dmp
2017-07-14 17:42 - 2017-07-14 17:42 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2017-06-08 02:45 - 01893312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-07-14 17:42 - 2017-06-08 02:45 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-07-14 17:42 - 2017-06-08 02:45 - 01477056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-07-14 17:42 - 2017-06-08 02:45 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-07-14 17:42 - 2017-06-08 02:45 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-07-14 17:41 - 2017-06-08 02:45 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-07-14 17:41 - 2017-06-08 02:45 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-07-14 17:37 - 2017-06-08 02:45 - 40201664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 35390584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 35281344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 28624320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 11056272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 10551256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 03796928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 03625992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438253.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 01606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438253.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 01056888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00994240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00964216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00688784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00143296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-07-14 17:37 - 2017-06-08 02:45 - 00048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-07-14 17:37 - 2017-06-08 02:45 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-07-14 17:37 - 2017-06-08 02:45 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-07-14 17:25 - 2017-07-14 17:27 - 00533332 _____ C:\WINDOWS\Minidump\071417-31562-01.dmp
2017-07-14 17:23 - 2017-07-14 17:09 - 00372736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NVUNINST.EXE
2017-07-14 17:23 - 2007-07-03 16:41 - 01524736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFC71.dll
2017-07-14 17:23 - 2007-07-03 16:41 - 00978944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.dll
2017-07-14 17:23 - 2007-07-03 16:41 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2017-07-14 17:23 - 2007-06-25 22:21 - 02065920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcplUI.exe
2017-07-14 17:23 - 2007-06-25 22:21 - 01064448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcplUIR.dll
2017-07-14 17:23 - 2007-06-25 22:21 - 00403456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.cpl
2017-07-14 17:23 - 2007-06-25 22:21 - 00381952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvexpBar.dll
2017-07-14 17:08 - 2017-07-14 17:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA nTune Performance Application
2017-07-14 17:07 - 2017-07-16 19:15 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\NVIDIA
2017-07-14 17:06 - 2017-07-14 17:42 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\NVIDIA
2017-07-14 17:06 - 2017-07-14 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-14 17:04 - 2017-07-27 23:56 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-14 17:03 - 2017-06-08 00:55 - 06467008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 01762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 00549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 00082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-14 17:03 - 2017-06-07 13:42 - 08075477 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-14 17:02 - 2017-06-08 02:45 - 00512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-07-14 17:02 - 2017-06-08 02:45 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-07-14 16:58 - 2017-06-08 02:45 - 04115112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-07-14 16:58 - 2017-06-08 02:45 - 00045163 _____ C:\WINDOWS\system32\nvinfo.pb
2017-07-14 16:58 - 2016-08-26 00:27 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437270.dll
2017-07-14 16:58 - 2016-08-26 00:27 - 01586560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437270.dll
2017-07-14 15:07 - 2017-07-14 15:07 - 00189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2017-07-14 14:08 - 2017-07-14 14:08 - 00000723 _____ C:\Users\PC-ABDERRAHMEN\Desktop\stp-fifa17.exe - Shortcut.lnk
2017-07-14 13:49 - 2017-06-08 00:55 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-13 16:22 - 2017-07-13 16:26 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Documents\FIFA 17
2017-07-13 14:15 - 2017-07-13 14:15 - 00000707 _____ C:\Users\Public\Desktop\FIFA 17.lnk
2017-07-13 14:15 - 2017-07-13 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 17
2017-07-08 19:27 - 2017-07-08 19:27 - 00490702 _____ C:\Users\PC-ABDERRAHMEN\Desktop\204963.psd
2017-07-08 18:44 - 2017-01-07 06:38 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\PES 2017 New Version CpkFileExplroer v2.40.13.0
2017-07-08 11:07 - 2017-07-08 11:19 - 00009016 _____ C:\Users\PC-ABDERRAHMEN\Desktop\New Microsoft Excel Worksheet.xlsx
2017-07-07 17:43 - 2017-07-07 17:48 - 00477993 _____ C:\Users\PC-ABDERRAHMEN\Desktop\TEL.psd
2017-07-02 14:59 - 2017-07-02 14:59 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\MultiPlayerManager
2017-07-02 14:41 - 2017-07-02 14:41 - 10502024 _____ C:\Users\PC-ABDERRAHMEN\Downloads\kingroot-5-2-0.apk
2017-07-02 14:40 - 2017-07-02 14:41 - 05995571 _____ C:\Users\PC-ABDERRAHMEN\Downloads\lucky-patcher-6-5-1.apk
2017-07-02 14:18 - 2017-07-02 14:19 - 04078403 _____ C:\Users\PC-ABDERRAHMEN\Downloads\blackmart_apk.apk
2017-06-30 14:57 - 2017-06-30 14:57 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-29 23:58 - 2017-06-30 00:00 - 01748083 _____ C:\Users\PC-ABDERRAHMEN\Downloads\particleLife_main_1c.mp4
2017-06-29 23:41 - 2017-06-29 23:41 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-06-29 08:21 - 2017-06-29 08:21 - 00000000 ____D C:\ProgramData\Wondershare
2017-06-29 08:20 - 2017-06-29 08:20 - 00000993 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2017-06-29 08:20 - 2017-06-29 08:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Wondershare
2017-06-29 08:20 - 2017-06-29 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-06-29 08:17 - 2017-06-29 08:31 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Documents\Wondershare Filmora
2017-06-29 08:17 - 2017-06-29 08:17 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2017-06-29 08:17 - 2017-03-17 11:43 - 01250304 _____ (CineForm Inc.) C:\WINDOWS\system32\CFDecode64.ax
2017-06-29 08:16 - 2017-06-29 08:16 - 00000000 ____D C:\Program Files\Wondershare
2017-06-29 06:58 - 2017-06-29 06:58 - 00001300 _____ C:\Users\PC-ABDERRAHMEN\Desktop\Windows 10 Manager.lnk
2017-06-29 06:58 - 2017-06-29 06:58 - 00001290 _____ C:\Users\PC-ABDERRAHMEN\Desktop\1-Click Cleaner.lnk
2017-06-29 06:58 - 2017-06-29 06:58 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamicsoft
2017-06-29 06:58 - 2017-06-29 06:58 - 00000000 ____D C:\Program Files\Yamicsoft
2017-06-29 06:55 - 2017-06-29 06:55 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Yamicsoft
2017-06-29 05:52 - 2017-06-30 14:00 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\BatteryBar
2017-06-29 03:48 - 2017-06-29 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2017-06-29 03:48 - 2017-06-29 03:33 - 00002190 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2017-06-29 03:44 - 2017-06-29 03:44 - 00251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-06-29 03:34 - 2017-06-29 03:34 - 00229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-06-29 03:34 - 2017-06-29 03:34 - 00173144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-06-29 03:34 - 2017-06-29 03:34 - 00112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-06-29 03:33 - 2017-06-29 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-06-29 03:33 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2017-06-29 03:32 - 2017-07-27 23:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-06-29 03:32 - 2017-07-25 12:05 - 01021624 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-06-29 03:32 - 2017-07-25 12:00 - 00197312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-06-29 03:32 - 2017-07-25 11:57 - 00520152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-06-29 03:32 - 2017-06-29 03:33 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-06-29 02:57 - 2017-06-29 02:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-06-29 02:55 - 2017-07-13 12:22 - 00004616 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-29 02:55 - 2017-06-30 01:06 - 00004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-29 02:01 - 2017-07-27 23:55 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-28 00:02 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-27 23:59 - 2016-11-27 16:47 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Documents\Assassin's Creed Unity
2017-07-27 23:55 - 2016-09-02 20:22 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-27 23:50 - 2017-04-18 08:55 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-07-27 23:50 - 2017-01-18 16:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-27 23:50 - 2016-09-03 09:12 - 00000000 __SHD C:\Users\PC-ABDERRAHMEN\IntelGraphicsProfiles
2017-07-27 23:48 - 2017-06-05 17:05 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\idm.6.patch-akoam.com
2017-07-27 23:48 - 2016-10-02 04:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-27 23:47 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-27 23:47 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-07-27 23:43 - 2016-09-03 09:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-27 23:06 - 2016-09-02 20:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-27 22:32 - 2016-10-02 04:15 - 00000000 ____D C:\Users\PC-ABDERRAHMEN
2017-07-27 22:32 - 2016-09-02 20:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\DMCache
2017-07-27 22:31 - 2017-01-20 16:23 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\ZHP
2017-07-27 19:57 - 2016-09-05 23:27 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\uTorrent
2017-07-27 18:06 - 2016-10-02 04:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-27 13:24 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-27 04:10 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-27 00:36 - 2017-01-19 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-07-26 19:12 - 2017-01-18 02:15 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\LocalLow\Mozilla
2017-07-26 17:43 - 2016-09-12 15:31 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-07-26 14:32 - 2016-09-11 19:06 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Ubisoft Game Launcher
2017-07-26 13:26 - 2016-09-12 15:31 - 00000000 ____D C:\ProgramData\install_clap
2017-07-26 10:19 - 2017-01-20 16:58 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Smadav
2017-07-26 10:19 - 2016-10-11 17:56 - 00003672 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-07-25 15:58 - 2017-02-13 20:44 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2017-07-25 15:57 - 2016-10-09 21:42 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\New Technology Studio
2017-07-25 15:24 - 2016-09-05 23:10 - 00000000 ____D C:\Program Files\steam
2017-07-25 15:18 - 2017-02-10 11:19 - 00000000 ____D C:\Program Files (x86)\Cambridge
2017-07-25 15:14 - 2016-09-23 15:47 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-25 12:07 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-25 12:07 - 2016-07-16 07:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-07-25 12:05 - 2016-06-14 17:47 - 00199640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2017-07-25 11:26 - 2016-09-11 23:31 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-25 01:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-25 01:05 - 2016-09-02 20:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Downloads\Compressed
2017-07-24 16:34 - 2016-09-02 20:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Downloads\Video
2017-07-24 16:21 - 2016-09-14 12:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-24 16:18 - 2016-09-14 12:20 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-23 22:39 - 2017-06-23 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide ALL IP
2017-07-23 22:39 - 2017-06-23 01:40 - 00000000 ____D C:\Program Files (x86)\Hide ALL IP
2017-07-23 21:34 - 2017-01-20 15:55 - 00000400 __RSH C:\ProgramData\ntuser.pol
2017-07-23 17:09 - 2016-09-02 23:33 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\CrashDumps
2017-07-18 16:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-17 00:54 - 2017-02-08 18:04 - 00000000 ____D C:\ProgramData\Razer
2017-07-16 13:28 - 2016-11-14 00:00 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-07-16 13:26 - 2016-09-02 20:31 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Kodi
2017-07-15 23:14 - 2016-07-16 07:04 - 20709376 _____ C:\WINDOWS\system32\config\system.rcbak
2017-07-15 23:14 - 2016-07-16 07:04 - 108789760 _____ C:\WINDOWS\system32\config\software.rcbak
2017-07-15 23:14 - 2016-07-16 07:04 - 01310720 _____ C:\WINDOWS\system32\config\default.rcbak
2017-07-15 23:14 - 2016-07-16 07:04 - 00040960 _____ C:\WINDOWS\system32\config\security.rcbak
2017-07-15 21:38 - 2016-09-03 04:57 - 01779154 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-15 17:10 - 2016-09-06 23:13 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-07-14 22:28 - 2017-06-23 01:41 - 00450112 _____ (Network Tunnel Lab) C:\WINDOWS\SysWOW64\networkdlllsp.dll
2017-07-14 18:57 - 2016-09-03 04:56 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Packages
2017-07-14 18:28 - 2016-10-12 03:08 - 927278825 _____ C:\WINDOWS\MEMORY.DMP
2017-07-14 18:28 - 2016-10-12 03:08 - 00000000 ____D C:\WINDOWS\Minidump
2017-07-14 18:16 - 2016-09-02 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-07-14 17:44 - 2016-10-02 04:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-14 17:42 - 2017-05-16 01:05 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:41 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-02 04:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-14 17:42 - 2016-09-06 23:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-14 17:42 - 2016-09-04 00:21 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\NVIDIA Corporation
2017-07-14 17:23 - 2016-09-03 10:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-14 17:02 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-07-14 03:44 - 2016-09-13 14:39 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Origin
2017-07-14 03:44 - 2016-09-13 12:49 - 00000000 ____D C:\ProgramData\Origin
2017-07-13 14:15 - 2016-09-03 09:18 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-13 12:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-13 12:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 12:46 - 2017-01-18 02:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-11 12:46 - 2017-01-18 02:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-11 12:25 - 2017-02-01 15:57 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Documents\My Games
2017-07-09 20:32 - 2017-06-12 19:44 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\EmbratoriaG7
2017-07-07 17:47 - 2016-12-04 21:15 - 00001456 _____ C:\Users\PC-ABDERRAHMEN\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-07-05 22:02 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-02 16:09 - 2017-06-26 05:10 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Nox
2017-07-02 15:06 - 2017-06-26 05:12 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\vmlogs
2017-07-02 15:06 - 2017-06-26 05:10 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\.BigNox
2017-07-02 15:06 - 2017-01-19 01:27 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\.android
2017-06-30 15:46 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 15:46 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-30 14:57 - 2017-01-18 02:15 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-30 13:59 - 2016-09-03 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-06-30 13:59 - 2016-09-03 10:09 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-06-30 11:53 - 2017-06-26 08:09 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\Joyful Photography
2017-06-29 07:34 - 2016-10-02 13:06 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-29 03:32 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-06-29 02:56 - 2016-09-14 13:31 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Adobe
2017-06-29 01:49 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2017-06-29 01:15 - 2016-09-16 18:43 - 00000000 ____D C:\Program Files\WinRAR
==================== Files in the root of some directories =======
2016-12-04 21:15 - 2017-07-07 17:47 - 0001456 _____ () C:\Users\PC-ABDERRAHMEN\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-03-06 12:43 - 2017-03-06 12:43 - 0000000 _____ () C:\Users\PC-ABDERRAHMEN\AppData\Local\{1BCADA1E-9B8B-4959-81E9-3D01D164DEAA}
2016-10-02 04:11 - 2016-10-02 04:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-15 13:11 - 2017-01-30 01:52 - 0007609 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 13:11 - 2017-01-28 02:22 - 0016772 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Some files in TEMP:
====================
2017-07-25 15:57 - 2016-10-09 21:37 - 4235264 _____ (New Technology Studio) C:\Users\PC-ABDERRAHMEN\AppData\Local\Temp\ovi-uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-24 11:58
==================== End of FRST.txt ============================
Ran by PC-ABDERRAHMEN (administrator) on PC-ABDERRAHMEN (28-07-2017 00:01:34)
Running from C:\Users\PC-ABDERRAHMEN\Desktop
Loaded Profiles: PC-ABDERRAHMEN (Available Profiles: PC-ABDERRAHMEN)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(The OpenVPN Project) C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpnserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(The OpenVPN Project) C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpn.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(www.hideallip.com) C:\Program Files (x86)\Hide ALL IP\LauncherService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-08-28] (Qualcomm®Atheros®)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\Run: [uTorrent] => C:\Users\PC-ABDERRAHMEN\AppData\Roaming\uTorrent\uTorrent.exe [2252992 2016-09-05] (BitTorrent Inc.)
HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\RunOnce: [Uninstall C:\Users\PC-ABDERRAHMEN\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PC-ABDERRAHMEN\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\RunOnce: [Uninstall C:\Users\PC-ABDERRAHMEN\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PC-ABDERRAHMEN\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-256474428-2574812502-1661256676-1001] => 163.172.86.64:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25ab11d9-8b82-4024-8988-7c1df08107ca}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c5a93541-8829-46fa-a4fc-51616f815b43}: [DhcpNameServer] 10.8.0.1
Tcpip\..\Interfaces\{d18efaa5-0436-4fab-bc90-ffd214d45609}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-256474428-2574812502-1661256676-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-256474428-2574812502-1661256676-1001 -> DefaultScope {2311DD9D-5A58-455A-B69B-F122231DB7A5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-256474428-2574812502-1661256676-1001 -> {2311DD9D-5A58-455A-B69B-F122231DB7A5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-28] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-25] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-28] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-28] (AO Kaspersky Lab)
IE Session Restore: HKU\S-1-5-21-256474428-2574812502-1661256676-1001 -> is enabled.
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-25] (Microsoft Corporation)
Edge:
======
Edge Session Restore: HKU\S-1-5-21-256474428-2574812502-1661256676-1001 -> is enabled.
FireFox:
========
FF ProfilePath: C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728 [2017-07-26]
FF Extension: (Diagnostics for Adblock Plus) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\abpwatcher@adblockplus.org.xpi [2017-07-05]
FF Extension: (AdBlocker Ultimate) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\adblockultimate@adblockultimate.net.xpi [2017-07-05]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\elemhidehelper@adblockplus.org.xpi [2017-07-05]
FF Extension: (AdBlocker for Facebook™) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2017-07-05]
FF Extension: (AdBlock) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-07-05]
FF Extension: (AdBlocker for YouTube™) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2017-07-05]
FF Extension: (youtubetmadblock) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\jid1-w4wG5nJhx4LJZr@jetpack.xpi [2017-07-05]
FF Extension: (Adblock Plus) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-07-05]
FF Extension: (Disable Anti-Adblock) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Mozilla\Firefox\Profiles\5mpmtcqu.default-1484932037728\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2017-07-05]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-25]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-256474428-2574812502-1661256676-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\PC-ABDERRAHMEN\AppData\Roaming\IDM\idmmzcc5 [2017-07-27] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1220162.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.dz/
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default [2017-07-28]
CHR Extension: (Google Slides) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-04]
CHR Extension: (Duolingo sur le Web) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-09-05]
CHR Extension: (h264ify) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2016-09-05]
CHR Extension: (Google Docs) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-04]
CHR Extension: (Google Drive) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-04]
CHR Extension: (YouTube) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-04]
CHR Extension: (Jeu de la 8) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2016-12-21]
CHR Extension: (Adblock Plus) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Adblock pour Youtube™) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Fair AdBlocker App) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-06-08]
CHR Extension: (Tampermonkey) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-10]
CHR Extension: (Google Sheets) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-04]
CHR Extension: (Kaspersky Protection) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-06-29]
CHR Extension: (Fair Ads) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-06-08]
CHR Extension: (KProxy Extension) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2017-06-16]
CHR Extension: (Google Docs hors connexion) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-05]
CHR Extension: (AdBlock) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-19]
CHR Extension: (Hide My AdBlocker) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2017-07-27]
CHR Extension: (Penalty Shootout 2010) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\heglpchjbjmchcmenfopoohbdibnnfap [2016-09-05]
CHR Extension: (Enable right click) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2017-04-27]
CHR Extension: (Insightly) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkopngnjabiaaibfkfgjhgdfpoholppn [2016-09-05]
CHR Extension: (Google Play Music) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-09-05]
CHR Extension: (Adblock pour Facebook ™) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc [2017-01-22]
CHR Extension: (Seo Enable Copy) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jecafjfpjgbbfagchnkocbjpbjdgambk [2016-11-26]
CHR Extension: (Fair AdBlocker) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-07-04]
CHR Extension: (Ashish Mishra) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2016-09-05]
CHR Extension: (Real Madrid Theme) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaccghdncekgcpeiomoaldbbjhpglia [2017-02-10]
CHR Extension: (IDM Integration Module) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-14]
CHR Extension: (Facebook Couvre) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhddmephbaipdbkeombmgeeanoheckgk [2016-09-05]
CHR Extension: (Anti-Adblock Popup Blocker) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjdhoikoppfngdpngepakeogdnlcilm [2016-10-18]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (SafeBrowse) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak [2017-07-04]
CHR Extension: (Gmail) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Extension: (Appel Skype) - C:\Users\PC-ABDERRAHMEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2017-02-10]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-17]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-05-17]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-08-28] (Windows (R) Win 7 DDK provider) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 HideIPLaucherService; C:\Program Files (x86)\Hide ALL IP\LauncherService.exe [489328 2016-04-05] (www.hideallip.com)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-08] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-06-08] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-08] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-08] (NVIDIA Corporation)
R2 OpenVPNService; C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\openvpnserv.exe [29920 2017-02-19] (The OpenVPN Project)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2169696 2017-07-05] (Electronic Arts)
S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3149664 2017-07-05] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [147792 2017-06-16] (Razer Inc)
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183680 2017-04-14] (Razer Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252176 2017-06-21] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-08-28] (Atheros) [File not signed]
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
S3 BM0523; C:\WINDOWS\System32\drivers\BM0523.sys [25328 2012-05-20] (ShenZhen ShanWan Technology Co., Ltd.)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-08-28] (Qualcomm Atheros)
S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corporation)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-17] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2017-02-18] (Sony Mobile Communications)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2009-09-09] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197312 2017-07-25] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520152 2017-07-25] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [187336 2017-07-27] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1021624 2017-07-25] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-04-28] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-29] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-07-16] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-06-29] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-29] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-06-29] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-28] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-07-25] (AO Kaspersky Lab)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-27] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-27] (Malwarebytes)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\neo_vpn.sys [29744 2016-12-20] (PureVPN)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_62e8f88c97b34401\nvlddmkm.sys [14461344 2017-06-09] (NVIDIA Corporation)
R3 NVR0Dev; C:\WINDOWS\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-06-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-08] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [758488 2015-08-04] (Realsil Semiconductor Corporation)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
U5 SynTP; C:\Windows\System32\Drivers\SynTP.sys [468720 2013-01-10] (Synaptics Incorporated)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-06-26] (BigNox Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-28 00:01 - 2017-07-28 00:03 - 00034786 _____ C:\Users\PC-ABDERRAHMEN\Desktop\FRST.txt
2017-07-28 00:01 - 2017-07-28 00:01 - 00000000 ____D C:\FRST
2017-07-28 00:00 - 2017-07-28 00:01 - 02381824 _____ (Farbar) C:\Users\PC-ABDERRAHMEN\Desktop\FRST64.exe
2017-07-27 23:57 - 2017-07-27 23:57 - 00001928 _____ C:\Users\PC-ABDERRAHMEN\Desktop\MalwareByte's Anti-Malware.txt
2017-07-27 23:07 - 2017-07-27 23:56 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-27 23:07 - 2017-07-27 23:55 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-27 23:07 - 2017-07-27 23:55 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-27 23:06 - 2017-07-27 23:54 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-27 23:06 - 2017-07-27 23:06 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-27 23:06 - 2017-07-27 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-27 23:06 - 2017-07-27 23:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-27 22:44 - 2017-07-27 22:54 - 00000000 ____D C:\Program Files\rempl
2017-07-27 22:39 - 2017-07-27 23:05 - 64025992 _____ (Malwarebytes ) C:\Users\PC-ABDERRAHMEN\Downloads\mb3-setup-35891.35891-3.1.2.1733-1.0.139-1.0.2060.exe
2017-07-27 22:26 - 2017-07-27 22:31 - 00005156 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPCleaner.txt
2017-07-27 22:20 - 2017-07-27 22:20 - 00000884 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPCleaner.lnk
2017-07-27 22:18 - 2017-07-27 22:20 - 02835328 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPCleaner.exe
2017-07-27 22:12 - 2017-07-27 22:16 - 00002476 _____ C:\Users\PC-ABDERRAHMEN\Desktop\Rkill.txt
2017-07-27 22:12 - 2017-07-27 22:12 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\rkill
2017-07-27 21:28 - 2017-07-27 21:28 - 00184018 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPDiag.txt
2017-07-27 21:20 - 2017-07-27 21:20 - 00000874 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPDiag.lnk
2017-07-27 21:14 - 2017-07-27 22:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\ZHP
2017-07-27 21:13 - 2017-07-27 21:14 - 02793344 _____ C:\Users\PC-ABDERRAHMEN\Desktop\ZHPDiag3.exe
2017-07-27 19:51 - 2017-07-27 19:51 - 00339816 _____ C:\Users\PC-ABDERRAHMEN\Downloads\3B8598AB0E4E567FDBC561B67DB8D6F68B1053AE.torrent
2017-07-27 00:36 - 2017-07-27 00:36 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-07-27 00:36 - 2017-07-27 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-27 00:35 - 2017-07-27 00:35 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-26 15:43 - 2017-07-26 15:43 - 00001410 _____ C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-07-26 15:43 - 2017-07-26 15:43 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\UNP
2017-07-26 14:22 - 2017-07-26 14:23 - 00848866 _____ C:\Users\PC-ABDERRAHMEN\Downloads\!!__Mes frame_.dzp
2017-07-26 13:49 - 2017-07-26 13:49 - 00192351 _____ C:\Users\PC-ABDERRAHMEN\Downloads\Tom Clancy's Ghost Recon Wildlands - CorePack.torrent
2017-07-26 13:49 - 2017-07-26 13:49 - 00192351 _____ C:\Users\PC-ABDERRAHMEN\Downloads\Tom Clancy's Ghost Recon Wildlands - CorePack (1).torrent
2017-07-25 15:00 - 2017-07-25 15:00 - 00062373 _____ C:\Users\PC-ABDERRAHMEN\ia_remove.sh0621.tmp
2017-07-25 13:58 - 2017-07-25 13:58 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Downloads\2.Keygen-CORE
2017-07-25 12:20 - 2017-07-25 12:21 - 00145148 _____ C:\Users\PC-ABDERRAHMEN\Downloads\TOM.CLANCYS.GHOST.RECON.WILDLANDS-STEAMPUNKS.torrent
2017-07-25 11:26 - 2017-07-27 22:52 - 00003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-07-24 16:18 - 2017-07-24 16:19 - 00000000 ____D C:\Program Files\UNP
2017-07-24 16:18 - 2017-07-24 16:18 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-24 13:31 - 2017-06-03 11:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-24 13:31 - 2017-06-03 11:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-24 13:31 - 2017-06-03 11:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-24 12:27 - 2017-07-24 12:27 - 20164608 _____ C:\WINDOWS\system32\config\system.rctemp
2017-07-24 12:27 - 2017-07-24 12:27 - 104538112 _____ C:\WINDOWS\system32\config\software.rctemp
2017-07-24 12:27 - 2017-07-24 12:27 - 00319488 _____ C:\WINDOWS\system32\config\default.rctemp
2017-07-24 12:27 - 2017-07-24 12:27 - 00065536 _____ C:\WINDOWS\system32\config\sam.rctemp
2017-07-24 12:27 - 2017-07-24 12:27 - 00024576 _____ C:\WINDOWS\system32\config\security.rctemp
2017-07-23 22:39 - 2017-07-23 22:39 - 00001102 _____ C:\Users\Public\Desktop\Hide ALL IP.lnk
2017-07-23 21:23 - 2017-07-25 16:05 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\USB
2017-07-17 13:06 - 2017-07-17 11:34 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\PES Professionals Patch 2017 V3.2
2017-07-16 19:03 - 2017-07-16 17:32 - 36199436 _____ C:\Users\PC-ABDERRAHMEN\Desktop\Theme G7.1.1.psd
2017-07-16 01:36 - 2017-07-16 01:36 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-07-15 16:32 - 2015-05-27 14:51 - 00156160 _____ C:\WINDOWS\system32\FW1FontWrapper_x64.dll
2017-07-15 16:21 - 2017-07-16 13:27 - 00002255 _____ C:\Users\Public\Desktop\Skin Tool.lnk
2017-07-15 16:21 - 2017-07-16 13:27 - 00002182 _____ C:\Users\Public\Desktop\EVGA Precision XOC.lnk
2017-07-15 16:21 - 2017-07-15 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2017-07-15 16:21 - 2017-07-15 16:21 - 00000000 ____D C:\Program Files (x86)\EVGA
2017-07-15 16:20 - 2017-07-06 09:29 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\EVGA.Precision.XOC.6.1.10
2017-07-14 20:02 - 2017-07-14 20:02 - 00000112 ____H C:\FB157A74FCA3
2017-07-14 20:02 - 2017-07-14 20:02 - 00000112 ____H C:\E593B18CAAE2
2017-07-14 20:02 - 2017-07-14 20:02 - 00000112 ____H C:\E51C0DCC68AF
2017-07-14 20:02 - 2017-07-14 20:02 - 00000112 ____H C:\383D2894FED2
2017-07-14 20:02 - 2017-07-14 20:02 - 00000040 ____H C:\E784B78CABEC
2017-07-14 19:14 - 2017-07-15 23:15 - 00000346 _____ C:\WINDOWS\Tasks\Windows 10 Manager - Privacy Protector.job
2017-07-14 19:14 - 2017-07-14 19:14 - 00002760 _____ C:\WINDOWS\System32\Tasks\Windows 10 Manager - Privacy Protector
2017-07-14 18:28 - 2017-07-14 18:29 - 00527316 _____ C:\WINDOWS\Minidump\071417-28968-01.dmp
2017-07-14 17:53 - 2017-07-14 17:54 - 00535836 _____ C:\WINDOWS\Minidump\071417-33984-01.dmp
2017-07-14 17:42 - 2017-07-14 17:42 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2017-06-08 02:45 - 01893312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-07-14 17:42 - 2017-06-08 02:45 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-07-14 17:42 - 2017-06-08 02:45 - 01477056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-07-14 17:42 - 2017-06-08 02:45 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-07-14 17:42 - 2017-06-08 02:45 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-07-14 17:41 - 2017-06-08 02:45 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-07-14 17:41 - 2017-06-08 02:45 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-07-14 17:37 - 2017-06-08 02:45 - 40201664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 35390584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 35281344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 28624320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 11056272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 10551256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 03796928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 03625992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438253.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 01606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438253.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 01056888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00994240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00964216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00688784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00143296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-07-14 17:37 - 2017-06-08 02:45 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-07-14 17:37 - 2017-06-08 02:45 - 00048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-07-14 17:37 - 2017-06-08 02:45 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-07-14 17:37 - 2017-06-08 02:45 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-07-14 17:25 - 2017-07-14 17:27 - 00533332 _____ C:\WINDOWS\Minidump\071417-31562-01.dmp
2017-07-14 17:23 - 2017-07-14 17:09 - 00372736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NVUNINST.EXE
2017-07-14 17:23 - 2007-07-03 16:41 - 01524736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFC71.dll
2017-07-14 17:23 - 2007-07-03 16:41 - 00978944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.dll
2017-07-14 17:23 - 2007-07-03 16:41 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2017-07-14 17:23 - 2007-06-25 22:21 - 02065920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcplUI.exe
2017-07-14 17:23 - 2007-06-25 22:21 - 01064448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcplUIR.dll
2017-07-14 17:23 - 2007-06-25 22:21 - 00403456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.cpl
2017-07-14 17:23 - 2007-06-25 22:21 - 00381952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvexpBar.dll
2017-07-14 17:08 - 2017-07-14 17:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA nTune Performance Application
2017-07-14 17:07 - 2017-07-16 19:15 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\NVIDIA
2017-07-14 17:06 - 2017-07-14 17:42 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\NVIDIA
2017-07-14 17:06 - 2017-07-14 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-14 17:04 - 2017-07-27 23:56 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-14 17:03 - 2017-06-08 00:55 - 06467008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 01762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 00549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-14 17:03 - 2017-06-08 00:55 - 00082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-14 17:03 - 2017-06-07 13:42 - 08075477 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-14 17:02 - 2017-06-08 02:45 - 00512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-07-14 17:02 - 2017-06-08 02:45 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-07-14 16:58 - 2017-06-08 02:45 - 04115112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-07-14 16:58 - 2017-06-08 02:45 - 00045163 _____ C:\WINDOWS\system32\nvinfo.pb
2017-07-14 16:58 - 2016-08-26 00:27 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437270.dll
2017-07-14 16:58 - 2016-08-26 00:27 - 01586560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437270.dll
2017-07-14 15:07 - 2017-07-14 15:07 - 00189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2017-07-14 14:08 - 2017-07-14 14:08 - 00000723 _____ C:\Users\PC-ABDERRAHMEN\Desktop\stp-fifa17.exe - Shortcut.lnk
2017-07-14 13:49 - 2017-06-08 00:55 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-13 16:22 - 2017-07-13 16:26 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Documents\FIFA 17
2017-07-13 14:15 - 2017-07-13 14:15 - 00000707 _____ C:\Users\Public\Desktop\FIFA 17.lnk
2017-07-13 14:15 - 2017-07-13 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 17
2017-07-08 19:27 - 2017-07-08 19:27 - 00490702 _____ C:\Users\PC-ABDERRAHMEN\Desktop\204963.psd
2017-07-08 18:44 - 2017-01-07 06:38 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\PES 2017 New Version CpkFileExplroer v2.40.13.0
2017-07-08 11:07 - 2017-07-08 11:19 - 00009016 _____ C:\Users\PC-ABDERRAHMEN\Desktop\New Microsoft Excel Worksheet.xlsx
2017-07-07 17:43 - 2017-07-07 17:48 - 00477993 _____ C:\Users\PC-ABDERRAHMEN\Desktop\TEL.psd
2017-07-02 14:59 - 2017-07-02 14:59 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\MultiPlayerManager
2017-07-02 14:41 - 2017-07-02 14:41 - 10502024 _____ C:\Users\PC-ABDERRAHMEN\Downloads\kingroot-5-2-0.apk
2017-07-02 14:40 - 2017-07-02 14:41 - 05995571 _____ C:\Users\PC-ABDERRAHMEN\Downloads\lucky-patcher-6-5-1.apk
2017-07-02 14:18 - 2017-07-02 14:19 - 04078403 _____ C:\Users\PC-ABDERRAHMEN\Downloads\blackmart_apk.apk
2017-06-30 14:57 - 2017-06-30 14:57 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-29 23:58 - 2017-06-30 00:00 - 01748083 _____ C:\Users\PC-ABDERRAHMEN\Downloads\particleLife_main_1c.mp4
2017-06-29 23:41 - 2017-06-29 23:41 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-06-29 08:21 - 2017-06-29 08:21 - 00000000 ____D C:\ProgramData\Wondershare
2017-06-29 08:20 - 2017-06-29 08:20 - 00000993 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2017-06-29 08:20 - 2017-06-29 08:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Wondershare
2017-06-29 08:20 - 2017-06-29 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-06-29 08:17 - 2017-06-29 08:31 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Documents\Wondershare Filmora
2017-06-29 08:17 - 2017-06-29 08:17 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2017-06-29 08:17 - 2017-03-17 11:43 - 01250304 _____ (CineForm Inc.) C:\WINDOWS\system32\CFDecode64.ax
2017-06-29 08:16 - 2017-06-29 08:16 - 00000000 ____D C:\Program Files\Wondershare
2017-06-29 06:58 - 2017-06-29 06:58 - 00001300 _____ C:\Users\PC-ABDERRAHMEN\Desktop\Windows 10 Manager.lnk
2017-06-29 06:58 - 2017-06-29 06:58 - 00001290 _____ C:\Users\PC-ABDERRAHMEN\Desktop\1-Click Cleaner.lnk
2017-06-29 06:58 - 2017-06-29 06:58 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamicsoft
2017-06-29 06:58 - 2017-06-29 06:58 - 00000000 ____D C:\Program Files\Yamicsoft
2017-06-29 06:55 - 2017-06-29 06:55 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Yamicsoft
2017-06-29 05:52 - 2017-06-30 14:00 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\BatteryBar
2017-06-29 03:48 - 2017-06-29 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2017-06-29 03:48 - 2017-06-29 03:33 - 00002190 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2017-06-29 03:44 - 2017-06-29 03:44 - 00251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-06-29 03:34 - 2017-06-29 03:34 - 00229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-06-29 03:34 - 2017-06-29 03:34 - 00173144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-06-29 03:34 - 2017-06-29 03:34 - 00112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-06-29 03:33 - 2017-06-29 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-06-29 03:33 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2017-06-29 03:32 - 2017-07-27 23:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-06-29 03:32 - 2017-07-25 12:05 - 01021624 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-06-29 03:32 - 2017-07-25 12:00 - 00197312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-06-29 03:32 - 2017-07-25 11:57 - 00520152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-06-29 03:32 - 2017-06-29 03:33 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-06-29 02:57 - 2017-06-29 02:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-06-29 02:55 - 2017-07-13 12:22 - 00004616 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-29 02:55 - 2017-06-30 01:06 - 00004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-29 02:01 - 2017-07-27 23:55 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-28 00:02 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-27 23:59 - 2016-11-27 16:47 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Documents\Assassin's Creed Unity
2017-07-27 23:55 - 2016-09-02 20:22 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-27 23:50 - 2017-04-18 08:55 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-07-27 23:50 - 2017-01-18 16:37 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-27 23:50 - 2016-09-03 09:12 - 00000000 __SHD C:\Users\PC-ABDERRAHMEN\IntelGraphicsProfiles
2017-07-27 23:48 - 2017-06-05 17:05 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\idm.6.patch-akoam.com
2017-07-27 23:48 - 2016-10-02 04:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-27 23:47 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-27 23:47 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-07-27 23:43 - 2016-09-03 09:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-27 23:06 - 2016-09-02 20:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-27 22:32 - 2016-10-02 04:15 - 00000000 ____D C:\Users\PC-ABDERRAHMEN
2017-07-27 22:32 - 2016-09-02 20:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\DMCache
2017-07-27 22:31 - 2017-01-20 16:23 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\ZHP
2017-07-27 19:57 - 2016-09-05 23:27 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\uTorrent
2017-07-27 18:06 - 2016-10-02 04:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-27 13:24 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-27 04:10 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-27 00:36 - 2017-01-19 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-07-26 19:12 - 2017-01-18 02:15 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\LocalLow\Mozilla
2017-07-26 17:43 - 2016-09-12 15:31 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-07-26 14:32 - 2016-09-11 19:06 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Ubisoft Game Launcher
2017-07-26 13:26 - 2016-09-12 15:31 - 00000000 ____D C:\ProgramData\install_clap
2017-07-26 10:19 - 2017-01-20 16:58 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Smadav
2017-07-26 10:19 - 2016-10-11 17:56 - 00003672 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-07-25 15:58 - 2017-02-13 20:44 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2017-07-25 15:57 - 2016-10-09 21:42 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\New Technology Studio
2017-07-25 15:24 - 2016-09-05 23:10 - 00000000 ____D C:\Program Files\steam
2017-07-25 15:18 - 2017-02-10 11:19 - 00000000 ____D C:\Program Files (x86)\Cambridge
2017-07-25 15:14 - 2016-09-23 15:47 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-25 12:07 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-25 12:07 - 2016-07-16 07:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-07-25 12:05 - 2016-06-14 17:47 - 00199640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2017-07-25 11:26 - 2016-09-11 23:31 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-25 01:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-25 01:05 - 2016-09-02 20:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Downloads\Compressed
2017-07-24 16:34 - 2016-09-02 20:20 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Downloads\Video
2017-07-24 16:21 - 2016-09-14 12:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-24 16:18 - 2016-09-14 12:20 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-23 22:39 - 2017-06-23 01:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide ALL IP
2017-07-23 22:39 - 2017-06-23 01:40 - 00000000 ____D C:\Program Files (x86)\Hide ALL IP
2017-07-23 21:34 - 2017-01-20 15:55 - 00000400 __RSH C:\ProgramData\ntuser.pol
2017-07-23 17:09 - 2016-09-02 23:33 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\CrashDumps
2017-07-18 16:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-17 00:54 - 2017-02-08 18:04 - 00000000 ____D C:\ProgramData\Razer
2017-07-16 13:28 - 2016-11-14 00:00 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-07-16 13:26 - 2016-09-02 20:31 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Kodi
2017-07-15 23:14 - 2016-07-16 07:04 - 20709376 _____ C:\WINDOWS\system32\config\system.rcbak
2017-07-15 23:14 - 2016-07-16 07:04 - 108789760 _____ C:\WINDOWS\system32\config\software.rcbak
2017-07-15 23:14 - 2016-07-16 07:04 - 01310720 _____ C:\WINDOWS\system32\config\default.rcbak
2017-07-15 23:14 - 2016-07-16 07:04 - 00040960 _____ C:\WINDOWS\system32\config\security.rcbak
2017-07-15 21:38 - 2016-09-03 04:57 - 01779154 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-15 17:10 - 2016-09-06 23:13 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-07-14 22:28 - 2017-06-23 01:41 - 00450112 _____ (Network Tunnel Lab) C:\WINDOWS\SysWOW64\networkdlllsp.dll
2017-07-14 18:57 - 2016-09-03 04:56 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Packages
2017-07-14 18:28 - 2016-10-12 03:08 - 927278825 _____ C:\WINDOWS\MEMORY.DMP
2017-07-14 18:28 - 2016-10-12 03:08 - 00000000 ____D C:\WINDOWS\Minidump
2017-07-14 18:16 - 2016-09-02 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-07-14 17:44 - 2016-10-02 04:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-14 17:42 - 2017-05-16 01:05 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:41 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-06 22:40 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-14 17:42 - 2016-10-02 04:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-14 17:42 - 2016-09-06 23:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-14 17:42 - 2016-09-04 00:21 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\NVIDIA Corporation
2017-07-14 17:23 - 2016-09-03 10:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-14 17:02 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-07-14 03:44 - 2016-09-13 14:39 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Roaming\Origin
2017-07-14 03:44 - 2016-09-13 12:49 - 00000000 ____D C:\ProgramData\Origin
2017-07-13 14:15 - 2016-09-03 09:18 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-13 12:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-13 12:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 12:46 - 2017-01-18 02:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-11 12:46 - 2017-01-18 02:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-11 12:25 - 2017-02-01 15:57 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Documents\My Games
2017-07-09 20:32 - 2017-06-12 19:44 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\EmbratoriaG7
2017-07-07 17:47 - 2016-12-04 21:15 - 00001456 _____ C:\Users\PC-ABDERRAHMEN\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-07-05 22:02 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-02 16:09 - 2017-06-26 05:10 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Nox
2017-07-02 15:06 - 2017-06-26 05:12 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\vmlogs
2017-07-02 15:06 - 2017-06-26 05:10 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\.BigNox
2017-07-02 15:06 - 2017-01-19 01:27 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\.android
2017-06-30 15:46 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 15:46 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-30 14:57 - 2017-01-18 02:15 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-30 13:59 - 2016-09-03 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-06-30 13:59 - 2016-09-03 10:09 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-06-30 11:53 - 2017-06-26 08:09 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\Desktop\Joyful Photography
2017-06-29 07:34 - 2016-10-02 13:06 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-29 03:32 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-06-29 02:56 - 2016-09-14 13:31 - 00000000 ____D C:\Users\PC-ABDERRAHMEN\AppData\Local\Adobe
2017-06-29 01:49 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated
2017-06-29 01:15 - 2016-09-16 18:43 - 00000000 ____D C:\Program Files\WinRAR
==================== Files in the root of some directories =======
2016-12-04 21:15 - 2017-07-07 17:47 - 0001456 _____ () C:\Users\PC-ABDERRAHMEN\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-03-06 12:43 - 2017-03-06 12:43 - 0000000 _____ () C:\Users\PC-ABDERRAHMEN\AppData\Local\{1BCADA1E-9B8B-4959-81E9-3D01D164DEAA}
2016-10-02 04:11 - 2016-10-02 04:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-15 13:11 - 2017-01-30 01:52 - 0007609 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 13:11 - 2017-01-28 02:22 - 0016772 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Some files in TEMP:
====================
2017-07-25 15:57 - 2016-10-09 21:37 - 4235264 _____ (New Technology Studio) C:\Users\PC-ABDERRAHMEN\AppData\Local\Temp\ovi-uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-24 11:58
==================== End of FRST.txt ============================