Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015 Ran by user (administrator) on USER-PC on 02-06-2015 21:19:06 Running from C:\Users\user\Desktop Loaded Profiles: user (Available Profiles: user) Platform: Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) OS Language: Français (France) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (SFX TEAM) C:\Program Files\SuperCopier2\SuperCopier2.exe (FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Internet Mobile\OnlineUpdate\ouc.exe () C:\ProgramData\MobileBrServ\mbbService.exe () C:\ProgramData\Modem HDM EC156\OnlineUpdate\ouc.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files\Internet Mobile\Internet Mobile.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-28] (Avast Software s.r.o.) HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\Run: [SuperCopier2.exe] => C:\Program Files\SuperCopier2\SuperCopier2.exe [955392 2009-08-16] (SFX TEAM) HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-11-11] (Google Inc.) HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\Run: [Free Download Manager] => C:\Program Files\Free Download Manager\fdm.exe [7012352 2014-11-14] (FreeDownloadManager.ORG) HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: G - G:\autorun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {12b66279-54a7-11e4-a0a0-001e101f57d0} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {2ec59203-82e3-11e4-80ac-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {3674b74c-4577-11e4-a3e2-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {3674c262-4577-11e4-a3e2-baf254789200} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {3674c2bf-4577-11e4-a3e2-baf254789200} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {36b7448b-4c8e-11e4-a6ff-001e101f21c1} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {43530453-92b5-11e4-8208-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {62d28073-69d1-11e4-ac0d-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {6658a403-c4f8-11e4-b8f3-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {6658a45a-c4f8-11e4-b8f3-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {74586f76-6a4b-11e4-ac20-e0ca9433c18c} - H:\setup.exe -a HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {7f76ac27-d2fd-11e4-ab13-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {86630bd5-8238-11e4-9362-001e101f1f81} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {b44ea707-548c-11e4-a0a0-001e101f57d0} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {b44ea7c6-548c-11e4-a0a0-001e101f57d0} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {bfdb1d9f-f8a2-11e4-af13-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {bfdb1daa-f8a2-11e4-af13-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {cdd37be3-c665-11e4-b769-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {cef7c0ef-f31a-11e4-a8af-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {cef7c10a-f31a-11e4-a8af-e811329a6aa4} - H:\AutoRun.exe HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\MountPoints2: {e74aeb11-ab0a-11e4-95de-001e101f1ed9} - H:\autorun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-28] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1100337586-554544947-3787655957-1000] => 10.10.19.1:3128 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1100337586-554544947-3787655957-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-xl/?ocid=iehp HKU\S-1-5-21-1100337586-554544947-3787655957-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1100337586-554544947-3787655957-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-08-09] (RealDownloader) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-31] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-28] (Avast Software s.r.o.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll [2014-11-13] (FreeDownloadManager.ORG) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-31] (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{6BD72A42-7241-40AC-A052-B270110B3F15}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{81756319-4C89-4EF6-8491-C967EBB35DD3}: [NameServer] 62.251.230.241 212.217.1.1 Tcpip\..\Interfaces\{AC0B69AE-A9E9-4137-AAA5-E07DFE412D37}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{E87AF73E-A33E-477B-94B1-89CAFC2731E0}: [NameServer] 192.168.50.58 192.168.60.55 Tcpip\..\Interfaces\{EE504374-3961-423C-9219-3DB2D19EAB72}: [NameServer] 62.251.230.241 212.217.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yhrp9r99.default FF DefaultSearchEngine: Yahoo! (Avast) FF DefaultSearchUrl: https://ar.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: https://ar.yahoo.com/?fr=hp-avast&type=avastbcl FF Keyword.URL: https://ar.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll [2014-12-09] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-31] (Oracle Corporation) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-08-09] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-08-09] (RealNetworks, Inc.) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-08-09] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-25] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1100337586-554544947-3787655957-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin HKU\S-1-5-21-1100337586-554544947-3787655957-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yhrp9r99.default\searchplugins\yahoo-avast.xml [2015-01-30] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-26] FF HKLM\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files\Free Download Manager\Firefox\Extension FF Extension: Free Download Manager plugin - C:\Program Files\Free Download Manager\Firefox\Extension [2014-12-11] FF HKLM\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-15] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKU\S-1-5-21-1100337586-554544947-3787655957-1000\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1 FF Extension: Free Download Manager plugin - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1 [2015-04-14] Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-28] CHR Extension: (Bookmark Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28] CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-28] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28] CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-13] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-08-09] CHR HKU\S-1-5-21-1100337586-554544947-3787655957-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found] CHR HKU\S-1-5-21-1100337586-554544947-3787655957-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.SG5WMAFFOOWYIQEAUTDP3BAFD4 - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-28] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-28] (Avast Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 Internet Mobile. RunOuc; C:\Program Files\Internet Mobile\UpdateDog\ouc.exe [655712 2015-05-05] () S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] () S2 Modem HDM EC156. RunOuc; C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe [657504 2012-11-12] () R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] () R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.) S2 Apache2.4; "C:\xampp\apache\bin\httpd.exe" -k runservice [X] S2 FileZillaServer; "C:\xampp\filezillaftp\filezillaserver.exe" [X] S2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=c:\xampp\mysql\bin\my.ini mysql S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S2 SparkSvc; "C:\Program Files\baidu\Spark\sparkservice.exe" -r [X] S3 SparkUpdater; C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe [X] S2 Tomcat7; C:\xampp\tomcat\bin\tomcat7.exe //RS//Tomcat7 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-28] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-28] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-28] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-28] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-28] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-28] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-28] (Avast Software s.r.o.) S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2014-09-26] (The OpenVPN Project) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-28] () R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3086336 2012-12-20] (Qualcomm Atheros Communications, Inc.) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2015-02-07] (Disc Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [60156 2011-06-15] (PowerISO Computing, Inc.) [File not signed] R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-28] (Avast Software) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-08-13] (Check Point Software Technologies Ltd.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] S0 vmci; system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 21:19 - 2015-06-02 21:20 - 00022210 _____ () C:\Users\user\Desktop\FRST.txt 2015-06-01 19:29 - 2015-06-01 19:29 - 00000000 ____D () C:\Program Files\ESET 2015-06-01 12:38 - 2015-06-01 12:39 - 01024718 _____ () C:\Users\user\Downloads\Présentation Marketing.pptx 2015-05-31 10:10 - 2015-05-31 10:10 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-05-31 10:10 - 2015-05-31 10:09 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-05-31 10:09 - 2015-05-31 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-05-31 10:00 - 2015-05-31 10:00 - 00562272 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-8u45 (1).exe 2015-05-31 09:59 - 2015-05-31 09:59 - 01764352 _____ () C:\Users\user\Downloads\Authentification.ppt 2015-05-30 21:35 - 2015-05-31 12:41 - 00007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg 2015-05-30 19:45 - 2015-05-30 19:47 - 01147392 _____ (Farbar) C:\Users\user\Desktop\FRST.exe 2015-05-29 17:47 - 2015-05-30 13:07 - 00091934 _____ () C:\Users\user\Downloads\proxy2.pptx 2015-05-29 02:40 - 2015-05-29 02:40 - 00000000 ____D () C:\NVIDIA 2015-05-29 02:10 - 2015-05-29 02:11 - 01046528 _____ () C:\Users\user\Downloads\MicrosoftFixit50848.msi 2015-05-28 03:20 - 2015-05-28 03:20 - 00118543 _____ () C:\Users\user\Desktop\ZHPDiag.txt 2015-05-28 03:12 - 2015-05-28 03:12 - 00014079 _____ () C:\Users\user\Desktop\UsbFix_Report.txt 2015-05-28 01:03 - 2015-05-28 01:03 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-05-28 01:03 - 2015-05-28 01:03 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-05-27 19:26 - 2015-05-27 19:27 - 00190976 _____ () C:\Users\user\Downloads\black-box-testing (2).ppt 2015-05-27 11:29 - 2015-05-27 11:30 - 00187808 _____ () C:\Windows\Minidump\052715-39218-01.dmp 2015-05-27 03:21 - 2015-05-27 03:21 - 13803902 _____ () C:\Users\user\Downloads\Band of Voices acapella group sing 'Price Tag' - Week 6 Auditions - Britain's Got Talent 2013.mp4 2015-05-26 23:12 - 2015-05-26 23:14 - 158063477 _____ () C:\Users\user\Downloads\Britain's Got Talent 2015- Episode 7 The Auditions - Best auditions - Magician [3D].mp4 2015-05-26 22:40 - 2015-05-26 22:47 - 01075237 _____ () C:\Users\user\Downloads\Watch BritainsGotTalentS09E02HDTVx264-4yEo_watchseries-onlinech online MovShare.flv 2015-05-26 22:28 - 2015-05-26 22:29 - 00627296 _____ ( ) C:\Users\user\Downloads\Flash Video Downloader for Google Chrome.exe 2015-05-26 19:10 - 2015-05-26 19:10 - 00024289 _____ () C:\Users\user\Desktop\cryptography.rar 2015-05-26 19:07 - 2015-05-26 19:09 - 00000000 ____D () C:\Users\user\Desktop\cryptography 2015-05-26 17:32 - 2015-05-26 18:31 - 00021871 _____ () C:\Users\user\Downloads\cryptographieproject.java 2015-05-25 13:04 - 2015-05-28 21:27 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2015-05-25 13:00 - 2015-05-25 13:23 - 00000000 ____D () C:\Users\user\Documents\Visual Studio 2008 2015-05-25 12:57 - 2015-05-28 20:23 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2015-05-21 22:18 - 2015-05-21 22:18 - 02639872 _____ () C:\Users\user\Downloads\L23_UnitTesting_ch11lect1.ppt 2015-05-21 22:14 - 2015-05-21 22:14 - 00190976 _____ () C:\Users\user\Downloads\black-box-testing (1).ppt 2015-05-21 22:09 - 2015-05-21 22:09 - 00191488 _____ () C:\Users\user\Downloads\black-box-testing.ppt 2015-05-21 22:01 - 2015-05-21 22:01 - 00647520 _____ () C:\Users\user\Downloads\ch10 - tests.pptx 2015-05-21 21:42 - 2015-05-21 21:42 - 00138240 _____ () C:\Users\user\Downloads\Tests et Validation du logiciel COURS 4.ppt 2015-05-21 21:35 - 2015-05-21 21:35 - 00397312 _____ () C:\Users\user\Downloads\224.ppt 2015-05-21 20:28 - 2015-05-21 20:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Tangible Software Solutions Inc 2015-05-21 20:27 - 2015-05-31 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tangible Software Solutions 2015-05-21 20:27 - 2015-05-21 20:27 - 00001489 _____ () C:\Users\user\Desktop\VB to Java Converter (Free Edition).lnk 2015-05-21 20:27 - 2015-05-21 20:27 - 00000000 ____D () C:\Program Files\Tangible Software Solutions 2015-05-21 20:24 - 2015-05-21 20:24 - 00657576 _____ (Tangible Software Solutions ) C:\Users\user\Downloads\VB to Java Converter (Free Edition) Setup.exe 2015-05-21 20:22 - 2015-05-21 20:24 - 02703864 _____ (Microsoft Corporation) C:\Users\user\Downloads\vbsetup.exe 2015-05-21 20:18 - 2015-05-21 20:18 - 00000000 ____D () C:\Users\user\Downloads\Nouveau dossier (2) 2015-05-21 19:49 - 2015-05-21 19:54 - 00000000 ____D () C:\Users\user\Downloads\Nouveau dossier 2015-05-21 19:09 - 2015-05-21 19:11 - 03426143 _____ () C:\Users\user\Downloads\mini-projets j2EE ENSEM 2015.rar 2015-05-21 16:30 - 2015-05-21 23:43 - 00051575 _____ () C:\Users\user\Desktop\génie logiciel.pptx 2015-05-20 20:26 - 2015-05-27 19:52 - 00000000 ____D () C:\Users\user\Desktop\génie logiciel 2015-05-19 18:14 - 2015-05-19 18:15 - 03700224 _____ () C:\Users\user\Downloads\PrésentUML.ppt 2015-05-19 18:14 - 2015-05-19 18:14 - 00825344 _____ () C:\Users\user\Downloads\Presnetation JDBC et couches J2EE.ppt 2015-05-19 18:14 - 2015-05-19 18:14 - 00421376 _____ () C:\Users\user\Downloads\GL.ppt 2015-05-19 00:52 - 2015-05-19 00:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files 2015-05-19 00:51 - 2015-05-19 00:52 - 01775936 _____ (Kaspersky Lab) C:\Users\user\Downloads\kav15.0.2.361fr_7379.exe 2015-05-18 20:40 - 2015-05-18 20:40 - 08609792 _____ () C:\Users\user\Downloads\228765-678427-adobe-illustrator-cs6.zip 2015-05-18 10:47 - 2015-05-27 22:32 - 00000000 ____D () C:\Users\user\Cisco Packet Tracer 6.2sv 2015-05-18 10:35 - 2015-05-18 10:35 - 00000000 ____D () C:\ProgramData\Oracle 2015-05-18 10:29 - 2015-05-18 10:29 - 00562272 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-8u45.exe 2015-05-18 10:28 - 2015-05-31 16:58 - 00000000 ____D () C:\Program Files\Cisco Packet Tracer 6.2sv 2015-05-18 10:24 - 2015-05-18 10:27 - 153811128 _____ (Cisco Systems, Inc. ) C:\Users\user\Downloads\Cisco Packet Tracer 6.2 for Windows Student Version.exe 2015-05-17 20:26 - 2015-05-17 20:26 - 00070203 _____ () C:\Users\user\Downloads\3.2.4.6 Packet Tracer - Investigating the TCP-IP and OSI Models in Action.pka 2015-05-15 12:50 - 2015-05-18 10:56 - 00000000 ____D () C:\Users\user\Desktop\travaux pratiques Cisco 2015-05-15 10:30 - 2015-05-15 10:30 - 00150017 _____ () C:\Users\user\Desktop\State Pattern KAOUTAR ROUHI.rar 2015-05-15 10:28 - 2015-05-15 10:29 - 00000000 ____D () C:\Users\user\Desktop\State Pattern KAOUTAR ROUHI 2015-05-15 07:59 - 2015-05-15 07:59 - 00311473 _____ () C:\Users\user\Downloads\Factory Method.rar 2015-05-13 12:31 - 2015-05-27 22:44 - 00000000 ____D () C:\Users\user\Desktop\Nouveau dossier 2015-05-07 19:27 - 2015-05-07 19:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-07 19:26 - 2015-04-30 10:07 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-06 08:57 - 2015-05-31 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-05-06 08:57 - 2015-05-31 16:58 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-05-05 18:49 - 2015-05-05 18:49 - 00715366 _____ () C:\Users\user\Downloads\Cass, Kiera-The Heir.epub 2015-05-05 15:37 - 2015-05-30 20:22 - 00001945 _____ () C:\Windows\epplauncher.mif 2015-05-05 15:15 - 2015-05-05 15:16 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe 2015-05-05 14:11 - 2015-05-05 14:13 - 12180642 _____ () C:\Users\user\Downloads\TUTO - éliminer un CHEVAL DE TROIE et résoudre l'erreur 0x80070422 , ACTIVER LE PARE FEU.mp4 2015-05-05 14:04 - 2015-05-05 14:10 - 11555632 _____ (Microsoft Corporation) C:\Users\user\Downloads\mseinstall.exe 2015-05-05 11:44 - 2015-05-31 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Mobile 2015-05-05 11:44 - 2015-05-05 11:44 - 00001009 _____ () C:\Users\Public\Desktop\Internet Mobile.lnk 2015-05-05 11:44 - 2015-05-05 11:43 - 00861696 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00349184 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00194816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00181760 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00102784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00090368 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00073216 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00064384 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00026624 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys 2015-05-05 11:44 - 2015-05-05 11:43 - 00011136 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys 2015-05-05 11:43 - 2015-05-31 16:58 - 00000000 ____D () C:\Program Files\Internet Mobile 2015-05-05 10:32 - 2015-05-28 03:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\ZHP 2015-05-04 20:52 - 2015-05-04 20:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software 2015-05-04 20:52 - 2015-05-04 20:52 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software 2015-05-04 20:41 - 2015-05-05 11:31 - 00000000 ____D () C:\Program Files\Opera 2015-05-03 21:41 - 2015-05-03 21:41 - 00000000 ____D () C:\ProgramData\GridinSoft ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 21:19 - 2015-01-31 15:37 - 00000000 ____D () C:\FRST 2015-06-02 20:53 - 2014-12-29 14:34 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-02 20:38 - 2014-11-11 13:11 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1100337586-554544947-3787655957-1000UA.job 2015-06-02 20:16 - 2014-09-25 19:01 - 01154200 _____ () C:\Windows\WindowsUpdate.log 2015-06-02 20:02 - 2014-12-11 20:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\Free Download Manager 2015-06-02 19:58 - 2009-07-14 04:34 - 00025568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-02 19:58 - 2009-07-14 04:34 - 00025568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-02 19:57 - 2014-12-29 14:34 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-02 19:50 - 2015-01-07 02:17 - 00001330 _____ () C:\Windows\Tasks\NEDS.job 2015-06-02 19:50 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-06-02 19:49 - 2009-07-14 04:39 - 00086768 _____ () C:\Windows\setupact.log 2015-06-02 12:59 - 2014-09-26 11:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc 2015-06-01 22:38 - 2014-11-11 13:11 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1100337586-554544947-3787655957-1000Core.job 2015-06-01 21:29 - 2015-02-06 16:33 - 00000000 ____D () C:\Users\user\Desktop\MSP 2015-06-01 18:09 - 2010-11-20 21:01 - 00006298 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-31 16:58 - 2015-04-29 01:40 - 00000000 ____D () C:\Program Files\Common Files\ParallelGraphics 2015-05-31 16:58 - 2015-04-19 20:20 - 00000000 ____D () C:\tp MSP 2015-05-31 16:58 - 2015-04-10 03:13 - 00000000 ____D () C:\Program Files\Movie Maker 2.6 2015-05-31 16:58 - 2015-02-22 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-05-31 16:58 - 2015-02-22 18:35 - 00000000 ____D () C:\Program Files\Notepad++ 2015-05-31 16:58 - 2015-02-18 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPub 2015-05-31 16:58 - 2015-02-18 17:31 - 00000000 ____D () C:\Program Files\WinPub 2015-05-31 16:58 - 2015-02-16 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB Converter 2015-05-31 16:58 - 2015-02-09 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2015-05-31 16:58 - 2015-02-08 14:34 - 00000000 ____D () C:\Program Files\Labcenter Electronics 2015-05-31 16:58 - 2015-02-08 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Student 2015-05-31 16:58 - 2015-02-08 00:22 - 00000000 ____D () C:\Program Files\Cisco Packet Tracer 6.1sv 2015-05-31 16:58 - 2015-02-07 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-05-31 16:58 - 2015-02-07 00:58 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2015-05-31 16:58 - 2015-02-07 00:56 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-05-31 16:58 - 2015-01-31 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-05-31 16:58 - 2015-01-30 19:14 - 00000000 ____D () C:\Users\user\AppData\Local\Downloaded Installations 2015-05-31 16:58 - 2015-01-26 13:29 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2015-05-31 16:58 - 2015-01-26 13:29 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2015-05-31 16:58 - 2015-01-23 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiTranse 2015-05-31 16:58 - 2015-01-23 22:09 - 00000000 ____D () C:\ProgramData\Licenses 2015-05-31 16:58 - 2015-01-23 22:09 - 00000000 ____D () C:\Program Files\MultiTranse 2015-05-31 16:58 - 2015-01-22 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMend 2015-05-31 16:58 - 2015-01-21 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2015-05-31 16:58 - 2015-01-21 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3 2015-05-31 16:58 - 2015-01-21 20:48 - 00000000 ____D () C:\Program Files\GNS3 2015-05-31 16:58 - 2015-01-16 22:15 - 00000000 ____D () C:\Program Files\ZHPDiag 2015-05-31 16:58 - 2015-01-12 18:32 - 00000000 ____D () C:\UsbFix 2015-05-31 16:58 - 2015-01-12 17:50 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2015-05-31 16:58 - 2015-01-02 10:48 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-05-31 16:58 - 2015-01-02 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB File Reader 2015-05-31 16:58 - 2015-01-02 02:37 - 00000000 ____D () C:\Program Files\EPUB File Reader 2015-05-31 16:58 - 2014-12-29 14:34 - 00000000 ____D () C:\Program Files\Google 2015-05-31 16:58 - 2014-12-15 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2015-05-31 16:58 - 2014-12-15 02:25 - 00000000 ____D () C:\Program Files\RealNetworks 2015-05-31 16:58 - 2014-12-12 22:04 - 00000000 ____D () C:\Program Files\WinPcap 2015-05-31 16:58 - 2014-12-12 22:04 - 00000000 ____D () C:\Program Files\VSO 2015-05-31 16:58 - 2014-12-12 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser 2015-05-31 16:58 - 2014-12-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager 2015-05-31 16:58 - 2014-12-11 20:04 - 00000000 ____D () C:\Program Files\Free Download Manager 2015-05-31 16:58 - 2014-11-25 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-31 16:58 - 2014-11-25 20:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-05-31 16:58 - 2014-11-18 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2015-05-31 16:58 - 2014-11-18 21:32 - 00000000 ____D () C:\Program Files\MPC-HC 2015-05-31 16:58 - 2014-11-13 10:34 - 00000000 ____D () C:\Sphinx2000 2015-05-31 16:58 - 2014-11-13 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Le Sphinx 2015-05-31 16:58 - 2014-11-12 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans 2015-05-31 16:58 - 2014-11-12 09:41 - 00000000 ____D () C:\Program Files\NetBeans 7.1.1 2015-05-31 16:58 - 2014-10-31 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++ 2015-05-31 16:58 - 2014-10-31 16:47 - 00000000 ____D () C:\Dev-Cpp 2015-05-31 16:58 - 2014-10-15 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem HDM EC156 2015-05-31 16:58 - 2014-10-15 20:06 - 00000000 ____D () C:\Program Files\Modem HDM EC156 2015-05-31 16:58 - 2014-10-02 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video to MP3 Converter 2015-05-31 16:58 - 2014-10-02 20:55 - 00000000 ____D () C:\Program Files\Free Video to MP3 Converter 2015-05-31 16:58 - 2014-09-26 20:43 - 00000000 ____D () C:\ProgramData\DatacardService 2015-05-31 16:58 - 2014-09-26 20:24 - 00000000 ____D () C:\ProgramData\MobileBrServ 2015-05-31 16:58 - 2014-09-26 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-05-31 16:58 - 2014-09-26 11:19 - 00000000 ____D () C:\Program Files\Microsoft Works 2015-05-31 16:58 - 2014-09-26 11:18 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-05-31 16:58 - 2014-09-26 11:18 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 2015-05-31 16:58 - 2014-09-26 11:16 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8 2015-05-31 16:58 - 2014-09-26 11:15 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help 2015-05-31 16:58 - 2014-09-26 11:15 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-31 16:58 - 2014-09-26 11:15 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-05-31 16:58 - 2014-09-26 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-05-31 16:58 - 2014-09-26 11:13 - 00000000 ___RD () C:\Program Files\Skype 2015-05-31 16:58 - 2014-09-26 11:08 - 00000000 ____D () C:\ProgramData\Skype 2015-05-31 16:58 - 2014-09-26 11:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-31 16:58 - 2014-09-26 11:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-31 16:58 - 2014-09-26 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-31 16:58 - 2014-09-26 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2015-05-31 16:58 - 2014-09-26 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-05-31 16:58 - 2014-09-26 11:07 - 00000000 ____D () C:\Program Files\WinRAR 2015-05-31 16:58 - 2014-09-26 11:07 - 00000000 ____D () C:\Program Files\SuperCopier2 2015-05-31 16:58 - 2014-09-26 11:07 - 00000000 ____D () C:\Program Files\PowerISO 2015-05-31 16:58 - 2014-09-26 11:07 - 00000000 ____D () C:\Program Files\CCleaner 2015-05-31 16:58 - 2014-09-01 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePub to PDF Converter 2015-05-31 16:58 - 2014-09-01 20:13 - 00000000 ____D () C:\Program Files\ePub to PDF Converter 2015-05-31 16:58 - 2009-07-14 04:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-05-31 16:58 - 2009-07-14 04:52 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-05-31 16:58 - 2009-07-14 04:52 - 00000000 ____D () C:\Program Files\MSBuild 2015-05-31 16:58 - 2009-07-14 04:52 - 00000000 ____D () C:\Program Files\Microsoft Games 2015-05-31 16:58 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-31 16:58 - 2009-07-14 02:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-31 16:58 - 2009-07-14 02:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-31 16:58 - 2009-07-14 02:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-31 16:58 - 2009-07-14 02:37 - 00000000 ____D () C:\Program Files\Common Files\System 2015-05-31 16:58 - 2009-07-14 02:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-05-31 16:57 - 2015-03-13 00:35 - 00000000 ____D () C:\Windows\system32\vbox 2015-05-31 16:57 - 2015-03-10 19:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\VMware 2015-05-31 16:57 - 2015-02-07 00:58 - 00000000 ____D () C:\Users\user\AppData\Roaming\DAEMON Tools Lite 2015-05-31 16:57 - 2015-01-21 20:51 - 00000000 ____D () C:\Users\user\AppData\Roaming\GNS3 2015-05-31 16:57 - 2014-12-11 23:27 - 00000000 ____D () C:\Users\user\Plugins 2015-05-31 16:57 - 2014-12-09 17:02 - 00000000 ____D () C:\Windows\system32\14120901_stream 2015-05-31 16:57 - 2014-12-09 15:02 - 00000000 ____D () C:\Windows\system32\14120900_stream 2015-05-31 16:57 - 2014-10-31 16:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dev-Cpp 2015-05-31 16:57 - 2014-10-07 12:28 - 00000000 ____D () C:\Windows\system32\14100701_stream 2015-05-31 16:57 - 2014-10-07 11:23 - 00000000 ____D () C:\Windows\system32\14100700_stream 2015-05-31 16:57 - 2014-09-26 20:45 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe 2015-05-31 16:57 - 2014-09-26 12:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-31 16:57 - 2014-09-26 11:21 - 00000000 ____D () C:\Users\user\AppData\Local\MiniService 2015-05-31 16:57 - 2014-09-26 11:13 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype 2015-05-31 16:57 - 2014-09-26 11:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-05-31 16:57 - 2014-09-26 11:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-05-31 16:57 - 2014-09-26 11:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperCopier2 2015-05-31 16:57 - 2014-09-25 21:07 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-31 16:57 - 2014-09-25 21:07 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-31 16:57 - 2010-11-21 00:46 - 00000000 ____D () C:\Windows\ShellNew 2015-05-31 16:57 - 2009-07-14 02:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-05-31 16:57 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-05-31 16:57 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\fr-FR 2015-05-31 16:57 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\security 2015-05-31 16:57 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-05-31 16:56 - 2015-02-22 18:14 - 00000000 ____D () C:\xampp 2015-05-31 16:56 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\TAPI 2015-05-31 16:56 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\registration 2015-05-31 16:02 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\AppCompat 2015-05-31 10:08 - 2014-10-22 21:03 - 00000000 ____D () C:\Program Files\Java 2015-05-31 09:53 - 2010-11-20 21:48 - 00299016 _____ () C:\Windows\PFRO.log 2015-05-30 20:23 - 2015-02-10 00:16 - 00000000 ____D () C:\wamp 2015-05-30 17:33 - 2009-07-14 04:52 - 00000000 ____D () C:\Windows\Performance 2015-05-29 21:26 - 2015-01-12 22:28 - 00000000 ____D () C:\AdwCleaner 2015-05-29 20:27 - 2014-11-25 20:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-28 18:47 - 2014-09-01 08:18 - 00000365 _____ () C:\Users\user\AppData\Roaming\NEDS 2015-05-28 03:20 - 2015-01-31 15:18 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin 2015-05-28 01:03 - 2014-09-26 11:59 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-05-28 01:03 - 2014-09-26 11:59 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-05-28 01:03 - 2014-09-26 11:59 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-05-28 01:03 - 2014-09-26 11:59 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-05-28 01:03 - 2014-09-26 11:59 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-05-28 01:03 - 2014-09-26 11:59 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-05-28 01:03 - 2014-09-26 11:59 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-05-28 01:02 - 2014-09-26 11:59 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-05-27 23:35 - 2015-02-08 00:24 - 00000344 _____ () C:\Users\user\.packettracer 2015-05-27 11:29 - 2015-03-02 21:07 - 00000000 ____D () C:\Windows\Minidump 2015-05-26 22:06 - 2015-04-20 23:34 - 00072083 _____ () C:\Users\user\Desktop\ok ping.pkt 2015-05-26 19:07 - 2014-11-12 09:47 - 00000000 ____D () C:\Users\user\Documents\NetBeansProjects 2015-05-26 13:44 - 2014-09-26 11:08 - 00002319 _____ () C:\Users\user\Desktop\Google Chrome.lnk 2015-05-21 20:34 - 2015-04-27 19:55 - 00000000 ____D () C:\Users\user\Desktop\présentation pattern 2015-05-18 20:32 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Resources 2015-05-18 20:16 - 2015-02-15 14:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-18 10:30 - 2015-02-08 00:23 - 00001163 _____ () C:\Users\user\Desktop\Cisco Packet Tracer Student.lnk 2015-05-17 20:27 - 2015-02-08 00:24 - 00000000 ____D () C:\Users\user\Cisco Packet Tracer 6.1sv 2015-05-12 00:52 - 2015-04-18 22:06 - 00000098 _____ () C:\Users\user\Desktop\linkedin.txt 2015-05-08 12:04 - 2015-04-19 20:48 - 00000474 __RSH () C:\Users\user\ntuser.pol 2015-05-07 20:47 - 2014-11-25 20:11 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-07 18:26 - 2015-01-01 03:03 - 00051617 _____ () C:\Windows\IE11_main.log 2015-05-06 08:57 - 2014-09-26 11:13 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-05-05 11:43 - 2014-09-26 20:44 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2015-05-05 11:43 - 2014-09-26 20:44 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll 2015-05-05 11:21 - 2015-04-27 11:26 - 00000070 _____ () C:\Users\user\Desktop\stage.txt 2015-05-04 18:56 - 2014-11-22 16:06 - 00000000 ____D () C:\ProgramData\TEMP ==================== Files in the root of some directories ======= 2014-09-01 08:18 - 2015-05-28 18:47 - 0000365 _____ () C:\Users\user\AppData\Roaming\NEDS 2015-04-10 03:24 - 2015-04-10 03:33 - 0006656 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-05-30 21:35 - 2015-05-31 12:41 - 0007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-26 13:22 ==================== End of log ============================