Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Agnès (administrator) on PC-DE-AGNES on 17-06-2015 18:37:56 Running from C:\Users\Agnès\Desktop Loaded Profiles: Agnès (Available Profiles: Agnès) Platform: Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86) OS Language: Français (France) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe () C:\Program Files\ASUS\ASUS Live Update\ALU.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe () C:\Program Files\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUS) C:\Windows\AsScrPro.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Gadwin Systems, Inc) C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Agnès\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\wmi32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-19] (CyberLink) HKLM\...\Run: [P2Go_Menu] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.) HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2008-10-01] (AlcorMicro Co., Ltd.) HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS) HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8392704 2009-03-04] (ASUS) HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMedia.exe [159744 2008-12-29] (ASUS) HKLM\...\Run: [ADSMTray] => C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [266240 2008-04-01] (ASUSTek Computer Inc.) HKLM\...\Run: [Wireless Console 3] => C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-02-07] () HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3054136 2009-05-27] (ASUS) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [424352 2009-03-06] (ELAN Microelectronic Corp.) HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2004-12-14] (Hewlett-Packard) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKU\S-1-5-21-2265463039-1620937281-936758613-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2265463039-1620937281-936758613-1000\...\Run: [Gadwin PrintScreen Pro] => C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [516096 2009-02-28] (Gadwin Systems, Inc) HKU\S-1-5-21-2265463039-1620937281-936758613-1000\...\Run: [Google Update] => C:\Users\Agnès\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-02] (Google Inc.) HKU\S-1-5-21-2265463039-1620937281-936758613-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2265463039-1620937281-936758613-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google) HKU\S-1-5-21-2265463039-1620937281-936758613-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2265463039-1620937281-936758613-1000\...\MountPoints2: {3ed3e639-a11c-11de-a779-002618220b51} - F:\LaunchU3.exe -a HKU\S-1-5-21-2265463039-1620937281-936758613-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none HKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT Startup: C:\Users\Agnès\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-13] ShortcutTarget: Dropbox.lnk -> C:\Users\Agnès\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Agnès\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2009-08-20] ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2009-05-27] ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe () ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Agnès\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Agnès\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Agnès\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Agnès\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Agnès\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Agnès\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Agnès\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Agnès\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] () ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] () ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google) ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-10-10] (Kaspersky Lab ZAO) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKU\S-1-5-21-2265463039-1620937281-936758613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/?pc=UP97&ocid=UP97DHP HKU\S-1-5-21-2265463039-1620937281-936758613-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS HKU\S-1-5-21-2265463039-1620937281-936758613-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-2265463039-1620937281-936758613-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKU\S-1-5-21-2265463039-1620937281-936758613-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.incredimail.com/ SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2265463039-1620937281-936758613-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2265463039-1620937281-936758613-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_frFR341 BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-10-10] (Kaspersky Lab ZAO) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-10] (Kaspersky Lab ZAO) BHO: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-10-10] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-14] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-10-10] (Kaspersky Lab ZAO) Toolbar: HKU\S-1-5-21-2265463039-1620937281-936758613-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Agnès\AppData\Roaming\Mozilla\Firefox\Profiles\uc0o7vqf.default-1344434985980 FF SearchEngineOrder.3: Bing FF Homepage: www.google.fr/?gws_rd=ssl FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-14] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2265463039-1620937281-936758613-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Agnès\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-2265463039-1620937281-936758613-1000: @talk.google.com/O1DPlugin -> C:\Users\Agnès\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-2265463039-1620937281-936758613-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Agnès\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin HKU\S-1-5-21-2265463039-1620937281-936758613-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Agnès\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npornap.dll [2009-09-08] (UNISYS France) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-12-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-12-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-12-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-12-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-12-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Agnès\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Agnès\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Extension: Microsoft .NET Framework Assistant - C:\Users\Agnès\AppData\Roaming\Mozilla\Firefox\Profiles\pjf85zrw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-27] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-18] FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-10-10] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-10] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-10-10] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-10-10] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-10-10] Chrome: ======= CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed] R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-14] () R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed] R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [30264 2009-05-27] (ASUSTek Computer Inc) R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] () R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [140800 2009-03-13] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-10-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597568 2014-10-10] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-10-10] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145224 2015-02-17] (Kaspersky Lab ZAO) R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48128 2008-12-16] (Atheros Communications, Inc.) R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2008-12-24] (ATK0100) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] () R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_i386.sys [230952 2009-01-14] () S3 IpInIp; system32\DRIVERS\ipinip.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-10-10] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X] U3 mbr; \??\C:\Users\AGNS~1\AppData\Local\Temp\mbr.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7 C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303 C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7 C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5 C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360 C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91 C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578 C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48 C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522 C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945 C:\Windows\system32\Drivers\AsDsm.sys 104DB777372411C55850C4A2AE6877EF C:\Program Files\ATKGFNEX\ASMMAP.sys 7B4D08D2017AC06689D422E06C43F0AA C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1 C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4 C:\Windows\System32\DRIVERS\athr.sys 02D34AC487DF3DA4E3F01874E61EB619 C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6 C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397 C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314 C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D C:\Windows\System32\CLFS.sys 5D9311526801643000D7032A83B18B12 C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56 C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629 C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871 C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410 C:\Windows\System32\DRIVERS\CSCrySec.sys 64D579F38C5FADFB05182B34808469E1 C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys 4CEDBC3811E655567D99D3123804647B C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80 C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89 C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371 C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6 C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61 C:\Windows\System32\DRIVERS\ETD.sys 3C1D6B99320C64EB3423E229128D5182 C:\Windows\system32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE C:\Windows\system32\Drivers\fastfat.sys 4E404505B3F62ECFBDBCBBCF0A72DBC5 C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05 C:\Windows\System32\DRIVERS\fssfltr.sys 17829180DEEBF703EC7F445AC3ABEA99 C:\Windows\system32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5 C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5 C:\Windows\System32\drivers\HdAudio.sys 3F90E001369A07243763BD5A523D8722 C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6 C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4 C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD C:\Windows\System32\DRIVERS\iaStor.sys 71ECC07BC7C5E24C3DD01D8A29A24054 C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14 C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718 C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3 C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1 C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68 C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9 C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614 C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034 C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7 C:\Windows\System32\DRIVERS\kbfiltr.sys 7F2B8D0B31FB4A797E5786EF124C5A80 C:\Windows\System32\DRIVERS\kl1.sys 871C226234A48C24DFE7478F36C0050C C:\Windows\System32\DRIVERS\klif.sys 858D72CEE50BBAB81A965AC3001CDAF8 C:\Windows\System32\DRIVERS\klim6.sys 039FB019C92A16A54FE527D93B0CFB96 C:\Windows\System32\DRIVERS\klkbdflt.sys 249A266AF74ADE44AE8424E78D145E09 C:\Windows\System32\DRIVERS\klmouflt.sys 035724BA6D5676B76FD3AFB66AB4F1E3 C:\Windows\System32\DRIVERS\kltdi.sys 8FD802F86D4AB3FB329B8E51517BFF2A C:\Windows\System32\DRIVERS\kneps.sys 81800A2D6063CE447CF92F439AF40FA5 C:\Windows\System32\Drivers\ksecdd.sys 5035EDF1F2E72F78BB1EC5BD9B97463F C:\Windows\System32\DRIVERS\L1E60x86.sys F184B83748B5BA911F16C2EB08DB93CD C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6 C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365 C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC C:\Windows\System32\DRIVERS\lullaby.sys 8039F480C192DD99FED4EBC71FFBF795 C:\Windows\system32\drivers\mbam.sys 3C21F7E95FFCA33EF1A83AA33D9663CF C:\Windows\system32\drivers\MBAMSwissArmy.sys 04B309A1A653177994630C2773E659F1 C:\Windows\system32\drivers\mwac.sys 3F435B1E9F5B3EF95669344FD8E9DCF9 C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879 C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99 C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8 C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263 C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600 C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6 C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys B0584CA7DEF55929FDB5169BD28B2484 C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2 C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03 C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C C:\Windows\System32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7 C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515 C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62 C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07 C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B C:\Windows\system32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A C:\Windows\System32\DRIVERS\ATKACPI.sys BB16693616427EAC1A436E106EA8D318 C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416 C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42 C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61 C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389 C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3 C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3 C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78 C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6 C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26 C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF C:\Windows\system32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7 C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101 C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177 C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B C:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9 C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9 C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1 C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6 C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7 C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3 C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0 C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935 C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899 C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C C:\Windows\system32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A C:\Windows\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68A C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 126EA89BCC413EE45E3004FB0764888F C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624 C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86 C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5 C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979 C:\Windows\System32\DRIVERS\sfloppy.sys C33BFBD6E9E41FCD9FFEF9729E9FAED6 C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3 C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2 C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94 C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04 C:\Windows\System32\DRIVERS\smserial.sys C8A58FC905C9184FA70E37F71060C64D C:\Windows\System32\DRIVERS\snp2uvc.sys 060F51141B20B8156804446A04AB8B2A C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF C:\Windows\System32\drivers\srs_PremiumSound_i386.sys 43E8E8238FF52A807D5C17F1AE5CC49C C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91 C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44 C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56 C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966 C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966 C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7 C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56 C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021 C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54 C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7 C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6 C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27 C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2 C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62 C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2 C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888 C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5 C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169 C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD C:\Windows\System32\DRIVERS\usbuhci.sys 44056325428A8E4C755830426E29878F C:\Windows\System32\Drivers\usbvideo.sys 73FF24E21B690625A58109637DDA0DF7 C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4 C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43 C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28 C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9 C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26 C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\wimfltr.sys 090A2B8F055343815556A01F725F6C35 C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF C:\Windows\System32\DRIVERS\yk60x86.sys 7D1F3B131D503EF43EE594B5A2B9B427 ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-17 18:37 - 2015-06-17 18:39 - 00043747 _____ C:\Users\Agnès\Desktop\FRST.txt 2015-06-17 18:34 - 2015-06-17 18:34 - 00116141 _____ C:\Users\Agnès\Desktop\ZHPDiag.txt 2015-06-17 18:20 - 2015-06-17 18:20 - 00001235 _____ C:\Users\Agnès\Desktop\ZHPFixReport.txt 2015-06-17 18:13 - 2015-06-17 18:13 - 00000767 _____ C:\Users\Agnès\Desktop\ScriptZHPFix.txt 2015-06-17 18:06 - 2015-06-17 18:06 - 00739397 _____ C:\Users\Agnès\Desktop\OneClick2RP.exe 2015-06-17 18:02 - 2015-06-17 18:02 - 00001899 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-06-17 18:02 - 2015-06-17 18:02 - 00001804 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-06-17 13:01 - 2015-06-17 13:01 - 00001775 _____ C:\Users\Agnès\Desktop\ZHPFix.lnk 2015-06-17 13:01 - 2015-06-17 13:01 - 00001652 _____ C:\Users\Agnès\Desktop\ZHPDiag.lnk 2015-06-17 13:01 - 2015-06-17 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-06-17 12:54 - 2015-06-17 12:54 - 00002284 _____ C:\Users\Agnès\Desktop\AdwCleaner[S0].txt 2015-06-17 12:44 - 2015-06-17 12:44 - 00003666 _____ C:\Users\Agnès\Desktop\ZHPCleaner2.txt 2015-06-17 09:50 - 2015-06-17 09:50 - 00002576 _____ C:\Users\Agnès\Desktop\MBAM2.txt 2015-06-17 00:13 - 2015-06-17 00:13 - 00001282 _____ C:\Users\Agnès\Desktop\MBAM.txt 2015-06-16 23:34 - 2015-06-16 23:41 - 00002692 _____ C:\Users\Agnès\Desktop\AdwCleaner[R0].txt 2015-06-16 23:33 - 2015-06-17 12:48 - 00000000 ____D C:\AdwCleaner 2015-06-16 23:33 - 2015-06-16 23:33 - 02231296 _____ C:\Users\Agnès\Desktop\adwcleaner_4.206.exe 2015-06-16 20:40 - 2015-06-17 12:41 - 00003666 _____ C:\Users\Agnès\Desktop\ZHPCleaner.txt 2015-06-16 19:36 - 2015-06-17 12:20 - 00000743 _____ C:\Users\Agnès\Desktop\ZHPCleaner.lnk 2015-06-15 19:20 - 2015-06-15 19:20 - 00025626 _____ C:\Users\Agnès\Documents\cc_20150615_192005.reg 2015-06-15 17:04 - 2015-06-17 08:54 - 00003680 _____ C:\Windows\PFRO.log 2015-06-15 15:26 - 2015-06-17 18:38 - 00000000 ____D C:\FRST 2015-06-15 15:25 - 2015-06-15 15:25 - 01148416 _____ (Farbar) C:\Users\Agnès\Desktop\FRST.exe 2015-06-15 15:06 - 2015-06-15 15:06 - 06880102 _____ (Nicolas Coolman ) C:\Users\Agnès\Desktop\ZHPDiag2.exe 2015-06-15 15:04 - 2015-06-15 15:04 - 00000000 _____ C:\Windows\setuperr.log 2015-06-15 15:04 - 2015-06-15 15:04 - 00000000 _____ C:\Windows\setupact.log 2015-06-15 11:57 - 2015-06-15 11:57 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-15 10:16 - 2015-06-16 19:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-06-12 03:14 - 2015-04-24 17:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-12 03:13 - 2015-05-21 16:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-12 03:12 - 2015-05-12 18:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-12 03:12 - 2015-05-12 18:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 03638272 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-12 03:12 - 2015-05-12 18:01 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll 2015-06-12 03:12 - 2015-05-12 16:27 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-12 03:11 - 2015-05-12 18:02 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-12 03:11 - 2015-05-12 18:01 - 06121984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-12 03:11 - 2015-05-12 18:01 - 01827328 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-12 03:11 - 2015-05-12 16:34 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-12 03:11 - 2015-05-09 01:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-12 03:01 - 2015-05-05 00:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-12 03:01 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-12 03:01 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-12 03:01 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-12 03:01 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-05-21 10:23 - 2015-05-22 09:16 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2015-05-18 16:12 - 2015-05-19 00:05 - 00000000 ____D C:\Users\Agnès\Desktop\mai2015 2015-05-18 10:14 - 2015-05-18 16:00 - 00000000 ____D C:\Users\Agnès\Desktop\JEANNE 2015-05-14 09:59 - 2015-05-14 09:58 - 00191072 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-05-14 09:59 - 2015-05-14 09:58 - 00190560 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-05-14 09:59 - 2015-05-14 09:58 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-05-14 03:41 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-14 03:38 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-05-14 03:38 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-05-14 03:38 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-05-14 03:38 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-05-14 03:38 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-05-14 03:38 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-05-14 03:38 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-05-14 03:38 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-14 03:38 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-14 03:33 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 03:04 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-14 03:02 - 2015-03-30 03:00 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-14 03:02 - 2015-03-30 03:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-27 17:05 - 2015-06-17 18:33 - 00000512 _____ C:\PhysicalDisk0_MBR.bin 2015-04-27 16:55 - 2015-06-17 18:32 - 00000000 ____D C:\Program Files\ZHPDiag 2015-04-27 16:55 - 2015-06-17 18:26 - 00000000 ____D C:\Users\Agnès\AppData\Roaming\ZHP 2015-04-27 16:15 - 2015-06-17 09:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-27 16:11 - 2015-06-15 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-27 16:11 - 2015-06-15 11:57 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-04-27 16:11 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-27 16:11 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-19 15:55 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-19 15:38 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-19 15:35 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-19 15:35 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-19 15:33 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-19 15:33 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-19 15:33 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-14 02:35 - 2015-04-14 02:35 - 00875720 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2015-04-14 02:35 - 2015-04-14 02:35 - 00536776 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-17 18:25 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-17 18:25 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-17 18:03 - 2009-08-13 18:54 - 00000000 ____D C:\Users\Agnès\AppData\Local\Adobe 2015-06-17 18:02 - 2009-07-18 09:57 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-06-17 18:02 - 2009-07-18 09:57 - 00000000 ____D C:\Program Files\Adobe 2015-06-17 18:02 - 2009-05-27 13:56 - 00000000 ____D C:\ProgramData\Adobe 2015-06-17 18:00 - 2009-08-25 12:40 - 00000424 _____ C:\Windows\Tasks\SyncBack Outlook.job 2015-06-17 18:00 - 2009-08-25 11:51 - 00000422 _____ C:\Windows\Tasks\SyncBack Bureau.job 2015-06-17 18:00 - 2009-08-25 11:45 - 00000428 _____ C:\Windows\Tasks\SyncBack Documents.job 2015-06-17 17:59 - 2010-03-23 10:59 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-17 17:43 - 2013-07-07 20:30 - 00001078 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2265463039-1620937281-936758613-1000UA.job 2015-06-17 17:43 - 2012-05-31 08:02 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-17 17:21 - 2009-05-27 12:35 - 01697279 _____ C:\Windows\WindowsUpdate.log 2015-06-17 16:52 - 2013-02-24 22:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-06-17 12:59 - 2011-12-02 11:15 - 00000000 ___RD C:\Users\Agnès\Dropbox 2015-06-17 12:59 - 2011-12-02 11:12 - 00000000 ____D C:\Users\Agnès\AppData\Roaming\Dropbox 2015-06-17 12:58 - 2014-01-08 23:16 - 00000000 ___RD C:\Users\Agnès\Google Drive 2015-06-17 12:58 - 2013-04-15 22:13 - 00000000 ____D C:\Users\Agnès\AppData\Roaming\Skype 2015-06-17 12:53 - 2010-03-23 10:38 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-17 12:52 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-17 12:51 - 2006-11-02 15:01 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-17 10:43 - 2013-07-07 20:30 - 00001026 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2265463039-1620937281-936758613-1000Core.job 2015-06-16 22:57 - 2009-08-13 20:52 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{4D7CD012-5BCC-445E-AC27-DDDE2F8AC6FD}.job 2015-06-16 19:42 - 2009-08-20 17:36 - 00000000 ____D C:\Program Files\Java 2015-06-16 19:39 - 2009-08-20 17:36 - 00000000 ____D C:\Program Files\Common Files\Java 2015-06-16 19:37 - 2009-08-13 18:55 - 00000000 ____D C:\Users\Agnès\AppData\Local\Google 2015-06-16 19:37 - 2009-05-27 13:02 - 00000000 ____D C:\Program Files\Google 2015-06-15 19:23 - 2009-05-27 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2015-06-15 17:06 - 2009-05-27 14:03 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2015-06-15 17:04 - 2012-05-16 16:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-15 12:37 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Web 2015-06-13 18:12 - 2010-11-10 15:21 - 00000000 ____D C:\Users\Agnès\AppData\Roaming\vlc 2015-06-13 06:01 - 2014-01-08 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-06-12 11:01 - 2014-01-19 16:45 - 00000866 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-06-12 03:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2015-06-12 03:35 - 2006-11-02 14:47 - 00388768 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-12 03:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR 2015-06-12 03:14 - 2009-05-27 12:43 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-12 03:11 - 2013-07-17 09:17 - 00000000 ____D C:\Windows\system32\MRT 2015-06-12 03:02 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-05-18 12:52 - 2012-05-31 08:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-18 12:52 - 2011-07-05 09:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-05-18 10:17 - 2014-12-18 20:32 - 00000000 ____D C:\Users\Agnès\Desktop\crl2015 2015-05-18 10:16 - 2015-01-23 14:26 - 00000000 ____D C:\Users\Agnès\Desktop\BallTrap2015 ==================== Files in the root of some directories ======= 2007-06-12 18:34 - 2007-06-12 18:34 - 0035822 _____ () C:\Program Files\Common Files\ASPG_icon.ico 2008-05-22 17:35 - 2008-05-22 17:35 - 0051962 _____ () C:\Program Files\Common Files\banner.jpg 2008-12-23 22:36 - 2008-12-23 22:36 - 0106496 _____ () C:\Program Files\Common Files\CPInstallAction.dll 2009-08-22 17:07 - 2009-08-22 17:07 - 0707485 ____R () C:\Users\Agnès\AppData\Roaming\6e_carte_frise.zip 2009-08-22 15:23 - 2009-08-22 15:23 - 0000680 _____ () C:\Users\Agnès\AppData\Local\d3d9caps.dat 2009-08-13 23:56 - 2014-08-25 13:52 - 0007168 _____ () C:\Users\Agnès\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-01-02 21:01 - 2011-05-19 11:12 - 0000000 _____ () C:\Users\Agnès\AppData\Local\prvlcl.dat 2014-01-09 09:48 - 2014-01-09 09:48 - 0020480 ____T () C:\Users\Agnès\AppData\Local\uninstall.tmp Some files in TEMP: ==================== C:\Users\Agnès\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg08hfc.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-17 12:58 ==================== End of log ============================