cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by salamouna2 (administrator) on SALAMOUNA (04-07-2016 23:32:08)
Running from C:\Users\salamouna2\Desktop
Loaded Profiles: salamouna2 (Available Profiles: salamouna2)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AutoIt Team) C:\Users\salamouna2\hfdccd\zvbvhivw.exe
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe
(Cent Studio) C:\Users\salamouna2\AppData\Local\CentBrowser\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-04-14] (VMware, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-08-11] (Tonec Inc.)
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {4de4cc7b-ea26-11e5-8271-28c2ddb58208} - "F:\AutoRun.exe"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {5faaf9e2-9545-11e5-825d-28c2ddb58208} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {b322f0de-e7b8-11e5-8271-28c2ddb58208} - "F:\AutoRun.exe"
HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {b40ed7ef-28e1-11e6-827d-28c2ddb58209} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{2c45ff53-a249-4050-be86-22c608ea313f}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{5c468d7b-e32f-4de6-b744-1b84a36aa35c}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5c468d7b-e32f-4de6-b744-1b84a36aa35c}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1498194768-3071915256-2736199516-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll [2014-05-27] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files (x86)\Ipswitch\iMacros\iMacrosBHO.dll [2014-05-27] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\salamouna2\AppData\Roaming\Mozilla\Firefox\Profiles\e18oh439.default
FF Homepage: hxxp://www.google.fr/
FF NetworkProxy: "backup.ftp", "45.79.76.52"
FF NetworkProxy: "backup.ftp_port", 10023
FF NetworkProxy: "backup.socks", "45.79.76.52"
FF NetworkProxy: "backup.socks_port", 10023
FF NetworkProxy: "backup.ssl", "45.79.76.52"
FF NetworkProxy: "backup.ssl_port", 10023
FF NetworkProxy: "ftp", "167.114.125.160"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "167.114.33.15"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "167.114.125.160"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "167.114.125.160"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "167.114.125.160"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
FF Extension: MozBar - C:\Users\salamouna2\AppData\Roaming\Mozilla\Firefox\Profiles\e18oh439.default\extensions\toolbar@seomoz.org.xpi [2015-11-28]
FF Extension: LastPass - C:\Users\salamouna2\AppData\Roaming\Mozilla\Firefox\Profiles\e18oh439.default\extensions\support@lastpass.com [2016-03-11]
FF Extension: iMacros for Firefox - C:\Users\salamouna2\AppData\Roaming\Mozilla\Firefox\Profiles\e18oh439.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-05-07]
FF Extension: Buy Proxies - C:\Users\salamouna2\AppData\Roaming\Mozilla\Firefox\Profiles\e18oh439.default\extensions\firefox@buyproxies.org [2016-05-07]
FF Extension: IDM integration - C:\Users\salamouna2\AppData\Roaming\IDM\idmmzcc7 [2016-06-02]
FF Extension: Pushbullet - C:\Users\salamouna2\AppData\Roaming\Mozilla\Firefox\Profiles\e18oh439.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2015-12-29]
FF Extension: Adblock Plus - C:\Users\salamouna2\AppData\Roaming\Mozilla\Firefox\Profiles\e18oh439.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\salamouna2\AppData\Roaming\IDM\idmmzcc7
FF HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\salamouna2\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\salamouna2\AppData\Roaming\IDM\idmmzcc5 [2016-06-02] [not signed]
FF HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-04-26]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-05-23] (ESET)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
S2 gupdate1d1d552ebd8984e; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-07-03] (Google Inc.)
S3 gupdatem1d1d552ebde3f3e; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-07-03] (Google Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2014-10-03] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [156960 2015-02-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4803344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-09-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2014-09-18] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-03-19] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2016-02-02] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2016-02-02] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2016-03-19] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-03-19] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-03-19] (ESET)
S3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-26] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-03-29] (AVG Netherlands B.V.)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; \SystemRoot\System32\drivers\ew_jucdcecm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 23:32 - 2016-07-04 23:33 - 00022291 _____ C:\Users\salamouna2\Desktop\FRST.txt
2016-07-04 23:32 - 2016-07-04 23:32 - 00000000 ____D C:\FRST
2016-07-04 23:29 - 2016-07-04 23:29 - 02390016 _____ (Farbar) C:\Users\salamouna2\Desktop\FRST64.exe
2016-07-04 15:24 - 2016-07-04 15:24 - 00004334 _____ C:\Users\salamouna2\Desktop\RogueKiller clean.txt
2016-07-04 15:24 - 2016-07-04 15:24 - 00000000 ____D C:\Program Files (x86)\ESET
2016-07-04 15:22 - 2016-07-04 15:22 - 00004304 _____ C:\Users\salamouna2\Desktop\RogueKiller.txt
2016-07-04 14:37 - 2016-07-04 14:37 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-07-04 14:35 - 2016-07-04 23:28 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-04 14:35 - 2016-07-04 14:35 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-07-04 14:35 - 2016-07-04 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-07-04 14:35 - 2016-07-04 14:35 - 00000000 ____D C:\Program Files\RogueKiller
2016-07-03 22:40 - 2016-07-03 22:40 - 00002398 _____ C:\Users\salamouna2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cent Browser.lnk
2016-07-03 22:40 - 2016-07-03 22:40 - 00002390 _____ C:\Users\salamouna2\Desktop\Cent Browser.lnk
2016-07-03 22:40 - 2016-07-03 22:40 - 00000000 ____D C:\Users\salamouna2\AppData\Local\CentBrowser
2016-07-03 22:23 - 2016-07-03 22:23 - 00000000 ____D C:\Users\salamouna2\AppData\Local\Google
2016-07-03 22:19 - 2016-07-03 22:19 - 00001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-07-03 22:19 - 2016-07-03 22:19 - 00000000 ____D C:\Users\salamouna2\AppData\Local\VS Revo Group
2016-07-03 22:19 - 2016-07-03 22:19 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-07-03 22:19 - 2016-07-03 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-07-03 22:19 - 2016-07-03 22:19 - 00000000 ____D C:\Program Files\VS Revo Group
2016-07-03 22:19 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-07-03 21:59 - 2016-07-03 21:59 - 00000000 ___HD C:\OneDriveTemp
2016-07-03 21:31 - 2016-07-03 22:31 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-03 18:27 - 2016-07-03 18:28 - 00000000 ____D C:\Program Files\CCleaner
2016-07-03 18:27 - 2016-07-03 18:27 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-07-03 18:27 - 2016-07-03 18:27 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-03 18:27 - 2016-07-03 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-03 16:11 - 2016-07-03 16:11 - 05659337 _____ (Swearware) C:\Users\salamouna2\Desktop\ComboFix_4.exe
2016-07-03 16:11 - 2016-07-03 16:09 - 05659337 _____ (Swearware) C:\Users\salamouna2\Desktop\ComboFix_3.exe
2016-07-03 16:11 - 2016-07-03 16:07 - 05659337 _____ (Swearware) C:\Users\salamouna2\Desktop\ComboFix_2.exe
2016-07-03 15:43 - 2016-07-03 15:43 - 00000000 ____D C:\ProgramData\IDM
2016-07-03 14:05 - 2016-07-03 14:07 - 02224128 _____ C:\Users\salamouna2\ZHPDiag3.exe
2016-07-02 18:12 - 2016-07-02 18:12 - 00000000 ____D C:\Users\salamouna2\AppData\Local\NetworkTiles
2016-07-02 18:11 - 2016-07-02 18:11 - 00000847 _____ C:\Users\salamouna2\Desktop\larry old acc.csv
2016-07-02 17:45 - 2016-07-02 17:45 - 00005318 _____ C:\Users\salamouna2\Downloads\username.txt
2016-07-02 16:04 - 2016-07-04 14:41 - 00091648 _____ C:\Users\salamouna2\Desktop\Larry accounts8.xls
2016-07-02 14:54 - 2016-06-29 17:12 - 02216960 _____ C:\Users\salamouna2\Desktop\ZHPDiag3.exe
2016-07-02 14:45 - 2016-07-02 14:45 - 00002425 _____ C:\Users\salamouna2\Desktop\AdwCleaner clean.txt
2016-07-02 14:38 - 2016-07-02 14:38 - 00002209 _____ C:\Users\salamouna2\Desktop\AdwCleaner scan.txt
2016-07-02 14:24 - 2016-07-02 14:24 - 00000933 _____ C:\Users\salamouna2\Desktop\JRT.txt
2016-07-02 14:17 - 2016-07-02 15:08 - 01610816 _____ (Malwarebytes) C:\Users\salamouna2\Desktop\JRT.exe
2016-07-02 02:45 - 2016-07-02 02:45 - 00000000 ____D C:\ProgramData\Client
2016-07-02 02:45 - 2015-10-30 08:19 - 00045216 ___SH (Microsoft Corporation) C:\Users\salamouna2\RegSvcs.exe
2016-07-02 02:42 - 2016-07-02 02:42 - 00000000 ____D C:\Users\salamouna2\AppData\Local\ActiveSync
2016-07-02 02:40 - 2016-07-02 02:40 - 00000000 ____D C:\Users\salamouna2\AppData\Local\VirtualStore
2016-07-01 16:34 - 2016-07-01 16:34 - 00000000 ____D C:\zoek
2016-07-01 15:52 - 2016-07-01 16:42 - 00003331 _____ C:\runcheck.txt
2016-07-01 15:52 - 2016-07-01 16:35 - 00000000 ____D C:\zoek_backup
2016-07-01 15:52 - 2016-07-01 16:28 - 01309184 _____ C:\Users\salamouna2\Desktop\zoek.exe
2016-07-01 15:34 - 2016-07-02 19:16 - 00001054 _____ C:\Users\salamouna2\Desktop\malware premuim.txt
2016-07-01 14:48 - 2016-07-01 14:48 - 00001045 _____ C:\Users\salamouna2\Desktop\malware.txt
2016-07-01 00:18 - 2016-07-04 14:29 - 03610226 _____ C:\Users\salamouna2\Documents\Documents.rar
2016-07-01 00:17 - 2016-07-01 00:17 - 00005009 _____ C:\Users\salamouna2\Desktop\Texte.rar
2016-06-30 14:55 - 2016-07-02 14:38 - 00000000 ____D C:\AdwCleaner
2016-06-30 14:54 - 2016-07-03 18:20 - 00002198 _____ C:\Users\salamouna2\Desktop\Rkill.txt
2016-06-30 14:54 - 2016-06-30 15:48 - 03703360 _____ C:\Users\salamouna2\Desktop\adwcleaner_5.200.exe
2016-06-30 14:54 - 2016-06-30 15:41 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\salamouna2\Desktop\mm.exe
2016-06-29 18:44 - 2016-06-29 18:44 - 00109810 _____ C:\Users\salamouna2\Downloads\BitDefender Log File.html
2016-06-29 18:44 - 2016-06-29 18:44 - 00000000 ____D C:\Users\salamouna2\Downloads\BitDefender Log File_files
2016-06-29 18:34 - 2016-06-29 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2016-06-29 18:34 - 2016-06-29 18:34 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-29 18:34 - 2016-06-29 18:34 - 00000000 ____D C:\Program Files\Bitdefender
2016-06-29 17:53 - 2016-06-29 18:28 - 00000104 _____ C:\Users\salamouna2\Desktop\New Text Document.txt
2016-06-29 16:27 - 2016-07-03 14:20 - 00132299 _____ C:\Users\salamouna2\Desktop\ZHPDiag.txt
2016-06-29 16:17 - 2016-07-03 14:09 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\ZHP
2016-06-29 01:40 - 2016-07-03 18:20 - 00000000 __SHD C:\Users\salamouna2\hfdccd
2016-06-29 01:40 - 2016-06-29 01:40 - 00003680 _____ C:\WINDOWS\System32\Tasks\hfdccd
2016-06-29 01:40 - 2016-06-29 01:40 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\Monitor
2016-06-22 15:32 - 2016-06-27 17:19 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\Telegram Desktop
2016-06-22 15:32 - 2016-06-22 15:32 - 00001047 _____ C:\Users\salamouna2\Desktop\Telegram.lnk
2016-06-22 15:32 - 2016-06-22 15:32 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2016-06-22 01:46 - 2016-06-22 01:46 - 00001470 _____ C:\Users\salamouna2\Desktop\ahmed proxy.txt
2016-06-17 14:21 - 2016-06-17 14:21 - 00001039 _____ C:\Users\Public\Desktop\DriversCloud.com - Start the detection.lnk
2016-06-17 14:21 - 2016-06-17 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com
2016-06-17 14:21 - 2016-06-17 14:21 - 00000000 ____D C:\ProgramData\DriversCloud.com
2016-06-17 14:21 - 2016-06-17 14:21 - 00000000 ____D C:\Program Files\DriversCloud.com
2016-06-13 12:50 - 2016-06-13 12:51 - 05556162 _____ C:\Users\salamouna2\Downloads\mobikimtv.apk
2016-06-08 02:58 - 2016-06-13 16:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-06 17:28 - 2016-06-06 17:28 - 03103674 _____ C:\Users\salamouna2\Downloads\App Cloner_v1.2.14_apkpure.com.apk
2016-06-06 00:16 - 2016-06-06 00:17 - 06541784 _____ (Tim Kosse) C:\Users\salamouna2\Downloads\FileZilla_3.18.0_win64-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 23:32 - 2015-11-29 13:11 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\Skype
2016-07-04 22:36 - 2015-11-28 11:37 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-04 22:32 - 2015-11-27 21:33 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EB02728B-10F6-448F-8D32-4EAE3D6EAE6F}
2016-07-04 21:36 - 2015-11-28 11:37 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-04 18:33 - 2015-11-29 13:09 - 00002292 ____H C:\Users\salamouna2\Documents\Default.rdp
2016-07-04 16:47 - 2015-11-28 12:58 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\VMware
2016-07-04 16:47 - 2015-11-28 12:58 - 00000000 ____D C:\Users\salamouna2\AppData\Local\VMware
2016-07-04 16:23 - 2015-11-28 12:54 - 00000000 ____D C:\ProgramData\VMware
2016-07-04 15:08 - 2015-11-28 12:34 - 00026703 _____ C:\Users\salamouna2\Documents\2_eRP74ceP9qX.xlsx
2016-07-04 14:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-07-04 14:23 - 2015-11-27 20:06 - 00000000 ____D C:\Users\salamouna2\AppData\Local\Packages
2016-07-03 21:59 - 2016-02-14 21:48 - 00000000 ___RD C:\Users\salamouna2\OneDrive
2016-07-03 21:58 - 2016-02-21 22:01 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-07-03 21:58 - 2016-02-14 21:09 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-03 21:58 - 2015-11-29 13:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-03 21:58 - 2015-11-29 13:01 - 00000000 ____D C:\Users\salamouna2\AppData\Local\CrashDumps
2016-07-03 21:58 - 2015-11-27 20:39 - 00000000 __SHD C:\Users\salamouna2\IntelGraphicsProfiles
2016-07-03 21:57 - 2016-02-14 21:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-03 21:56 - 2015-11-28 11:39 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\DMCache
2016-07-03 21:56 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-03 21:31 - 2015-11-28 11:37 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-03 21:31 - 2015-11-28 11:37 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-03 19:29 - 2015-11-28 11:39 - 00000000 ____D C:\Users\salamouna2\Downloads\Compressed
2016-07-03 19:29 - 2015-11-28 11:39 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\IDM
2016-07-03 19:21 - 2015-11-28 22:36 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\Mozilla
2016-07-03 19:19 - 2016-02-14 21:14 - 00000000 ____D C:\Users\salamouna2
2016-07-03 18:31 - 2016-02-09 11:55 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-07-03 18:31 - 2016-01-11 19:06 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\TeamViewer
2016-07-03 18:31 - 2016-01-10 16:04 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\uTorrent
2016-07-03 18:31 - 2016-01-07 19:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-07-03 18:31 - 2015-12-01 14:22 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\MPC-HC
2016-07-03 18:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-07-03 18:30 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-03 18:17 - 2015-12-29 17:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-03 16:23 - 2015-11-28 22:49 - 00000000 ____D C:\Users\salamouna2\AppData\LocalLow\LastPass
2016-07-03 15:44 - 2016-04-15 14:30 - 00000000 ____D C:\Users\salamouna2\Downloads\Video
2016-07-03 14:17 - 2016-01-22 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-07-02 15:20 - 2016-02-09 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2016-07-02 02:44 - 2016-02-14 21:28 - 00883432 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-01 15:54 - 2016-01-28 17:20 - 00000000 ____D C:\Users\salamouna2\Documents\Lightshot
2016-06-30 16:01 - 2016-01-12 15:52 - 00000000 ____D C:\Program Files\OpenVPN
2016-06-30 16:00 - 2016-01-12 14:13 - 00000000 ____D C:\ProgramData\DataCardService
2016-06-30 16:00 - 2016-01-12 12:52 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2016-06-29 15:49 - 2015-12-02 19:21 - 00000600 _____ C:\Users\salamouna2\AppData\Roaming\winscp.rnd
2016-06-29 15:49 - 2015-12-01 11:57 - 00000000 ____D C:\Users\salamouna2\AppData\Roaming\FileZilla
2016-06-29 01:44 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-24 18:46 - 2015-12-01 11:56 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-06-19 11:56 - 2015-12-01 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-06-15 01:12 - 2015-11-28 12:33 - 00000000 ____D C:\Users\salamouna2\Documents\LP
2016-06-14 16:15 - 2016-05-12 15:12 - 00000000 ____D C:\Users\salamouna2\Documents\Courses
2016-06-13 16:29 - 2016-02-14 21:04 - 00230840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-13 16:29 - 2015-11-28 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-13 13:43 - 2015-11-29 12:19 - 00000000 ____D C:\Users\salamouna2\AppData\Local\Microsoft Help
2016-06-13 13:21 - 2016-05-22 19:51 - 00000000 ____D C:\Users\salamouna2\AppData\Local\Nox
2016-06-13 12:51 - 2016-05-22 19:56 - 00000000 ____D C:\Users\salamouna2\.BigNox
2016-06-07 14:34 - 2016-01-03 15:40 - 00000000 ____D C:\Users\salamouna2\Documents\Camtasia Studio
2016-06-07 14:23 - 2016-04-14 22:19 - 00000600 _____ C:\Users\salamouna2\AppData\Local\PUTTY.RND

==================== Files in the root of some directories =======

2015-12-02 19:21 - 2016-06-29 15:49 - 0000600 _____ () C:\Users\salamouna2\AppData\Roaming\winscp.rnd
2016-04-14 22:19 - 2016-06-07 14:23 - 0000600 _____ () C:\Users\salamouna2\AppData\Local\PUTTY.RND
2016-01-22 17:12 - 2016-01-22 17:12 - 0000424 _____ () C:\Users\salamouna2\AppData\Local\UserProducts.xml
2016-02-14 21:09 - 2016-02-14 21:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\salamouna2\RegSvcs.exe
C:\Users\salamouna2\ZHPDiag3.exe


Some files in TEMP:
====================
C:\Users\salamouna2\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-01 14:10

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité