Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015 Ran by User on 11-05-2015 07:29:16 Running from c:\Users\User\Desktop Platform: Windows 7 Home Premium (X86) OS Language: Français (France) Internet Explorer Version 8 Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe (MSI) C:\Program Files\MSI\Command Center\MSIControlService.exe (MSI) C:\Program Files\MSI\Command Center\DDR\MSIDDRService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Sapphire Technology Limited) D:\Sapphire TRIXX\TRIXX.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Krzysztof Kowalczyk) D:\SumatraPDF\SumatraPDF.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [6zvcaxR5ls4KB9Y] => C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] () HKLM\...\Winlogon: [Userinit] userinit.exe,,c:\program files\microsoft\desktoplayer.exe HKLM\...\Winlogon: [Shell] C:\Users\User\AppData\Roaming\watermark.exe [x ] () <=== ATTENTION HKLM\...\Policies\System:[ConsentPromptBehaviorAdmin] 0 HKLM\...\Policies\System:[ConsentPromptBehaviorUser] 3 HKLM\...\Policies\System:[EnableLUA] 0 HKLM\...\Policies\System:[tlebaywjrblbchbkdogdTaskMgr] 0 HKLM\...\Policies\System:[EnableUIADesktopToggle] 0 HKLM\...\Policies\System:[PromptOnSecureDesktop] 0 HKLM\...\Policies\explorer:[NoActiveDesktop] 1 HKLM\...\Policies\explorer:[BindDirectlyToPropertySetStorage] 0 HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [BAE] rundll32.exe C:\Users\User\AppData\Local\bae\dvcqvouu.dll,FECoreInstance HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [Adobe] rundll32.exe c:\Users\User\AppData\Local\apple\adobe\dfuut.dll,CreateInstance HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [XgbBpofj] C:\Users\User\AppData\Local\pajofoys\xgbbpofj.exe HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [Sapaelhy] => C:\Users\User\AppData\Roaming\Ilpez\miqy.exe [188023 2015-05-08] (Oracle Corporation) HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [djlertbb.exe] => C:\Users\User\AppData\Roaming\Identities\djlertbb.exe [285184 2009-07-14] (Music) HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [6zvcaxR5ls4KB9Y] => C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] () HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Winlogon: [Shell] C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] () <==== ATTENTION Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZHPDIAG.lnk [2015-05-10] ShortcutTarget: ZHPDIAG.lnk -> C:\Program Files\ZHPDiag\ZHPDIAG.exe () ==================== Internet (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-418592747-3305732625-987032889-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-fr/?ocid=iehp Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2C4A67A2-3B3B-426C-907B-99CD2E7DAB3D}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{816A58B3-EF71-429F-8D66-92ACEDE5C477}: [DhcpNameServer] 192.168.171.2 Tcpip\..\Interfaces\{CC1C115D-392D-4742-B026-707A9E99D0FE}: [DhcpNameServer] 192.168.148.1 ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 419ea4b7; c:\Program Files\SegmentAssister\SegmentAssister.dll [1628160 2015-05-10] () S2 BrsHelper; C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560 2015-03-29] () S2 amsint32;c:\program files\microsoft\desktoplayer.exe () S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 vmvss; C:\Windows\system32\dllhost.exe /Processid:{6F243D4E-40A4-48EF-B1AD-A18F163EDF0E} S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-23 1255736] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) S3 PNPMEM; C:\Windows\System32\DRIVERS\pnpmem.sys [13312 2009-07-14] (Microsoft Corporation) S3 cpuz134; \??\C:\Users\User~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys DDC040FDB01EF1712A6B13E52AFB104C C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdsata.sys 2101A86C25C154F8314B24EF49D7FBC2 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdxata.sys B81C2B5616F6420A9941EA093A92B150 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961 C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys 8E09E52EE2E3CEB199EF3DD99CF9E3FB C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 39806CFEDDCC55E686A49BCCD2972F23 C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys 5592F5DBA26282D24D2B080EB438A4D7 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys 3C21F7E95FFCA33EF1A83AA33D9663CF C:\Windows\system32\drivers\mwac.sys 167BCE00050B19DA25065335645A3C7A C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys F4A054BE78AF7F410129C4B64B07DC9B C:\Windows\System32\DRIVERS\mrxsmb10.sys DEFFA295BD1895C6ED8E3078412AC60B C:\Windows\System32\DRIVERS\mrxsmb20.sys 24D76ABE5DCAD22F19D105F76FDF0CE1 C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 3795DCD21F740EE799FB7223234215AF C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nvraid.sys 3F3D04B1D08D43C16EA7963954EC768D C:\Windows\system32\DRIVERS\nvstor.sys C99F251A5DE63C6F129CF71933ACED0F C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pnpmem.sys 0C0FF5946A63C75A3D4D0CB35F787B12 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6 C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075 C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys 801371BA9782282892D00AADB08EE367 C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Program Files\YTDownloader\sbmntr.sys A73C4FCFF3D58647ACE0AB8E8D78A7DD C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5 C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 2BA4EBC7DFBA845A1EDBE1F75913BE33 C:\Windows\System32\DRIVERS\srv2.sys DCE7E10FEAABD4CAE95948B3DE5340BB C:\Windows\System32\DRIVERS\srvnet.sys B5665BAA2120B8A54E22E9CD07C05106 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF C:\Windows\System32\drivers\tdtcp.sys 7551E91EA999EE9A8E9C331D5A9C31F3 C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542 C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5 C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242 C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00 C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 8455C4ED038EFD09E99327F9D2D48FFA C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys 1C333BFD60F2FED2C7AD5DAF533CB742 C:\Windows\System32\DRIVERS\usbhub.sys EE6EF93CCFA94FAE8C6AB298273D8AE2 C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27 C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583 C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vm3dmp.sys EDEA4B6A692F14588A4DA213C4AE4A29 C:\Windows\System32\DRIVERS\vmci.sys D644FFEA14778DDA59BDA8492BCED4B6 C:\Windows\System32\drivers\vmhgfs.sys C39E0E654DBEB1F5251EC1BE34DF71D2 C:\Windows\System32\DRIVERS\vmmouse.sys B6983C9957C2F613BF1C392EF934EB18 C:\Windows\System32\DRIVERS\vmusbmouse.sys 484CBCC4CCD0144E8410C17899441856 C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3 C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vsock.sys 843081D296F617DDFAE4D70F2564C852 C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-07-25 07:26 - 2015-07-11 07:26 - 00000000 ____D () C:\FRST 2015-05-11 16:00 - 2015-05-14 16:00 - 00000000 ____D () C:\Program Files\tmp 2015-05-11 14:45 - 2015-05-13 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Buqomo 2015-05-11 14:45 - 2015-05-11 14:45 - 00000000 ____D () C:\Users\User\AppData\Local\pajofoys\xgbbpofj.exe 2015-05-11 13:26 - 2015-04-27 05:26 - 00027008 ____D () C:\Windows\System32\drivers\Diskdump.sys 2015-05-11 05:26 - 2014-04-27 09:18 - 00961024 _____ () C:\Windows\System32\CPFilters.dll 2015-05-11 05:26 - 2014-08-09 11:16 - 00552960 _____ () C:\Windows\System32\msdri.dll 2015-05-11 05:26 - 2014-08-09 11:14 - 00288256 _____ () C:\Windows\System32\MSNP.ax 2015-05-11 05:26 - 2014-08-09 11:14 - 00258560 _____ () C:\Windows\System32\mpg2splt.ax 2015-05-11 05:26 - 2014-08-09 11:14 - 00204288 _____ () C:\Windows\System32\MSNP.ax 2015-05-11 05:26 - 2014-08-09 11:14 - 00199680 _____ () C:\Windows\System32\mpg2splt.ax 2015-05-10 18:17 - 2015-05-10 18:17 - 00409600 _____ () C:\Users\User\AppData\Roaming\watermark.exe 2015-05-10 18:11 - 2015-05-10 18:15 - 00000000 ____D () C:\Users\User\AppData\Local\BrowserHelper 2015-05-10 18:03 - 2015-05-10 18:03 - 00000000 ____D () C:\Program Files\Send using Gmail 2015-05-10 18:03 - 2015-05-10 18:03 - 00000000 ____D () C:\Program Files\SegmentAssister 2015-05-09 11:36 - 2015-05-09 11:36 - 00000000 ____D () C:\_OTL 2015-05-09 07:25 - 2015-05-09 07:30 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-05-09 07:25 - 2015-05-09 07:25 - 00035064 _____ () C:\Windows\System32\Drivers\TrueSight.sys 2015-05-09 07:14 - 2015-05-09 07:14 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2015-05-08 07:39 - 2015-05-08 07:39 - 00000000 ____D () C:\Users\User\Doctor Web 2015-05-08 07:24 - 2015-05-10 18:16 - 00000000 ___HD () C:\Users\User\Desktop\ufr_reports 2015-05-08 07:24 - 2015-05-08 07:25 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin 2015-05-08 07:22 - 2015-05-10 17:59 - 00000000 ____D () C:\Program Files\ZHPDiag 2015-05-05 18:22 - 2015-05-10 17:57 - 00001379 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-05 18:21 - 2015-05-05 18:21 - 00000182 _____ () C:\Windows\wininit.ini 2015-05-04 18:59 - 2015-05-09 07:12 - 00084320 _____ () C:\Windows\PFRO.log 2015-05-04 18:54 - 2015-05-08 07:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2015-05-04 18:54 - 2015-05-04 18:54 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-04 18:54 - 2015-05-04 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-04 18:54 - 2015-05-04 18:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-05-04 18:54 - 2015-04-14 08:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2015-05-04 18:54 - 2015-04-14 08:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2015-05-04 18:54 - 2015-04-14 08:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2015-05-04 11:18 - 2015-05-08 07:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ZHP 2015-05-03 21:51 - 2015-02-24 03:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2015-05-02 19:43 - 2015-05-02 18:49 - 00000000 ____D () C:\Windows\Panther 2015-05-02 19:42 - 2015-05-02 19:42 - 00008192 __RSH () C:\BOOTSECT.BAK 2015-05-02 19:42 - 2009-07-14 02:38 - 00383562 __RSH () C:\bootmgr 2015-05-02 19:22 - 2015-05-02 19:22 - 00014834 _____ () C:\Users\User\Downloads\epm.xml 2015-05-02 19:16 - 2015-05-03 23:33 - 00000000 ____D () C:\Program Files\Google 2015-05-02 19:16 - 2015-05-02 19:17 - 00000000 ____D () C:\Users\User\AppData\Local\Google 2015-05-02 19:15 - 2015-05-02 19:16 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment 2015-05-02 19:15 - 2015-05-02 19:15 - 00057560 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-02 19:12 - 2015-05-08 07:31 - 26522761 _____ () c:\program files\microsoft\desktoplayer.exe 2015-05-02 18:58 - 2015-05-05 18:28 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla 2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 _____ () C:\Windows\nsreg.dat 2015-05-02 18:57 - 2015-05-08 07:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-02 18:57 - 2015-05-05 18:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla 2015-05-02 18:57 - 2015-05-02 18:57 - 00002308 _____ () C:\Windows\mozver.dat 2015-05-02 18:55 - 2015-05-10 17:53 - 01524562 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-05-02 18:49 - 2015-05-10 18:12 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore 2015-05-02 18:49 - 2015-05-08 07:39 - 00000000 ____D () C:\users\User 2015-05-02 18:49 - 2015-05-02 18:49 - 00000020 ___SH () C:\Users\User\ntuser.ini 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Mes vidéos 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Mes images 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Ma musique 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Voisinage réseau 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Voisinage d'impression 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Modèles 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Menu Démarrer 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Mes vidéos 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Mes images 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Ma musique 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historique 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes vidéos 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes images 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Ma musique 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historique 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Voisinage réseau 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Voisinage d'impression 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Modèles 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Menu Démarrer 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Mes vidéos 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Mes images 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Ma musique 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\AppData\Local\Historique 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Modèles 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Menu Démarrer 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Favoris 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Bureau 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Program Files\Fichiers communs 2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 __SHD () C:\Recovery 2015-05-02 18:46 - 2015-05-09 07:24 - 00092756 _____ () C:\Windows\WindowsUpdate.log 2015-05-02 18:44 - 2015-05-02 18:47 - 00001313 _____ () C:\Windows\TSSysprep.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-10 18:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System 2015-05-10 17:49 - 2009-07-14 05:39 - 00017328 _____ () C:\Windows\setupact.log 2015-05-10 17:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2015-05-08 07:35 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media 2015-05-04 18:59 - 2009-07-14 05:34 - 00018432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-04 18:59 - 2009-07-14 05:34 - 00018432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-04 18:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\PLA 2015-05-03 23:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\wfp 2015-05-03 23:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\Msdtc 2015-05-03 21:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles 2015-05-02 19:42 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG 2015-05-02 19:42 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\System32\config\BCD-Template 2015-05-02 18:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-05-02 18:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\System32\restore 2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 __RHD () C:\users\Default 2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT 2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-05-02 18:48 - 2009-07-14 05:33 - 00266928 _____ () C:\Windows\System32\FNTCACHE.DAT 2015-05-02 18:44 - 2009-07-14 05:34 - 00001774 _____ () C:\Windows\DtcInstall.log Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\8140.exe C:\Users\User\AppData\Local\Temp\dllnt_dump.dll C:\Users\User\AppData\Local\Temp\MWF[BEST-HACK.RU 12.07.2013].exe C:\Users\User\AppData\Local\Temp\sdfDB6.exe Some zero byte size files/folders: ========================== X:\windows\system32\Drivers\rasirda.sys ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2015-05-06 21:17:14 ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 3071.29 MB Available physical RAM: 2375.15 MB Total Pagefile: 6140.76 MB Available Pagefile: 5475.93 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:25.91 GB) NTFS Drive d: (Nouveau nom) (Fixed) (Total:270.45 GB) (Free:267.76 GB) NTFS Drive e: (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: () (Fixed) (Total:270.35 GB) (Free:264.98 GB) NTFS Drive g: () (Fixed) (Total:195.31 GB) (Free:148.67 GB) NTFS Drive h: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.02 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DFD444C5) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=270.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) LastRegBack: 2015-05-02 18:43 ==================== End Of Log ============================