View original (French)

Virus ? continuer l'installation en direct

Solved
cmoijaijai Posted messages 15 Status Membre -  
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   -
Hello,
Since yesterday, I have a program that starts on its own and asks me to install something. I refuse, then a shortcut is added to my desktop under the name: continue live installation.
I have tried several things, including the famous zhp diag/fix etc.... which at first glance seemed to have removed it, but unfortunately this morning it came back!
Does anyone have a solution?
I am using Windows seven 64bits.
Thanks

7 réponses

Réponse 1 / 7
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Hello,

You have installed adware and potentially unwanted programs on your PC.
Here is the procedure to follow to remove them:

Start with this:

Follow the AdwCleaner tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner (by Xplode)
Download AdwCleaner to your desktop.
Launch AdwCleaner, click on [Scan].
The scan may take several minutes, please wait.
Once the scan is complete, click on [Clean]

Once the cleaning is finished, a report will open. Copy/paste the contents of the report into your next reply by copy/pasting.
If that doesn't work, use the site http://pjjoint.malekal.com to host the report, provide the link to the report in a new message.
Note: The report is also saved under C:\AdwCleaner[S1].txt

then:

Follow this tutorial: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
This will generate two FRST reports.
Send these two reports to the site http://pjjoint.malekal.com as explained, and provide the three pjjoint links for these reports so they can be reviewed.

--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
tyl
 
here is my report
# AdwCleaner v4.203 - Report created on 09/05/2015 at 11:37:24
# Updated on 04/30/2015 by Xplode
# Database: 2015-09-04.4 [Server]
# Operating System: Windows 7 Home Premium Service Pack 1 (x64)
# Username: Hp - HP-PC
# Run from: C:\Users\Hp\Downloads\adwcleaner_4.203.exe
# Option: Clean
          • [ Services ] *****


[#] Service Deleted: QQPCRTP
[#] Service Deleted: TSDefenseBt
[#] Service Deleted: TSSKX64
          • [ Files / Folders ] *****


Folder Deleted: C:\ProgramData\tencent
Folder Deleted: C:\ProgramData\TXQMPC
Folder Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted: C:\Program Files (x86)\DriverRestore
Folder Deleted: C:\Program Files (x86)\tencent
Folder Deleted: C:\Program Files (x86)\Exploremedia
Folder Deleted: C:\Users\Hp\AppData\Roaming\ASPackage
Folder Deleted: C:\Users\Hp\AppData\Roaming\tencent
Folder Deleted: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\gohtakpr.default\Extensions\***@***
File Deleted: C:\Windows\System32\drivers\TSSKX64.sys
File Deleted: C:\Windows\System32\drivers\TFsFltX64.sys
File Deleted: C:\Users\Hp\Desktop\Continue Live Installation.lnk
          • [ Scheduled Tasks ] *****
          • [ Shortcuts ] *****
          • [ Registry ] *****


Key Deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Deleted: HKCU\Software\eSupport.com
Key Deleted: HKCU\Software\DriverRestore
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Data Deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
          • [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.17937

Restored Setting: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Restored Setting: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v40.0.3 (x86 fr)

[gohtakpr.default\prefs.js] - Line Deleted: user_pref("extensions.a6a1a03975fde4c8690f6b883c36bc17d88519bfe704d8cae3851239com74253.74253.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2[...]
[gohtakpr.default\prefs.js] - Line Deleted: user_pref("extensions.a6a1a03975fde4c8690f6b883c36bc17d88519bfe704d8cae3851239com74253.74253.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%[...]
[gohtakpr.default\prefs.js] - Line Deleted: user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon[...]
[gohtakpr.default\prefs.js] - Line Deleted: user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]

-\\ Google Chrome v


-\\ Comodo Dragon v


-\\ Chrome Canary v


            AdwCleaner[R0].txt - [14636 bytes] - [03/06/2014 03:17:21]
            AdwCleaner[R10].txt - [6220 bytes] - [13/08/2014 13:59:14]
            AdwCleaner[R11].txt - [12907 bytes] - [16/09/2014 14:54:32]
            AdwCleaner[R12].txt - [23376 bytes] - [03/01/2015 01:52:06]
            AdwCleaner[R13].txt - [6770 bytes] - [30/01/2015 01:00:05]
            AdwCleaner[R14].txt - [2723 bytes] - [25/02/2015 14:14:08]
            AdwCleaner[R15].txt - [18288 bytes] - [06/03/2015 18:10:25]
            AdwCleaner[R16].txt - [4011 bytes] - [22/03/2015 14:50:43]
            AdwCleaner[R17].txt - [47704 bytes] - [10/05/2015 15:11:35]
            AdwCleaner[R18].txt - [21815 bytes] - [10/05/2015 21:05:32]
            AdwCleaner[R19].txt - [16913 bytes] - [15/05/2015 20:42:26]
            AdwCleaner[R1].txt - [19004 bytes] - [07/03/2014 23:22:29]
            AdwCleaner[R20].txt - [18950 bytes] - [21/06/2015 13:19:48]
            AdwCleaner[R21].txt - [334 bytes] - [24/08/2015 16:32:09]
            AdwCleaner[R22].txt - [25856 bytes] - [24/08/2015 16:33:22]
            AdwCleaner[R23].txt - [46915 bytes] - [24/08/2015 17:10:01]
            AdwCleaner[R24].txt - [70602 bytes] - [24/08/2015 17:19:14]
            AdwCleaner[R25].txt - [96917 bytes] - [24/08/2015 17:36:18]
            AdwCleaner[R26].txt - [125862 bytes] - [24/08/2015 17:56:02]
            AdwCleaner[R27].txt - [157473 bytes] - [24/08/2015 18:16:27]
            AdwCleaner[R28].txt - [181380 bytes] - [24/08/2015 18:37:04]
            AdwCleaner[R29].txt - [26332 bytes] - [24/08/2015 18:49:27]
            AdwCleaner[R2].txt - [29215 bytes] - [12/03/2014 22:35:11]
            AdwCleaner[R30].txt - [47430 bytes] - [24/08/2015 18:56:24]
            AdwCleaner[R31].txt - [12092 bytes] - [03/09/2015 14:02:41]
            AdwCleaner[R32].txt - [6891 bytes] - [09/05/2015 11:35:02]
            AdwCleaner[R3].txt - [29911 bytes] - [12/03/2014 22:53:19]
            AdwCleaner[R4].txt - [27864 bytes] - [06/07/2014 11:14:33]
            AdwCleaner[R5].txt - [2122 bytes] - [29/06/2014 15:08:11]
            AdwCleaner[R6].txt - [2182 bytes] - [29/06/2014 15:09:26]
            AdwCleaner[R7].txt - [16539 bytes] - [16/07/2014 12:19:04]
            AdwCleaner[R8].txt - [2469 bytes] - [18/07/2014 12:49:56]
            AdwCleaner[R9].txt - [6226 bytes] - [13/08/2014 13:34:49]
            AdwCleaner[S0].txt - [12256 bytes] - [06/03/2014 03:18:29]
            AdwCleaner[S10].txt - [6767 bytes] - [30/01/2015 01:05:38]
            AdwCleaner[S11].txt - [2800 bytes] - [25/02/2015 14:22:43]
            AdwCleaner[S12].txt - [17255 bytes] - [06/03/2015 18:13:54]
            AdwCleaner[S13].txt - [4132 bytes] - [22/03/2015 14:57:15]
            AdwCleaner[S14].txt - [43589 bytes] - [10/05/2015 15:13:34]
            AdwCleaner[S15].txt - [18885 bytes] - [10/05/2015 21:07:23]
            AdwCleaner[S16].txt - [14413 bytes] - [15/05/2015 20:44:15]
            AdwCleaner[S17].txt - [16602 bytes] - [21/06/2015 13:22:03]
            AdwCleaner[S18].txt - [27313 bytes] - [24/08/2015 19:12:18]
            AdwCleaner[S19].txt - [11645 bytes] - [03/09/2015 14:05:14]
            AdwCleaner[S1].txt - [7825 bytes] - [07/03/2014 23:25:46]
            AdwCleaner[S20].txt - [6239 bytes] - [09/05/2015 11:37:24]
            AdwCleaner[S2].txt - [26731 bytes] - [12/03/2014 23:01:47]
            AdwCleaner[S3].txt - [25121 bytes] - [06/07/2014 11:15:42]
            AdwCleaner[S4].txt - [2252 bytes] - [29/06/2014 15:10:41]
            AdwCleaner[S5].txt - [12946 bytes] - [16/07/2014 12:20:39]
            AdwCleaner[S6].txt - [2501 bytes] - [18/07/2014 12:55:27]
            AdwCleaner[S7].txt - [6158 bytes] - [13/08/2014 14:05:44]
            AdwCleaner[S8].txt - [10439 bytes] - [16/09/2014 14:56:02]
            AdwCleaner[S9].txt - [22067 bytes] - [03/01/2015 01:56:49]

            ########## EOF - C:\AdwCleaner\AdwCleaner[S20].txt - [6785 bytes] ##########
0
Réponse 2 / 7
cmoijaijai Posted messages 15 Status Membre
 
Here is the first report. I will continue with the other two in a few minutes.

# AdwCleaner v4.111 - Report created on 24/02/2015 at 14:33:15
# Updated on 18/02/2015 by Xplode
# Database: 2015-02-18.3 [Server]
# Operating System: Windows 7 Home Premium Service Pack 1 (x64)
# Username: jerome - JEROME-PC
# Executed from: C:\Users\jerome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BBY4ZF9\adwcleaner_4.111.exe
# Option: Clean
          • [ Services ] *****
          • [ Files / Folders ] *****


File Deleted: C:\Users\jerome\Desktop\Continue Live Installation.lnk
          • [ Scheduled Tasks ] *****
          • [ Shortcuts ] *****
          • [ Registry ] *****


Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
          • [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.17631

-\\ Google Chrome v40.0.2214.115


      • AdwCleaner[R0].txt - [1020 bytes] - [24/02/2015 14:26:30]
        AdwCleaner[S0].txt - [949 bytes] - [24/02/2015 14:33:15]

        ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1008 bytes] ##########
0
Réponse 3 / 7
cmoijaijai Posted messages 15 Status Membre
 
Here are the three reports:

https://pjjoint.malekal.com/files.php?id=20150224_s13f8d6s14l12
https://pjjoint.malekal.com/files.php?id=20150224_g5y11f13n13t12
https://pjjoint.malekal.com/files.php?id=20150224_r11w11k9i5r13
0
Réponse 4 / 7
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Here is the correction to be made with FRST.
You can refer to this explanatory note with screenshots to assist you: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Open Notepad: Windows key + R, in the run box, type notepad and hit OK.
Copy/paste the following into it:

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
R2 kekehuxi; C:\Users\jerome\AppData\Roaming\84F35E00-1424699139-81E1-3212-10BF481BC437\jnsnD7F8.tmp [96256 2015-02-23] () [File not signed]
R2 dozohylo; C:\Users\jerome\AppData\Roaming\84F35E00-1424699139-81E1-3212-10BF481BC437\nsiA31D.tmpfs [X]
2015-02-23 13:47 - 2015-02-23 13:52 - 00000000 ____D () C:\Users\jerome\AppData\Local\84F35E00-1424699230-81E1-3212-10BF481BC437
2015-02-23 13:45 - 2015-02-23 13:46 - 00000000 ____D () C:\Users\jerome\AppData\Roaming\84F35E00-1424699139-81E1-3212-10BF481BC437
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\jerome\AppData\Roaming\FZSNVCQT
Task: {24667D7C-1280-4E42-8EF0-BADC755ED197} - System32\Tasks\{0F28970C-CBCB-4EA1-895F-FFE156BB9C95} => pcalua.exe -a "C:\Users\jerome\Desktop\EMC Style Works 2000 Universal v1.99.exe" -d C:\Users\jerome\Desktop

Once you have pasted the text into Notepad.
File Menu then Save As.
On the left, navigate to the desktop.

In the bottom field, for file name enter: fixlist.txt
Click Save - this will create a fixlist.txt file on the desktop.

Restart FRST which should be on the desktop and click the Fix button
Depending on how it goes a restart might be necessary (not mandatory).
A text file will appear, copy/paste the content here in a new message.

Restart the computer

then reset your browsers:
==================================
Reset your browsers and/or manually reconfigure your WEB browsers (homepage, search engine, etc.) but also remove/disable unnecessary/unwanted extensions:

--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
Réponse 5 / 7
cmoijaijai Posted messages 15 Status Membre
 
Here is the report following the fix

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015
Ran by jerome at 2015-02-24 15:33:46 Run:1
Running from C:\Users\jerome\Desktop
Loaded Profiles: jerome (Available profiles: jerome)
Boot Mode: Normal
==============================================

Content of fixlist:
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
R2 kekehuxi; C:\Users\jerome\AppData\Roaming\84F35E00-1424699139-81E1-3212-10BF481BC437\jnsnD7F8.tmp [96256 2015-02-23] () [File not signed]
R2 dozohylo; C:\Users\jerome\AppData\Roaming\84F35E00-1424699139-81E1-3212-10BF481BC437\nsiA31D.tmpfs [X]
2015-02-23 13:47 - 2015-02-23 13:52 - 00000000 ____D () C:\Users\jerome\AppData\Local\84F35E00-1424699230-81E1-3212-10BF481BC437
2015-02-23 13:45 - 2015-02-23 13:46 - 00000000 ____D () C:\Users\jerome\AppData\Roaming\84F35E00-1424699139-81E1-3212-10BF481BC437
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\jerome\AppData\Roaming\FZSNVCQT
Task: {24667D7C-1280-4E42-8EF0-BADC755ED197} - System32\Tasks\{0F28970C-CBCB-4EA1-895F-FFE156BB9C95} => pcalua.exe -a "C:\Users\jerome\Desktop\EMC Style Works 2000 Universal v1.99.exe" -d C:\Users\jerome\Desktop

C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe => Moved successfully.
kekehuxi => Service stopped successfully.
kekehuxi => Service deleted successfully.
dozohylo => Service stopped successfully.
dozohylo => Service deleted successfully.
C:\Users\jerome\AppData\Local\84F35E00-1424699230-81E1-3212-10BF481BC437 => Moved successfully.
C:\Users\jerome\AppData\Roaming\84F35E00-1424699139-81E1-3212-10BF481BC437 => Moved successfully.
C:\Users\jerome\AppData\Roaming\FZSNVCQT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24667D7C-1280-4E42-8EF0-BADC755ED197}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24667D7C-1280-4E42-8EF0-BADC755ED197}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0F28970C-CBCB-4EA1-895F-FFE156BB9C95} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F28970C-CBCB-4EA1-895F-FFE156BB9C95}" => Key deleted successfully.

End of Fixlog 15:33:52

0
Réponse 6 / 7
cmoijaijai Posted messages 15 Status Membre
 
For the moment, everything is fine; if there is an issue, I will not hesitate to come back to ask for your help.
Thanks a million again.
0
Réponse 7 / 7
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
ok =)

Some advice:

Install Malwarebyte's Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Run regular scans with it, it's effective.

To prevent malicious sites, you can install Blockulicious: https://forum.malekal.com/viewtopic.php?t=46656&start=

So you won't get caught again.
Read - Potentially Unwanted Programs (PUPs): https://www.malekal.com/adwares-pup-protection/

The rest of security: http://forum.malekal.com/comment-securiser-son-ordinateur.html

--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
Raspoutine256 Posted messages 2 Registration date   Status Membre Last intervention  
 
Hello Malekal,

I have the same problem as cestmoijaijai that you just helped. Can I count on your help as well? If so, where should I post the Adwcleaner reports?

Thank you in advance :)
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Hi,

Follow the procedure, provide the links to the reports.
0
tylon Posted messages 4 Status Membre
 
Hello,
same problem for me...
I’m sending you the Adwcleaner report
Thanks!

Here is my report
# AdwCleaner v4.203 - Report created on 09/05/2015 at 11:37:24
# Updated on 04/30/2015 by Xplode
# Database: 2015-09-04.4 [Server]
# Operating System: Windows 7 Home Premium Service Pack 1 (x64)
# Username: Hp - HP-PC
# Run from: C:\Users\Hp\Downloads\adwcleaner_4.203.exe
# Option: Clean

[ Services ] *****



[#] Service Removed: QQPCRTP
[#] Service Removed: TSDefenseBt
[#] Service Removed: TSSKX64

[ Files / Folders ] *****



Folder Removed: C:\ProgramData\tencent
Folder Removed: C:\ProgramData\TXQMPC
Folder Removed: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Removed: C:\Program Files (x86)\DriverRestore
Folder Removed: C:\Program Files (x86)\tencent
Folder Removed: C:\Program Files (x86)\Exploremedia
Folder Removed: C:\Users\Hp\AppData\Roaming\ASPackage
Folder Removed: C:\Users\Hp\AppData\Roaming\tencent
Folder Removed: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\gohtakpr.default\Extensions\***@***
File Removed: C:\Windows\System32\drivers\TSSKX64.sys
File Removed: C:\Windows\System32\drivers\TFsFltX64.sys
File Removed: C:\Users\Hp\Desktop\Continue Live Installation.lnk

[ Scheduled Tasks ] *****
[ Shortcuts ] *****
[ Registry ] *****



Key Removed: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Removed: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Removed: HKCU\Software\eSupport.com
Key Removed: HKCU\Software\DriverRestore
Key Removed: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Removed: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Data Removed: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Removed: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

[ Browsers ] *****



-\\ Internet Explorer v11.0.9600.17937

Restored Setting: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Restored Setting: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v40.0.3 (x86 fr)

[gohtakpr.default\prefs.js] - Line Removed: user_pref("extensions.a6a1a03975fde4c8690f6b883c36bc17d88519bfe704d8cae3851239com74253.74253.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2[...]
[gohtakpr.default\prefs.js] - Line Removed: user_pref("extensions.a6a1a03975fde4c8690f6b883c36bc17d88519bfe704d8cae3851239com74253.74253.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%[...]
[gohtakpr.default\prefs.js] - Line Removed: user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon[...]
[gohtakpr.default\prefs.js] - Line Removed: user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]

-\\ Google Chrome v


-\\ Comodo Dragon v


-\\ Chrome Canary v



AdwCleaner[R0].txt - [14636 bytes] - [06/03/2014 03:17:21]
AdwCleaner[R10].txt - [6220 bytes] - [13/08/2014 13:59:14]
AdwCleaner[R11].txt - [12907 bytes] - [16/09/2014 14:54:32]
AdwCleaner[R12].txt - [23376 bytes] - [03/01/2015 01:52:06]
AdwCleaner[R13].txt - [6770 bytes] - [30/01/2015 01:00:05]
AdwCleaner[R14].txt - [2723 bytes] - [25/02/2015 14:14:08]
AdwCleaner[R15].txt - [18288 bytes] - [06/03/2015 18:10:25]
AdwCleaner[R16].txt - [4011 bytes] - [22/03/2015 14:50:43]
AdwCleaner[R17].txt - [47704 bytes] - [10/05/2015 15:11:35]
AdwCleaner[R18].txt - [21815 bytes] - [10/05/2015 21:05:32]
AdwCleaner[R19].txt - [16913 bytes] - [15/05/2015 20:42:26]
AdwCleaner[R1].txt - [19004 bytes] - [07/03/2014 23:22:29]
AdwCleaner[R20].txt - [18950 bytes] - [21/06/2015 13:19:48]
AdwCleaner[R21].txt - [334 bytes] - [24/08/2015 16:32:09]
AdwCleaner[R22].txt - [25856 bytes] - [24/08/2015 16:33:22]
AdwCleaner[R23].txt - [46915 bytes] - [24/08/2015 17:10:01]
AdwCleaner[R24].txt - [70602 bytes] - [24/08/2015 17:19:14]
AdwCleaner[R25].txt - [96917 bytes] - [24/08/2015 17:36:18]
AdwCleaner[R26].txt - [125862 bytes] - [24/08/2015 17:56:02]
AdwCleaner[R27].txt - [157473 bytes] - [24/08/2015 18:16:27]
AdwCleaner[R28].txt - [181380 bytes] - [24/08/2015 18:37:04]
AdwCleaner[R29].txt - [26332 bytes] - [24/08/2015 18:49:27]
AdwCleaner[R2].txt - [29215 bytes] - [12/03/2014 22:35:11]
AdwCleaner[R30].txt - [47430 bytes] - [24/08/2015 18:56:24]
AdwCleaner[R31].txt - [12092 bytes] - [03/09/2015 14:02:41]
AdwCleaner[R32].txt - [6891 bytes] - [05/09/2015 11:35:02]
AdwCleaner[R3].txt - [29911 bytes] - [12/03/2014 22:53:19]
AdwCleaner[R4].txt - [27864 bytes] - [07/06/2014 11:14:33]
AdwCleaner[R5].txt - [2122 bytes] - [29/06/2014 15:08:11]
AdwCleaner[R6].txt - [2182 bytes] - [29/06/2014 15:09:26]
AdwCleaner[R7].txt - [16539 bytes] - [16/07/2014 12:19:04]
AdwCleaner[R8].txt - [2469 bytes] - [18/07/2014 12:49:56]
AdwCleaner[R9].txt - [6226 bytes] - [13/08/2014 13:34:49]
AdwCleaner[S0].txt - [12256 bytes] - [06/03/2014 03:18:29]
AdwCleaner[S10].txt - [6767 bytes] - [30/01/2015 01:05:38]
AdwCleaner[S11].txt - [2800 bytes] - [25/02/2015 14:22:43]
AdwCleaner[S12].txt - [17255 bytes] - [06/03/2015 18:13:54]
AdwCleaner[S13].txt - [4132 bytes] - [22/03/2015 14:57:15]
AdwCleaner[S14].txt - [43589 bytes] - [10/05/2015 15:13:34]
AdwCleaner[S15].txt - [18885 bytes] - [10/05/2015 21:07:23]
AdwCleaner[S16].txt - [14413 bytes] - [15/05/2015 20:44:15]
AdwCleaner[S17].txt - [16602 bytes] - [21/06/2015 13:22:03]
AdwCleaner[S18].txt - [27313 bytes] - [24/08/2015 19:12:18]
AdwCleaner[S19].txt - [11645 bytes] - [03/09/2015 14:05:14]
AdwCleaner[S1].txt - [7825 bytes] - [07/03/2014 23:25:46]
AdwCleaner[S20].txt - [6239 bytes] - [05/09/2015 11:37:24]
AdwCleaner[S2].txt - [26731 bytes] - [12/03/2014 23:01:47]
AdwCleaner[S3].txt - [25121 bytes] - [07/06/2014 11:15:42]
AdwCleaner[S4].txt - [2252 bytes] - [29/06/2014 15:10:41]
AdwCleaner[S5].txt - [12946 bytes] - [16/07/2014 12:20:39]
AdwCleaner[S6].txt - [2501 bytes] - [18/07/2014 12:55:27]
AdwCleaner[S7].txt - [6158 bytes] - [13/08/2014 14:05:44]
AdwCleaner[S8].txt - [10439 bytes] - [16/09/2014 14:56:02]
AdwCleaner[S9].txt - [22067 bytes] - [03/01/2015 01:56:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S20].txt - [6785 bytes] ##########
0
tylon Posted messages 4 Status Membre
 
Analysis results of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2015
Executed by Hp (administrator) on HP-PC (05-09-2015 16:49:32)
Executed from C:\Users\Hp\Downloads
Profiles loaded: Hp (Available profiles: Hp)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: French (France)
Internet Explorer Version 11 (Default browser: FF)
Boot mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an item is included in the fixlist.txt file, the process will be stopped. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
() C:\ProgramData\CeroHimna\vobwwou.exe
() C:\Program Files (x86)\30464E43-1441283969-3639-5154-C80AA9281904\jnsmA41B.tmp
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\30464E43-1441283969-3639-5154-C80AA9281904\hnsbBE12.tmp
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Word Surfer) C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe
(SoftBrain Technologies Ltd.) C:\Users\Hp\AppData\Local\SmartWeb\SmartWebHelper.exe
(SoftBrain Technologies Ltd.) C:\Users\Hp\AppData\Local\SmartWeb\SmartWebApp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\CeroHimna\vobawou.exe
() C:\Users\Hp\AppData\Local\Temp\nsx39D.tmp
() C:\Users\Hp\AppData\Local\gmsd_es_005010080\upgmsd_es_005010080.exe
() C:\Program Files (x86)\gmsd_es_005010080\gmsd_es_005010080.exe
() C:\Users\Hp\AppData\Local\Temp\nsz3C02.tmp
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\30464E43-1441283969-3639-5154-C80AA9281904\knsj8ACE.tmp


==================== Registry (Whitelisted) ===========================

(If an item is included in the fixlist.txt file, the registry item will be restored to default value or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5207272 2015-09-03] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" (the data item has 65 characters in addition).
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Hp\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_es_005010080] => C:\Program Files (x86)\gmsd_es_005010080\gmsd_es_005010080.exe [3982992 2015-09-04] ()
HKLM-x32\...\RunOnce: [upgmsd_es_005010080.exe] => C:\Users\Hp\AppData\Local\gmsd_es_005010080\upgmsd_es_005010080.exe [3311760 2015-09-04] ()
HKLM-x32\...\RunOnce: [Update] => C:\Users\Hp\AppData\Roaming\ASPackage\ASPackage.exe /runonce
HKU\S-1-5-21-2193914219-2526987996-3137271002-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-2193914219-2526987996-3137271002-1000\...\Run: [uTorrent] => C:\Users\Hp\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-02-25] (BitTorrent Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-08] (Microsoft Corporation)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\itunes.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\utorrent.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMGCShellExt64.dll No file
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
Startup: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-09-05]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Hp\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Group policy on Chrome detected < <======= WARNING
CHR HKLM\SOFTWARE\Policies\Google: Policy Restriction < <======= WARNING

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist.txt file, if it is a registry item, it will be deleted or restored to default value.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{1152FFF2-0339-47C3-9644-9255094A0B17}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{489AAF8C-8954-4656-835B-FFC7A5555897}: [NameServer] 172.18.13.1
Tcpip\..\Interfaces\{489AAF8C-8954-4656-835B-FFC7A5555897}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{801BF064-AAEE-4A77-8A7F-BBB3D131C85B}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{BAC782BF-813B-4A06-8E1F-2B74DF8D55BF}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130848119124450031&GUID=36F29B78-60B2-4381-A7C4-BE3DB7E986AA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2193914219-2526987996-3137271002-1000 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-24] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-24] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Users\Hp\Documents\iTools\Plugin\iToolsBHO.dll [2014-05-17] (iTools.hk)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No file

FireFox:
========
FF ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\gohtakpr.default
FF SelectedSearchEngine: webssearches
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-23] ()
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No file]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No file]
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No file]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Users\Hp\Documents\iTools\Plugin\npiTools.dll [2014-05-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No file]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: CinemaPlus-4.2v - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\gohtakpr.default\Extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [2015-09-05]
FF Extension: CinemaPlus-3.2c - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\gohtakpr.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-09-05]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= WARNING
CHR Profile: C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgknedgcldhmimbfgbkimjoeplennnil [2014-03-07]
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikdacjeghfiplnmgkflpkmobmoakdgb [2014-03-08]
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaifpmleakpkgmalbaphoafbidejoldp [2014-03-07]
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhglpdapfkjpmaahgaalpalbgedkmnm [2014-03-05]
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\haeicfcmofnbpimdjnibndhadpkanfcj [2014-03-07]
CHR Extension: (Easy Surf) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj [2014-09-10]
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iadleionbiicbakamefpkhbpgochmefj [2014-03-05]
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\igcnondhihhgklilmmnlofgbgoihonjn [2014-03-07]
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaaploplgbfgihkkiemcgedknmedgpc [2014-03-07]
CHR Extension: (Share the Wealth) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2014-03-07]
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\loeplccmgifjblbpobegmkcljobefphp [2014-03-07]
CHR Extension: (No name) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpahbkpnghjelcbhcaffpjjjogfoeihp [2014-03-07]
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an item is included in the fixlist.txt file, it will be deleted from the registry. The file will not be moved unless separately listed.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Unsigned file]
R2 avewloutid; C:\ProgramData\CeroHimna\vobwwou.exe [124864 2015-08-22] () [Unsigned file]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 guxewery; C:\Program Files (x86)\30464E43-1441283969-3639-5154-C80AA9281904\knsj8ACE.tmp [1380352 2015-09-05] () [Unsigned file]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 jimocoso; C:\Program Files (x86)\30464E43-1441283969-3639-5154-C80AA9281904\jnsmA41B.tmp [227328 2015-09-03] () [Unsigned file]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5207272 2015-09-03] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Unsigned file]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 totyseku; C:\Program Files (x86)\30464E43-1441283969-3639-5154-C80AA9281904\hnsbBE12.tmp [137728 2015-09-03] () [Unsigned file]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2014-11-24] (AVG Technologies)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [36352 2015-09-04] () [Unsigned file]
R2 ujepxekjye; C:\ProgramData\CeroHimna\vobawou.exe [124864 2015-08-22] () [Unsigned file]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-12] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-16] (Word Surfer)
S4 rkdownilad; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an item is included in the fixlist.txt file, it will be deleted from the registry. The file will not be moved unless separately listed.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016
0
tylon Posted messages 4 Status Membre
 
Results of the additional analysis of Farbar Recovery Scan Tool (x64) Version: 04-09-2015
Executed by Hp (2015-09-05 16:56:38)
Executed from C:\Users\Hp\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2193914219-2526987996-3137271002-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2193914219-2526987996-3137271002-1003 - Limited - Enabled)
Hp (S-1-5-21-2193914219-2526987996-3137271002-1000 - Administrator - Enabled) => C:\Users\Hp
Guest (S-1-5-21-2193914219-2526987996-3137271002-501 - Limited - Disabled)

==================== Security Center ========================

(If an item is included in the fixlist.txt file, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only adware programs marked as 'hidden' are likely to be added to the fixlist.txt file to be no longer hidden. Adware programs will need to be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2193914219-2526987996-3137271002-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
adblocker (HKLM-x32\...\{F7F538FD-5E2F-47CF-8669-5BC9B0B6A126}) (Version: 1.1.0.31 - adblocker) <==== WARNING
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-040C-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Angry Birds Star Wars (HKLM-x32\...\{3EF6F0AE-5471-44BF-9809-B6FAD9D04478}) (Version: 1.1.2 - Rovio)
Apple Application Support (32 bits) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD 2014 - Français (French) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Français (French) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - Français (French) (HKLM\...\AutoCAD 2014 - Français (French)) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
AVG PC TuneUp 2015 (fr-FR) (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.238 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
GamesDesktop 002.005010080 (HKLM-x32\...\gmsd_es_005010080_is1) (Version: - GAMESDESKTOP) <==== WARNING
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
Hydrogen 0.9.6 preview release for windows (HKLM-x32\...\{B24839E5-A70C-48AD-B4D9-B9FB46B4B038}_is1) (Version: - hydrogen-music.org)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6276.0 - IDT)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Cleaner (x32 Version: 1.1.6.2 - Pandaje Group) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Updates 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime Language Pack (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 fr) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 fr)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA HD Audio Driver: 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Microsoft Office 2013 - French Language Tools (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NVIDIA Control Panel 341.44 (Version: 341.44 - NVIDIA Corporation) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype(TM) 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== WARNING
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.18.9570 - SoftEther VPN Project)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
TuneUp Utilities 2014 (fr-FR) (x32 Version: 14.0.1000.93 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (fr-FR) (x32 Version: 13.0.4000.264 - TuneUp Software) Hidden
TunnelBear (HKLM-x32\...\{b4cc6c14-7f48-445f-a563-aa0b1a1efcdb}) (Version: 2.3.17.0 - TunnelBear)
TunnelBear (x32 Version: 2.3.17.0 - TunnelBear) Hidden
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-040C-1000-0000000FF1CE}_Office15.PROPLUS_{DD51BA84-F589-4939-B5FE-5538B3DCC12E}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WordSurfer 1.10.0.19 (HKLM-x32\...\WordSurfer_1.10.0.19) (Version: 1.10.0.19 - WordSurfer)
Yahoo Community Smartbar Engine (HKU\S-1-5-21-2193914219-2526987996-3137271002-1000\...\{95853dd5-9936-4e89-854e-4f87b84cf655}) (Version: 11.63.66.17714 - Linkury Inc.) <==== WARNING

==================== Custom CLSID (With whitelist): ==========================

(If an item is included in the fixlist.txt file, it will be removed from the registry. The file will not be moved, unless separately registered.)

CustomCLSID: HKU\S-1-5-21-2193914219-2526987996-3137271002-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2193914219-2526987996-3137271002-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2193914219-2526987996-3137271002-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2193914219-2526987996-3137271002-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\fr-FR\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

23-08-2015 17:40:04 TunnelBear
23-08-2015 17:44:37 Driver package installed: TunnelBear Provider V9 Network Cards
23-08-2015 18:27:59 Removed Boxore Client
23-08-2015 18:29:43 Removed Autodesk Material Library 2014.
23-08-2015 18:56:44 Removed Boxore Client
23-08-2015 19:37:09 Windows Update
03-09-2015 13:25:10 Driver package installed: SoftEther Corporation Network Cards
03-09-2015 13:56:28 Windows Update
04-09-2015 17:45:59 TunnelBear
04-09-2015 22:27:06 Windows Update

==================== Hosts content: ===============================

(If necessary, the Hosts command: may be included in the fixlist.txt file to reset the hosts file.)

2015-03-01 17:45 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (With whitelist) =============

(If an item is included in the fixlist.txt file, it will be removed from the registry. The file will not be moved, unless separately registered.)

Task: {00455A2E-649D-43FC-841C-41E36819E30A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {07FCDF4C-8522-491B-B616-DB0B6F403ED3} - \c5b5f03e-ca42-497c-abf8-a1f533e128ee-11 -> No file <==== WARNING
Task: {0F41DF17-7121-4809-8355-F3D1784B756C} - System32\Tasks\69b46fb8-bf6e-4109-b479-04d8d43fcb91-12 => C:\Program Files (x86)\HQProVideo 1.6V02.01\69b46fb8-bf6e-4109-b479-04d8d43fcb91-12.exe <==== WARNING
Task: {113F5CE7-2F1C-4737-A622-92784AA29B3D} - \c5b5f03e-ca42-497c-abf8-a1f533e128ee-1 -> No file <==== WARNING
Task: {1B1D9C84-BC4B-4290-AE1D-03DAEFB2563E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {250C8FC5-A872-498A-BAD2-B84D5935D816} - \e36e30f5-7407-4d30-bac2-b72fa93c846c-1 -> No file <==== WARNING
Task: {25F3BA63-4B16-45CA-ACB2-F9680E42A7BC} - \e36e30f5-7407-4d30-bac2-b72fa93c846c-2 -> No file <==== WARNING
Task: {2B4967B2-2C56-493A-A21C-7538DEAC9188} - System32\Tasks\Tempo Runner vobdwou => C:\ProgramData\CeroHimna\vobawou.exe [2015-08-22] ()
Task: {32E4D11E-D4F9-4302-8417-7A7E19C3631E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {34B0931F-7239-4866-82D5-65CE84F394ED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {37B8FE59-7DA2-4950-B2C1-8A6C478E6317} - System32\Tasks\69b46fb8-bf6e-4109-b479-04d8d43fcb91-2 => C:\Program Files (x86)\HQProVideo 1.6V02.01\69b46fb8-bf6e-4109-b479-04d8d43fcb91-2.exe <==== WARNING
Task: {41772BCA-C38B-4FF1-8EED-A987DEB4B064} - System32\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-4 => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-4.exe <==== WARNING
Task: {42D3E18E-03E3-4307-8203-5415E2410A29} - System32\Tasks\69b46fb8-bf6e-4109-b479-04d8d43fcb91-1 => C:\Program Files (x86)\HQProVideo 1.6V02.01\HQProVideo 1.6V02.01-codedownloader.exe <==== WARNING
Task: {43B9A9A9-B6E3-4380-804F-BA8BF0C8859D} - System32\Tasks\{F0AB7140-9B7D-4987-86EF-857B46D6D74F} => pcalua.exe -a C:\Users\Hp\Downloads\sp51029.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {460D1B1A-8FDE-4EE6-AFD3-BB05327E8CB4} - System32\Tasks\{738D9D79-6A37-4845-9683-4EB0B12C0328} => pcalua.exe -a C:\Users\Hp\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ium6
Task: {4722338B-34BA-4B7D-BAF2-15410AC923FD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {499E2B49-D7BA-41C0-B6B7-5636B76DCFE8} - System32\Tasks\SPBIW_UpdateTask_Time_3130313637303832312d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== WARNING
Task: {4A726AB7-A388-4A05-A76B-0A9DF271B56F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4C457EF7-9260-42C5-98BB-4B9B82BE6DE1} - \c5b5f03e-ca42-497c-abf8-a1f533e128ee-2 -> No file <==== WARNING
Task: {5179EC37-7550-4541-947B-A7826A0A9E91} - \c5b5f03e-ca42-497c-abf8-a1f533e128ee-3 -> No file <==== WARNING
Task: {57A270ED-A074-4683-B3C8-A5C5144C37E9} - System32\Tasks\HJPQXRTER => C:\ProgramData\c1c05f7061d940b085ed209085e4a787\c1c05f7061d940b085ed209085e4a787.exe <==== WARNING
Task: {65817E11-0CD8-45B6-9DEC-01A28E81F88A} - System32\Tasks\Adobe Online Update Program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {6964AC9D-5B76-492F-B299-B239EBBD523D} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-16] (Word Surfer)
Task: {699E941B-5477-4E06-828E-039696472D8B} - \c5b5f03e-ca42-497c-abf8-a1f533e128ee-5_user -> No file <==== WARNING
Task: {709221ED-1213-4642-8C5C-8AB2839277D6} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Hp\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== WARNING
Task: {7219A7A7-CB55-4E96-A537-E436CFC3448F} - System32\Tasks\WS-Booster-S-1884037147 => c:\programdata\hostit\ws-booster\WS-Booster.exe <==== WARNING
Task: {7641305C-E076-47F4-A13C-E1676A38295C} - System32\Tasks\KMCLF => C:\ProgramData\1a1fd46aab584ca2b99da2dc1dd494df\1a1fd46aab584ca2b99da2dc1dd494df.exe [2015-05-10] () <==== WARNING
Task: {78D8F631-DC4E-4EBD-AEB1-306CB4E424B8} - \e36e30f5-7407-4d30-bac2-b72fa93c846c-3 -> No file <==== WARNING
Task: {816522B8-E071-43EB-870D-565F9F65094E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {8669514D-1706-44BD-9715-F6EAEA6FD003} - System32\Tasks\69b46fb8-bf6e-4109-b479-04d8d43fcb91-4 => C:\Program Files (x86)\HQProVideo 1.6V02.01\69b46fb8-bf6e-4109-b479-04d8d43fcb91-4.exe <==== WARNING
Task: {8A5DFE2E-3120-4C2C-BBC2-57A0115725C9} - System32\Tasks\{4B891C93-A346-4117-9B7F-5C0D1E3D9BB5} => pcalua.exe -a C:\Users\Hp\AppData\Roaming\mystartsearch\UninstallManager.exe -d C:\Users\Hp\AppData\Roaming\mystartsearch
Task: {8EE616E2-A880-4B5D-B0F0-C9007EF1688F} - System32\Tasks\0820c020-f579-4a5d-b7e6-d19ea68c265d-10_user => C:\Program Files (x86)\Media+PlayerVidEd2.5\0820c020-f579-4a5d-b7e6-d19ea68c265d-10.exe <==== WARNING
Task: {93229CDD-9E05-4757-AC9D-36AABA9ED035} - System32\Tasks\Install Google Chrome => C:\Program Files\NixSrv\packages\ecdca85f-1f7e-487f-95a2-13f8e131d194\NixHost.exe
Task: {983EA56D-F45F-40FC-887E-880A5F0A940E} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-16] (Word Surfer)
Task: {9902F091-CC9E-456C-850D-80CEBD489082} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {C07022FD-CCF1-44C0-ABD2-B96B1DF841D5} - System32\Tasks\{8093C749-67D7-430B-8A29-F5E02D5DF673} => pcalua.exe -a C:\Users\Hp\Downloads\Minecraft_install.exe -d C:\Users\Hp\Downloads
Task: {C0B9C45F-A6EF-4C00-AC28-518BA0CE502F} - System32\Tasks\{C240BA73-BC58-4556-93DC-3DE5B083B62B} => pcalua.exe -a "C:\Users\Hp\Desktop\Adobe Photoshop CS2 (9.0) Fr\Crack et Keygen\Crack Activation Photoshop CS2 Fr.exe" -d "C:\Users\Hp\Desktop\Adobe Photoshop CS2 (9.0) Fr\Crack et Keygen"
Task: {C7DEFE77-2531-4685-8F43-0C905EFE9F28} - \e36e30f5-7407-4d30-bac2-b72fa93c846c-5 -> No file <==== WARNING
Task: {CE1C8C94-3872-4693-B38E-7657335119F7} - System32\Tasks\{83B1698C-982F-4B31-8642-58BA39A21BE5} => pcalua.exe -a C:\Users\Hp\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=cmi
Task: {CE3CBA24-02A6-4AA7-80A6-DCD1C39AB914} - \AutoKMS -> No file <==== WARNING
0