Page non desiré
Fermé
sharkytiburon
Messages postés
179
Date d'inscription
samedi 6 octobre 2007
Statut
Membre
Dernière intervention
18 février 2017
-
2 mars 2015 à 20:05
sharkytiburon Messages postés 179 Date d'inscription samedi 6 octobre 2007 Statut Membre Dernière intervention 18 février 2017 - 27 mars 2015 à 18:58
sharkytiburon Messages postés 179 Date d'inscription samedi 6 octobre 2007 Statut Membre Dernière intervention 18 février 2017 - 27 mars 2015 à 18:58
A voir également:
- Default coobgpohoikkiipiblmjeljniedjpjpf
- Supprimer une page word - Guide
- Traduire une page - Guide
- Word numéro de page 1/2 - Guide
- Mettre google en page d'accueil - Guide
- Créer une page facebook - Guide
6 réponses
¡El Desaparecido!
Messages postés
1519
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
195
2 mars 2015 à 21:26
2 mars 2015 à 21:26
Hello ,
Tu as installé des adwares et des logiciels indésirables sur ton PC (Certainement à ton insu).
Pour comprendre, je t'invite à lire ce sujet : http://www.sosvirus.net/topic82172.html
# Télécharge ZHPCleaner de Nicolas Coolman sur ton bureau.
(Désactive ton antivirus le temps du téléchargement et de l'utilisation.
Aide : http://www.sosvirus.net/tutoriel-desactiver-protection-residentiel-t586.html )
# Ferme ton navigateur
# Fais un double clique sur l'icône pour le lancer
-> Note: Clique droit sur l'icône puis Exécuter en tant qu'administrateur sous Windows Vista, Seven et Windows 8
# Accepte "les conditions d'utilisation"
# Clique sur Réparer
->Note: Durant le scan, si l'outil te demande "Avez-vous installé ce proxy ?" et que tu n'en as pas installé, clique sur "Non" ou "Voulez-vous remplacer la page d'accueil ?, clique sur "Non"
# Copie le contenu du rapport ZHPCleaner.txt présent sur ton bureau sur Paste And Furious puis transmet le lien généré dans ta prochaine réponse.
-> Tuto Paste And Furious : http://www.sosvirus.net/tutoriel-paste-and-furious-t104985.html
#######
Ensuite nous allons faire un diagnostique
# Télécharge FRST (de Farbar) sur ton bureau !
# Ferme toutes les applications en cours !
# Lance FRST, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
# Coche la case Addition.txt
# Clique sur Scan
# Une fois le scan terminé rends toi sur le bureau, deux rapports FRST.txt et Addition.txt ont été créés.
# Héberge les rapports FRST.txt et Addition.txt sur SosUpload, puis copie/colle les liens générés dans ta prochaine réponse
Tu as installé des adwares et des logiciels indésirables sur ton PC (Certainement à ton insu).
Pour comprendre, je t'invite à lire ce sujet : http://www.sosvirus.net/topic82172.html
# Télécharge ZHPCleaner de Nicolas Coolman sur ton bureau.
(Désactive ton antivirus le temps du téléchargement et de l'utilisation.
Aide : http://www.sosvirus.net/tutoriel-desactiver-protection-residentiel-t586.html )
# Ferme ton navigateur
# Fais un double clique sur l'icône pour le lancer
-> Note: Clique droit sur l'icône puis Exécuter en tant qu'administrateur sous Windows Vista, Seven et Windows 8
# Accepte "les conditions d'utilisation"
# Clique sur Réparer
->Note: Durant le scan, si l'outil te demande "Avez-vous installé ce proxy ?" et que tu n'en as pas installé, clique sur "Non" ou "Voulez-vous remplacer la page d'accueil ?, clique sur "Non"
# Copie le contenu du rapport ZHPCleaner.txt présent sur ton bureau sur Paste And Furious puis transmet le lien généré dans ta prochaine réponse.
-> Tuto Paste And Furious : http://www.sosvirus.net/tutoriel-paste-and-furious-t104985.html
#######
Ensuite nous allons faire un diagnostique
# Télécharge FRST (de Farbar) sur ton bureau !
# Ferme toutes les applications en cours !
# Lance FRST, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
# Coche la case Addition.txt
# Clique sur Scan
# Une fois le scan terminé rends toi sur le bureau, deux rapports FRST.txt et Addition.txt ont été créés.
# Héberge les rapports FRST.txt et Addition.txt sur SosUpload, puis copie/colle les liens générés dans ta prochaine réponse
¡El Desaparecido!
Messages postés
1519
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
195
2 mars 2015 à 22:43
2 mars 2015 à 22:43
Il manque addition.txt :(
sharkytiburon
Messages postés
179
Date d'inscription
samedi 6 octobre 2007
Statut
Membre
Dernière intervention
18 février 2017
2 mars 2015 à 23:08
2 mars 2015 à 23:08
il me dit que jai dejas poster le addition
¡El Desaparecido!
Messages postés
1519
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
195
2 mars 2015 à 23:16
2 mars 2015 à 23:16
Alors on va le croire ..
# Appuies simultanément sur les touches Windows et R
# Une fenêtre va s'ouvrir, tape ceci : notepad
# Clic sur OK
# Note : Le bloc note va s'ouvrir
# Copie les lignes suivantes :
# Retourne dans le bloc note puis colle les lignes copiées.
# Clic sur Fichier, puis Enregistrer sous ... , nomme le fixlist.txt et enregistre le sur ton bureau
# Rends toi sur le bureau, Lance FRST, [u]exécuter en tant qu'administrateur/u sous Windows : 7/8 et Vista
# Clic sur Fix
# Note : Patiente le temps de la suppression
# Une fois le scan terminé rends toi sur le bureau, un rapport Fixlog.txt a été créé.
# Héberge les rapports Fixlog.txt sur SosUpload, puis copie/colle le lien généré dans ta prochaine réponse
########
# Télécharge MalwareBytes
# Procède à l'installation de celui çi (Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware Premium")
# Clic sur Mettre à jour (à droite, au centre)
# Clic sur Examen (en haut)
# Sélectionne Examen "Menaces"
# Clic sur Examiner maintenant
# A la fin du scan clic sur Tout mettre en quarantaine !
# Clic sur Copier dans le Presse-papiers
# Un rapport va s'ouvrir. Copie/Colle son contenue dans ta prochaine réponse.
# Appuies simultanément sur les touches Windows et R
# Une fenêtre va s'ouvrir, tape ceci : notepad
# Clic sur OK
# Note : Le bloc note va s'ouvrir
# Copie les lignes suivantes :
start
Startup: C:\Users\theviny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac00897559.lnk
ShortcutTarget: ac00897559.lnk -> C:\ProgramData\{b006fcde-a0e7-178b-b006-6fcdea0ef37a}\ac00897559.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\{b006fcde-a0e7-178b-b006-6fcdea0ef37a}
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
CHR HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
C:\Users\theviny\AppData\Local\Temp\1_flashplayer.exe
C:\Users\theviny\AppData\Local\Temp\4556220864352242396.exe
C:\Users\theviny\AppData\Local\Temp\htmlayout.dll
C:\Users\theviny\AppData\Local\Temp\i4jdel0.exe
C:\Users\theviny\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\theviny\AppData\Local\Temp\spp_setpointp.exe
C:\Users\theviny\AppData\Local\Temp\SRLDetectionLibrary2672178763366979285.dll
C:\Users\theviny\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\theviny\AppData\Local\Temp\System.Data.SQLitec5966c9f-60b1-4d71-9562-4ad676f320f9.dll
C:\Users\theviny\AppData\Local\Temp\t5x0tpzl.dll
C:\Users\theviny\AppData\Local\Temp\tmd_34012903.exe
C:\Users\theviny\AppData\Local\Temp\tmd_34016227.exe
C:\Users\theviny\AppData\Local\Temp\uninstall445552671.exe
end
# Retourne dans le bloc note puis colle les lignes copiées.
# Clic sur Fichier, puis Enregistrer sous ... , nomme le fixlist.txt et enregistre le sur ton bureau
# Rends toi sur le bureau, Lance FRST, [u]exécuter en tant qu'administrateur/u sous Windows : 7/8 et Vista
# Clic sur Fix
# Note : Patiente le temps de la suppression
# Une fois le scan terminé rends toi sur le bureau, un rapport Fixlog.txt a été créé.
# Héberge les rapports Fixlog.txt sur SosUpload, puis copie/colle le lien généré dans ta prochaine réponse
########
# Télécharge MalwareBytes
# Procède à l'installation de celui çi (Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware Premium")
# Clic sur Mettre à jour (à droite, au centre)
# Clic sur Examen (en haut)
# Sélectionne Examen "Menaces"
# Clic sur Examiner maintenant
# A la fin du scan clic sur Tout mettre en quarantaine !
# Clic sur Copier dans le Presse-papiers
# Un rapport va s'ouvrir. Copie/Colle son contenue dans ta prochaine réponse.
sharkytiburon
Messages postés
179
Date d'inscription
samedi 6 octobre 2007
Statut
Membre
Dernière intervention
18 février 2017
3 mars 2015 à 00:14
3 mars 2015 à 00:14
http://upload.sosvirus.net/download/w1uu9ahrjdtwmj7q5plqu7ytcfjg0zbsr2q3oyki
sharkytiburon
Messages postés
179
Date d'inscription
samedi 6 octobre 2007
Statut
Membre
Dernière intervention
18 février 2017
3 mars 2015 à 01:41
3 mars 2015 à 01:41
je croit avoir trouver il y avait une extention qui c'etais installer ds mon chrome ,"adbloker manegement" je les d'insinstaller et sa semble regler
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
¡El Desaparecido!
Messages postés
1519
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
195
Modifié par ¡El Desaparecido! le 3/03/2015 à 06:59
Modifié par ¡El Desaparecido! le 3/03/2015 à 06:59
Good news :)
Pour supprimer les outils de désinfections utilisés :
Télécharges DelFix par Xplode sur ton Bureau.
Lance DelFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
Coche les cases suivantes :
Supprimer les outils de désinfection
Purger la restauration système
Passe en résolue alors, Bonne semaine :)
Développeur : UsbFix ## Webmaster : SosVirus
Pour supprimer les outils de désinfections utilisés :
Télécharges DelFix par Xplode sur ton Bureau.
Lance DelFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
Coche les cases suivantes :
Supprimer les outils de désinfection
Purger la restauration système
Passe en résolue alors, Bonne semaine :)
Développeur : UsbFix ## Webmaster : SosVirus
sharkytiburon
Messages postés
179
Date d'inscription
samedi 6 octobre 2007
Statut
Membre
Dernière intervention
18 février 2017
27 mars 2015 à 18:36
27 mars 2015 à 18:36
je doit redemander de l'aide ,le probleme est revenus
sharkytiburon
Messages postés
179
Date d'inscription
samedi 6 octobre 2007
Statut
Membre
Dernière intervention
18 février 2017
27 mars 2015 à 18:58
27 mars 2015 à 18:58
quand je clic sur un onglet de mon drive je suis diriger sur une page unitspybookset
2 mars 2015 à 21:49
~ Run by theviny (Administrator) (02/03/2015 15:31:16)
~ Forum : https://nicolascoolman.eu
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\theviny\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\theviny\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit (Build 9600)
---\\ Services (0)
~ No malicious items found.
---\\ Browser internet (0)
~ No malicious items found.
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious items found.
---\\ Explorer ( File, Folder) (15)
MOVED folder: C:\Users\theviny\AppData\Local\Temp\APN-Stub\Unknown (Toolbar.Ask)
MOVED folder: C:\Users\theviny\AppData\Local\Temp\APN-Stub (Toolbar.Ask)
MOVED file: C:\WINDOWS\Prefetch\SOFTONICDOWNLOADER_FOR_MP3-TO-E8E97AFD.pf [ - ] (PUP.Softonic)
MOVED file: C:\WINDOWS\Prefetch\SPIGOTANDROIDOFFER.EXE-7F1617B4.pf [ - ] (PUP.Dealio)
MOVED file: C:\Users\theviny\Downloads\dffsetup-physx3common_x86.exe [Dll-Files.com - Dll-Files Fixer] (PUP.DllFilesFixer)
MOVED file: C:\Users\theviny\AppData\Local\Temp\uninstall445552656.exe - ExpressFiles Application (Adware.ExpressFiles)
MOVED file*: C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage [ - ] (PUP.ReMarkIt)
MOVED file*: C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal [ - ] (PUP.ReMarkIt)
MOVED file*: C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_internethobbies.commerce-search.net_0.localstorage [ - ] (Hijacker.u-Search)
MOVED file*: C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_internethobbies.commerce-search.net_0.localstorage-journal [ - ] (Hijacker.u-Search)
MOVED file*: C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage [ - ] (PUP.ReMarkIt)
MOVED file*: C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal [ - ] (PUP.ReMarkIt)
MOVED file*: C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.speedtest.net_0.localstorage [ - ] (Adware.ScriptHost)
MOVED file*: C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.speedtest.net_0.localstorage-journal [ - ] (Adware.ScriptHost)
MOVED file: C:\Users\theviny\AppData\Roaming\appdataFr3.bin [ - ] (PUP.Optional)
---\\ Registry ( Key, Value, Data) (3)
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4460DFE56A4DA220503DD885D501433D ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.Vosteran)
DELETED key*: HKLM\SOFTWARE\Wow6432Node\75016f83-3ab3-2806-c921-78802eef3e10 [] (PUP.CrossRider)
DELETED key*: HKEY_USERS\S-1-5-21-3319739762-1908143936-2268935211-1001\Software\Smartbar [] (PUP.QuickShare)
---\\ Result of repair
~ Repair carried out successfully
2 mars 2015 à 22:30
Ran by theviny (administrator) on LABRECQUE on 02-03-2015 16:28:29
Running from C:\Users\theviny\Desktop
Loaded Profiles: theviny (Available profiles: theviny & Guest)
Platform: Windows 8.1 (X64) OS Language: Anglais (États-Unis)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\ProgramData\{b006fcde-a0e7-178b-b006-6fcdea0ef37a}\ac00897559.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\Google\Drive\nativeproxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-28] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE [77892 2005-11-30] (Corel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [736768 2014-05-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [SkyDrive] => C:\Users\theviny\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [Animated Wallpaper] => C:\Users\theviny\Desktop\tct-plage-palmiers.exe
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5127304 2014-11-20] (Plex, Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\theviny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac00897559.lnk
ShortcutTarget: ac00897559.lnk -> C:\ProgramData\{b006fcde-a0e7-178b-b006-6fcdea0ef37a}\ac00897559.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3319739762-1908143936-2268935211-1001 -> {11F630E7-691A-4F73-86EF-0E7D193F7F99} URL = https://www.bing.com/?scope=web&mkt=fr-FR&FORM=WLETDF&pc=WLEM{searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3319739762-1908143936-2268935211-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/webhp?gws_rd=ssl{sear
SearchScopes: HKU\S-1-5-21-3319739762-1908143936-2268935211-1001 -> {F17881B4-2144-4E77-8EED-ADDC80092D5F} URL = https://ca.search.yahoo.com/web?fr=mcafee{SearchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: intu-ir2013 - {B275FD97-299B-40A2-BC39-B96DFA40E50D} - C:\Program Files (x86)\ImpotRapide 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-21]
FF HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-09-28]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://ca.my.msn.com/?lang=fr-ca
CHR StartupUrls: Default -> "hxxp://ca.my.msn.com/?lang=fr-ca"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-23]
CHR Extension: (Google Drive) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-22]
CHR Extension: (Recherche Google) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-23]
CHR Extension: (SiteAdvisor) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-16]
CHR Extension: (MSN Homepage) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2014-11-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Marc Ecko) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2014-03-09]
CHR Extension: (Gmail) - C:\Users\theviny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
CHR HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
CHR HKU\S-1-5-21-3319739762-1908143936-2268935211-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-08-21] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 156c2b3d; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\RelayDefender\RelayDefender.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-02] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-08-21] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [204568 2013-10-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-02 16:28 - 2015-03-02 16:29 - 00024014 _____ () C:\Users\theviny\Desktop\FRST.txt
2015-03-02 16:27 - 2015-03-02 16:28 - 00000000 ____D () C:\FRST
2015-03-02 16:18 - 2015-03-02 16:18 - 02131456 _____ (Farbar) C:\Users\theviny\Desktop\FRST64.exe
2015-03-02 15:44 - 2015-03-02 15:44 - 00003608 _____ () C:\Users\theviny\Desktop\ZHPCleaner.txt
2015-03-02 15:31 - 2015-03-02 15:44 - 00000000 ____D () C:\Users\theviny\AppData\Roaming\ZHP
2015-03-02 15:31 - 2015-03-02 15:31 - 00000879 _____ () C:\Users\theviny\Desktop\ZHPCleaner.lnk
2015-03-02 15:30 - 2015-03-02 15:30 - 01735680 _____ () C:\Users\theviny\Desktop\ZHPCleaner.exe
2015-03-02 15:04 - 2015-03-02 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-02 14:13 - 2015-03-02 14:13 - 02126848 _____ () C:\Users\theviny\Desktop\adwcleaner_4.111.exe
2015-02-26 05:10 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-26 05:10 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-26 05:10 - 2014-10-28 20:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-26 05:10 - 2014-10-28 20:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-26 05:10 - 2014-10-28 20:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-26 05:10 - 2014-10-28 20:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 12:49 - 2015-02-24 12:50 - 00173291 _____ () C:\Users\theviny\Desktop\Triche.rar
2015-02-12 11:23 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 11:23 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 12:19 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 12:19 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 12:19 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 12:19 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 12:19 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 12:19 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 12:19 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 12:19 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 12:19 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 12:19 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 12:19 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 12:19 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 12:19 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 12:19 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 12:19 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 12:19 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 12:19 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 12:19 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 12:19 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 12:19 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 12:19 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 12:19 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 12:19 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 12:19 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 12:19 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 12:19 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 12:19 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 12:19 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 12:19 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 12:19 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 12:19 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 12:19 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 12:19 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 12:19 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 12:19 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 12:19 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 12:19 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 12:19 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 12:19 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 12:19 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 12:19 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 12:19 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 12:19 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 12:18 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 12:18 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 12:18 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 12:18 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 12:18 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 12:18 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 12:18 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 12:18 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 12:18 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 12:18 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 12:18 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 12:18 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 12:18 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 12:18 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 12:18 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 12:18 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 12:18 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 12:18 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 12:18 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 12:18 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 12:17 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 12:16 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-02 16:27 - 2013-11-17 15:28 - 01204938 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-02 16:16 - 2014-02-17 14:24 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-02 16:09 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-02 16:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 15:53 - 2013-08-21 15:30 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3319739762-1908143936-2268935211-1001
2015-03-02 15:31 - 2014-11-13 14:26 - 00001096 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cfff77ad36f622.job
2015-03-02 15:31 - 2013-08-21 15:45 - 00001096 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 15:01 - 2014-04-06 09:30 - 00000000 ___RD () C:\Users\theviny\Google Drive
2015-03-02 15:01 - 2013-12-11 08:26 - 00000000 ___DO () C:\Users\theviny\SkyDrive
2015-03-02 14:59 - 2013-08-21 15:45 - 00001092 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 14:55 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 14:54 - 2013-08-22 09:46 - 00337413 _____ () C:\WINDOWS\setupact.log
2015-03-02 14:54 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 14:52 - 2013-10-23 16:13 - 00000000 ____D () C:\AdwCleaner
2015-03-02 13:51 - 2015-01-30 10:27 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 13:26 - 2013-12-10 15:22 - 00003948 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{59B090BE-BDF5-4991-B9F9-9F619CC19A67}
2015-03-02 13:21 - 2013-11-17 15:15 - 00000000 ____D () C:\Users\theviny
2015-02-28 10:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-27 12:57 - 2014-08-09 08:59 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-27 12:56 - 2013-09-07 07:25 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-26 16:07 - 2013-08-21 19:29 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-26 16:06 - 2013-09-29 22:55 - 00074510 _____ () C:\WINDOWS\PFRO.log
2015-02-26 13:42 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-26 13:03 - 2015-01-28 08:59 - 00000000 ____D () C:\ProgramData\{b006fcde-a0e7-178b-b006-6fcdea0ef37a}
2015-02-20 11:35 - 2013-10-12 17:10 - 00000000 ____D () C:\Users\theviny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-20 11:35 - 2013-10-12 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-20 11:35 - 2013-10-12 17:08 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-19 05:40 - 2014-05-10 16:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 05:40 - 2014-05-10 16:47 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 05:39 - 2014-05-10 16:47 - 00003556 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-02-19 05:39 - 2014-05-10 16:47 - 00001904 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-02-19 05:39 - 2014-05-10 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 05:39 - 2014-05-10 16:47 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-14 10:02 - 2013-08-31 07:18 - 00000000 ____D () C:\Users\theviny\AppData\Roaming\Azureus
2015-02-13 10:51 - 2013-12-28 20:57 - 00004608 _____ () C:\Users\theviny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 12:20 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 08:53 - 2013-08-22 09:44 - 00356688 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 12:51 - 2013-08-22 15:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 12:46 - 2013-08-22 15:37 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 12:19 - 2013-08-21 15:24 - 00000000 ____D () C:\Users\theviny\AppData\Local\Packages
2015-02-05 09:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-05 03:16 - 2014-02-17 14:24 - 00003890 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 15:39 - 2013-09-29 23:04 - 02017320 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-01 15:39 - 2013-08-21 15:37 - 00962062 _____ () C:\WINDOWS\system32\perfh00C.dat
2015-02-01 15:39 - 2013-08-21 15:37 - 00195600 _____ () C:\WINDOWS\system32\perfc00C.dat
2015-01-31 19:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
==================== Files in the root of some directories =======
2014-12-27 20:09 - 2014-12-27 20:09 - 0000000 ____H () C:\Users\theviny\AppData\Local\BIT6DE4.tmp
2013-12-28 20:57 - 2015-02-13 10:51 - 0004608 _____ () C:\Users\theviny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-11 20:17 - 2014-02-11 20:17 - 0000000 ___SH () C:\Users\theviny\AppData\Local\LumaEmu
2014-09-20 07:58 - 2014-09-20 07:58 - 0000017 _____ () C:\Users\theviny\AppData\Local\resmon.resmoncfg
2014-12-27 19:58 - 2014-12-27 20:19 - 0000000 _____ () C:\Users\theviny\AppData\Local\{C26A1E2F-1B38-4E8A-A9DF-6D1CA647A15E}
Some content of TEMP:
====================
C:\Users\theviny\AppData\Local\Temp\1_flashplayer.exe
C:\Users\theviny\AppData\Local\Temp\4556220864352242396.exe
C:\Users\theviny\AppData\Local\Temp\htmlayout.dll
C:\Users\theviny\AppData\Local\Temp\i4jdel0.exe
C:\Users\theviny\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\theviny\AppData\Local\Temp\Quarantine.exe
C:\Users\theviny\AppData\Local\Temp\spp_setpointp.exe
C:\Users\theviny\AppData\Local\Temp\sqlite3.dll
C:\Users\theviny\AppData\Local\Temp\SRLDetectionLibrary2672178763366979285.dll
C:\Users\theviny\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\theviny\AppData\Local\Temp\System.Data.SQLitec5966c9f-60b1-4d71-9562-4ad676f320f9.dll
C:\Users\theviny\AppData\Local\Temp\t5x0tpzl.dll
C:\Users\theviny\AppData\Local\Temp\tmd_34012903.exe
C:\Users\theviny\AppData\Local\Temp\tmd_34016227.exe
C:\Users\theviny\AppData\Local\Temp\uninstall445552671.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-02 16:13
==================== End Of Log ============================