Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC problem , adw malware


  • This topic is locked This topic is locked
5 replies to this topic

#1 gabrielll

gabrielll

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 02 December 2014 - 06:17 AM

Hello ! 

My pc is verrry slow and every time i try to go online with chrome for ex , i  have alot of pages who open , some of them with sound some not and some trying to download things directly .. 

I try almost everything .. malwarebites , hitman , adw cleaner , spyhunter , jrt and i even try with restore sistem .. i even reinstal the chrome .. 

Now i saw a member here who was telling to someone about FRST64 and i want to try it 

I instal FRST64 and i have done like this :

 

 

 

I download the   FRST64

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
After i type the following in the edit box after "Search:".

 

rpcss.dll

I got replay this : 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014

Ran by moi (administrator) on SAMSUNG on 02-12-2014 11:05:18
Running from C:\Users\moi\Desktop
Loaded Profile: moi (Available profiles: moi)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [1986048 2012-08-27] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\MountPoints2: {fc9e240e-bdc0-11e3-8054-50b7c348176c} - "E:\HTC_Sync_Manager_PC.exe" 
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {C1C553CA-F960-45C7-A40F-724182852F6C} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 109.88.203.3 62.197.111.140
 
FireFox:
========
FF ProfilePath: C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\hhqugsj8.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\moi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin64 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
FF HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1416562441&from=amt&uid=HitachiXHTS547550A9E384_J1120021CZJVDBCZJVDBX
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoogleÃÂ Drive) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Recherche Google) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (GoogleÃÂ Wallet) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Gmail) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-07-14] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-02] ()
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-01] (Elex do Brasil Participações Ltda)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:05 - 2014-12-02 11:05 - 00014349 _____ () C:\Users\moi\Desktop\FRST.txt
2014-12-02 11:04 - 2014-12-02 11:05 - 00000000 ____D () C:\FRST
2014-12-02 11:03 - 2014-12-02 11:03 - 02117120 _____ (Farbar) C:\Users\moi\Desktop\FRST64.exe
2014-12-02 10:21 - 2014-12-02 10:21 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-02 10:21 - 2014-12-02 10:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-02 10:20 - 2014-12-02 10:20 - 00000000 ___RD () C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-02 10:18 - 2014-12-02 10:18 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-12-02 10:16 - 2014-12-02 10:16 - 00002412 _____ () C:\WINDOWS\system32\.crusader
2014-12-02 09:12 - 2014-11-20 21:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-02 09:12 - 2014-11-20 21:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 09:10 - 2014-12-02 09:10 - 00000346 _____ () C:\WINDOWS\PFRO.log
2014-12-02 09:03 - 2014-12-02 09:04 - 162298320 _____ () C:\Users\moi\Desktop\EmsisoftEmergencyKit.exe
2014-12-02 08:46 - 2014-12-02 08:46 - 02154496 _____ () C:\Users\moi\Desktop\adwcleaner_4.103.exe
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Elex-tech
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-12-02 08:15 - 2014-12-01 08:30 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-12-02 08:15 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2014-12-02 08:11 - 2014-12-02 08:12 - 00773824 _____ (Elex do Brasil Participações Ltda) C:\Users\moi\Desktop\yet_another_cleaner_sk_810414.exe
2014-11-27 13:42 - 2014-11-27 13:42 - 00000000 ____D () C:\Users\moi\AppData\Local\Windows Live
2014-11-27 09:03 - 2014-11-27 09:03 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-27 08:36 - 2014-11-27 09:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-26 22:06 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-26 22:06 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-26 22:06 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-26 22:06 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-26 22:06 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-26 22:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-26 22:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-26 22:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-26 22:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-26 22:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-26 22:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-26 22:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-26 22:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-26 22:06 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-26 22:06 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-26 22:06 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-26 22:06 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-26 22:06 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-26 22:05 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-26 22:05 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-26 22:05 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-26 22:05 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-26 22:05 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-26 22:05 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-26 22:05 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-26 22:05 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-26 22:05 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-26 22:05 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-26 22:05 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-26 22:05 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-26 22:05 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-26 22:05 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-26 22:05 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-26 22:04 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-26 22:04 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-26 22:04 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-26 22:04 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-26 22:04 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-26 22:04 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-26 22:04 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-26 22:04 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-26 22:04 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-26 22:04 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-26 22:00 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-26 22:00 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-26 21:58 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-26 21:58 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-26 21:58 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-26 21:58 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-26 21:58 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-26 21:58 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-26 21:58 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-26 21:58 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-26 21:58 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-26 21:58 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-26 21:58 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-26 21:58 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-26 21:58 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-26 21:57 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-26 21:57 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-26 21:57 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-26 21:57 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-26 21:57 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-26 21:57 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-26 21:57 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-26 21:57 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-26 21:57 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-26 21:57 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-26 21:57 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-26 21:57 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-26 21:57 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-26 21:57 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-26 21:57 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-26 21:57 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-26 21:57 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-26 21:57 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-26 21:57 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-26 21:57 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-26 21:57 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-26 21:57 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-26 21:57 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-26 21:57 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-26 21:57 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-26 21:57 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-26 21:57 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-26 21:57 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-26 21:57 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-26 21:57 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-26 21:56 - 2014-12-02 11:01 - 00001092 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 21:56 - 2014-12-02 10:19 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 21:56 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-26 21:56 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-26 21:41 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-26 21:41 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-26 21:41 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-26 21:41 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-26 21:38 - 2014-11-26 21:38 - 02148864 _____ () C:\Users\moi\Downloads\adwcleaner_4.102.exe
2014-11-26 21:27 - 2014-11-26 21:27 - 00003124 _____ () C:\WINDOWS\System32\Tasks\{D58DA426-C499-4C8E-87DF-6A456DF39D20}
2014-11-26 10:52 - 2014-11-26 10:52 - 00000000 ____D () C:\sh4ldr
2014-11-26 10:51 - 2014-11-26 10:52 - 00000000 ____D () C:\WINDOWS\46B04D534E344388B6EE80FAB66AEF9B.TMP
2014-11-21 13:50 - 2014-11-26 21:04 - 00000000 ____D () C:\Users\moi\Downloads\Malwarebytes Anti-Malware Premium v2.0.2.1012 Multilingual
2014-11-21 13:25 - 2014-12-02 10:59 - 01432765 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 11:25 - 2014-11-21 11:25 - 00000000 _____ () C:\autoexec.bat
2014-11-21 11:24 - 2014-11-21 11:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-18 15:16 - 2014-11-18 15:16 - 00000000 ____D () C:\Users\moi\AppData\Local\Macromedia
2014-11-14 15:08 - 2014-11-14 15:08 - 00000000 ____D () C:\Users\moi\AppData\Local\Sparta
2014-11-14 15:01 - 2014-11-14 15:01 - 00000000 __SHD () C:\Users\moi\AppData\Local\EmieBrowserModeList
2014-11-14 11:30 - 2014-11-14 14:18 - 00000000 ____D () C:\Users\moi\Documents\Fiddler2
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\TuneUp Software
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Local\TuneUp Software
2014-11-12 09:00 - 2014-11-26 21:05 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-12 09:00 - 2014-11-12 09:03 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-02 16:15 - 2014-11-20 18:21 - 00000000 ____D () C:\Users\moi\Desktop\Facturi
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-02 10:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-02 10:35 - 2013-01-26 17:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1596478717-3378438385-2532408222-1001
2014-12-02 10:23 - 2013-11-14 08:32 - 01824010 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-02 10:23 - 2013-11-14 08:13 - 00812350 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-12-02 10:23 - 2013-11-14 08:13 - 00159412 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-12-02 10:22 - 2012-09-01 01:32 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-02 10:19 - 2014-09-14 11:29 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 10:19 - 2014-04-18 09:08 - 00000000 ___RD () C:\Users\moi\OneDrive
2014-12-02 10:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-02 09:18 - 2014-07-14 10:57 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2014-12-02 09:10 - 2013-08-22 15:44 - 00484168 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-02 09:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-02 09:08 - 2014-09-09 15:13 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Skype
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-02 08:35 - 2012-09-01 01:39 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-02 08:35 - 2012-09-01 01:37 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 08:35 - 2012-09-01 00:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 08:31 - 2012-09-01 01:37 - 00000000 ____D () C:\ProgramData\Temp
2014-12-02 08:00 - 2014-09-09 15:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-02 07:59 - 2014-04-03 19:18 - 00003924 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10153A6F-6D25-4D18-9F06-621328672644}
2014-12-01 21:49 - 2013-02-15 21:44 - 00000936 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job
2014-12-01 21:49 - 2013-02-15 21:44 - 00000914 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job
2014-12-01 19:55 - 2014-09-11 22:06 - 00000000 ____D () C:\Users\moi\Desktop\Nouveau dossier
2014-11-28 09:08 - 2013-01-26 19:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-28 07:16 - 2014-07-10 22:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-27 18:04 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-27 17:52 - 2013-10-27 07:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-27 17:47 - 2013-01-26 19:08 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-27 13:09 - 2014-04-01 08:38 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 21:56 - 2014-04-01 08:38 - 00004064 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-26 21:56 - 2014-04-01 08:38 - 00003828 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-26 21:49 - 2014-09-14 10:46 - 00000000 ____D () C:\AdwCleaner
2014-11-26 21:28 - 2014-09-14 14:35 - 00000000 ____D () C:\Users\moi\AppData\Local\Unity
2014-11-26 21:15 - 2014-04-02 22:11 - 00000000 ____D () C:\Users\moi
2014-11-26 21:12 - 2014-07-07 11:46 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-09 15:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-26 21:07 - 2014-04-01 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-26 21:07 - 2014-01-30 21:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\BitTorrent
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\Users\moi\AppData\Roaming\DVDVideoSoft
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Roaming\VASCO
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Package Cache
2014-11-26 21:06 - 2014-07-07 11:48 - 00000000 ____D () C:\Users\moi\AppData\Roaming\ProductData
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-26 21:05 - 2014-11-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Extruplast
2014-11-26 21:05 - 2014-10-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-26 21:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-26 20:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-26 20:34 - 2013-01-26 19:18 - 00000000 __RHD () C:\MSOCache
2014-11-18 17:04 - 2014-09-24 12:57 - 00000000 ____D () C:\Users\moi\Documents\My Cheat Tables
2014-11-18 15:18 - 2013-01-26 23:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Adobe
2014-11-18 13:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-07 14:16 - 2014-04-02 23:00 - 00000000 ___DC () C:\WINDOWS\Panther
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
 
 
Some content of TEMP:
====================
C:\Users\moi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\moi\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-28 07:32
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:06:24
Running from C:\Users\moi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
BitTorrent (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube Download version 3.2.48.1015 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.48.1015 - DVDVideoSoft Ltd.)
Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Professionnel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OfertareExtruplast (HKLM-x32\...\OfertareExtruplast) (Version:  - S.C Extruplast SRL)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.2 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}) (Version: 3.2.3.2 - VASCO Data Security)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
 
==================== Restore Points  =========================
 
19-11-2014 21:32:20 Windows Update
21-11-2014 13:51:31 Removed Java 7 Update 25
26-11-2014 06:53:02 Windows Update
26-11-2014 19:30:12 Opération de restauration
02-12-2014 07:27:43 Removed E-POP
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {035AEAE9-128B-4C8E-8A45-ED3AD443EBA9} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {0ACDD911-2CE7-4F14-A252-D7D6BD3CEB8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {3204427E-42F8-4841-9FFC-4E105C859E89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {6CC1E963-9345-4B63-9AEB-706830242BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: {70A92A5C-B3AD-4A50-A754-14998C941C0E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {872DB252-E4A6-4D39-B918-AA9A20BA5E25} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {93612D72-2B4C-467A-B003-C493DB9BC32D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {9A84578D-72D7-4C4E-A23A-5754A4C5C1E5} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {B7D9BA1D-5FB7-43FB-8A58-59E51EE27418} - System32\Tasks\Driver Booster SkipUAC (Système) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B915B37C-67C6-4391-B1AE-75305C6733C4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {BE9C0DC1-F267-4956-B154-78339F69D136} - System32\Tasks\Driver Booster SkipUAC (moi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C4AB34B0-E825-4585-A50E-CA046E815F39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {D64F466B-F995-499F-9782-A28B8277A5D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {DF42FD9B-70BB-4810-A138-69C98344C256} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {E00D3523-E74F-4492-95D6-EB0A79160EC4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-26 10:48 - 2012-08-26 10:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-10 10:28 - 2012-08-10 10:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 10:23 - 2012-08-10 10:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\fr-FR\BtTray.fr-FR.dll
2012-08-24 10:10 - 2012-08-24 10:10 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-08-26 10:48 - 2012-08-26 10:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-09-01 01:40 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-27 13:09 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\moi\OneDrive:ms-properties
AlternateDataStreams: C:\Users\moi\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-1596478717-3378438385-2532408222-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1596478717-3378438385-2532408222-1003 - Limited - Enabled)
Invité (S-1-5-21-1596478717-3378438385-2532408222-501 - Limited - Enabled)
moi (S-1-5-21-1596478717-3378438385-2532408222-1001 - Administrator - Enabled) => C:\Users\moi
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamscheduler.exe, version : 3.0.2.0, horodatage : 0x5339cec3
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0x6b4
Heure de début de l’application défaillante : 0xmbamscheduler.exe0
Chemin d’accès de l’application défaillante : mbamscheduler.exe1
Chemin d’accès du module défaillant: mbamscheduler.exe2
ID de rapport : mbamscheduler.exe3
Nom complet du package défaillant : mbamscheduler.exe4
ID de l’application relative au package défaillant : mbamscheduler.exe5
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xb6c
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xc58
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17284, horodatage : 0x53f8130d
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x7456993d
ID du processus défaillant : 0x1db0
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Nom complet du package défaillant : explorer.exe4
ID de l’application relative au package défaillant : explorer.exe5
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante chrome.exe, version : 39.0.2171.71, horodatage : 0x547407a7
Nom du module défaillant : chrome.dll, version : 39.0.2171.71, horodatage : 0x547403b3
Code d’exception : 0x80000003
Décalage d’erreur : 0x004f2ce4
ID du processus défaillant : 0x1354
Heure de début de l’application défaillante : 0xchrome.exe0
Chemin d’accès de l’application défaillante : chrome.exe1
Chemin d’accès du module défaillant: chrome.exe2
ID de rapport : chrome.exe3
Nom complet du package défaillant : chrome.exe4
ID de l’application relative au package défaillant : chrome.exe5
 
 
System errors:
=============
Error: (12/02/2014 10:30:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.Reader.
 
Error: (12/02/2014 10:30:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.ZuneVideo.
 
Error: (12/02/2014 10:18:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Le service HitmanPro 3.7 Crusader (Boot) s’est arrêté avec l’erreur spécifique au service suivante : 
%%0
 
Error: (12/02/2014 10:18:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service AppEx Networks Accelerator LWF n’a pas pu démarrer en raison de l’erreur : 
%%31
 
Error: (12/02/2014 10:18:08 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (12/02/2014 10:16:48 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084WSearchNon disponible{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (12/02/2014 10:16:47 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084ShellHWDetectionNon disponible{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/02/2014 10:16:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: L’appel ScRegSetValueExW a échoué pour DeleteFlag avec l’erreur : 
%%5
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6b401d00e10eab2435bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll78d9dbc8-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccb6c01d00e1107a47b1eC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe561bb903-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccc5801d00e082283ad44C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe6493060a-79fb-11e4-809f-50b7c348176c
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f8130dunknown0.0.0.000000000c00000057456993d1db001d00e018d339ff7C:\WINDOWS\SysWOW64\explorer.exeunknowncc7a4160-79f4-11e4-809e-50b7c348176c
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7chrome.dll39.0.2171.71547403b380000003004f2ce4135401d00ce13a3d5423C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\chrome.dll37dc3460-7943-11e4-809e-50b7c348176c
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-02 08:32:23.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 08:32:19.393
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 03:36:35.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 03:36:33.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.388
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 39%
Total physical RAM: 5595.1 MB
Available physical RAM: 3394.63 MB
Total Pagefile: 6619.1 MB
Available Pagefile: 4886.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.95 GB) (Free:331.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:50:08
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.17031_none_5abc2e4b11b14f22\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.16384_none_5a893c0711d704b0\rpcss.dll
[2013-08-22 10:50][2014-04-18 06:48] 0172806 ____A () 2D13BAB0B28A50346143B983D1EAA0BC
 
C:\Windows\System32\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
====== End Of Search ======
 
 
 
 
 
 
 
AFTER I Type the following in the edit box after "Search:".
explorer.exe
 
I got answer this :
 
 
 
 
 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:59:43
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "explorer.exe" =============
 
C:\Windows\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc798c1821453a8\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_4d01a98581e82d4f\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0220250 ____A () 286928E00AD34E9F88EB5BFA52660A70
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0208662 ____A () C131BC6F12417306A9C8469CA49110B1
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe
[2014-04-16 22:51][2014-04-18 07:30] 0015546 ____A () 347EFF7EC89C3EB4F72F2408E1C4E16D
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013-11-14 08:37][2014-04-18 07:30] 0238918 ____A () 5177BB4FECDDB9CDBCF10EF65916968D
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272ee6f4db391ad\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_42acff334d876b54\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0270774 ____A () 2195687491E604BA42961470EDA7660E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0271249 ____A () 667BC926C7CB889BF276A5FEA316CAEE
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe
[2014-04-16 22:51][2014-04-18 06:55] 0169957 ____A () 6D919C26DCB567396CD2E119B8E4310E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013-11-14 08:37][2014-04-18 06:55] 0283735 ____A () FA98C5D746E7C9E0912E88AC44FF9926
 
C:\Windows\SysWOW64\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
====== End Of Search ======
 
 
 
 
Till here its good but i need farder ..i do not know what to do wich command to use ! 
the member who was doing this for someone elce he have done some sethings commands for that guy but they ware not good for me . 
Someone help me ..

 



BC AdBot (Login to Remove)

 


m

#2 gabrielll

gabrielll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 02 December 2014 - 06:17 AM

Hello ! 

My pc is verrry slow and every time i try to go online with chrome for ex , i  have alot of pages who open , some of them with sound some not and some trying to download things directly .. 

I try almost everything .. malwarebites , hitman , adw cleaner , spyhunter , jrt and i even try with restore sistem .. i even reinstal the chrome .. 

Now i saw a member here who was telling to someone about FRST64 and i want to try it 

I instal FRST64 and i have done like this :

 

 

 

I download the   FRST64

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
After i type the following in the edit box after "Search:".

 

rpcss.dll

I got replay this : 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014

Ran by moi (administrator) on SAMSUNG on 02-12-2014 11:05:18
Running from C:\Users\moi\Desktop
Loaded Profile: moi (Available profiles: moi)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [1986048 2012-08-27] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\MountPoints2: {fc9e240e-bdc0-11e3-8054-50b7c348176c} - "E:\HTC_Sync_Manager_PC.exe" 
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {C1C553CA-F960-45C7-A40F-724182852F6C} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 109.88.203.3 62.197.111.140
 
FireFox:
========
FF ProfilePath: C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\hhqugsj8.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\moi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin64 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
FF HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1416562441&from=amt&uid=HitachiXHTS547550A9E384_J1120021CZJVDBCZJVDBX
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoogleÃÂ Drive) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Recherche Google) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (GoogleÃÂ Wallet) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Gmail) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-07-14] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-02] ()
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-01] (Elex do Brasil Participações Ltda)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:05 - 2014-12-02 11:05 - 00014349 _____ () C:\Users\moi\Desktop\FRST.txt
2014-12-02 11:04 - 2014-12-02 11:05 - 00000000 ____D () C:\FRST
2014-12-02 11:03 - 2014-12-02 11:03 - 02117120 _____ (Farbar) C:\Users\moi\Desktop\FRST64.exe
2014-12-02 10:21 - 2014-12-02 10:21 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-02 10:21 - 2014-12-02 10:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-02 10:20 - 2014-12-02 10:20 - 00000000 ___RD () C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-02 10:18 - 2014-12-02 10:18 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-12-02 10:16 - 2014-12-02 10:16 - 00002412 _____ () C:\WINDOWS\system32\.crusader
2014-12-02 09:12 - 2014-11-20 21:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-02 09:12 - 2014-11-20 21:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 09:10 - 2014-12-02 09:10 - 00000346 _____ () C:\WINDOWS\PFRO.log
2014-12-02 09:03 - 2014-12-02 09:04 - 162298320 _____ () C:\Users\moi\Desktop\EmsisoftEmergencyKit.exe
2014-12-02 08:46 - 2014-12-02 08:46 - 02154496 _____ () C:\Users\moi\Desktop\adwcleaner_4.103.exe
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Elex-tech
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-12-02 08:15 - 2014-12-01 08:30 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-12-02 08:15 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2014-12-02 08:11 - 2014-12-02 08:12 - 00773824 _____ (Elex do Brasil Participações Ltda) C:\Users\moi\Desktop\yet_another_cleaner_sk_810414.exe
2014-11-27 13:42 - 2014-11-27 13:42 - 00000000 ____D () C:\Users\moi\AppData\Local\Windows Live
2014-11-27 09:03 - 2014-11-27 09:03 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-27 08:36 - 2014-11-27 09:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-26 22:06 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-26 22:06 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-26 22:06 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-26 22:06 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-26 22:06 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-26 22:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-26 22:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-26 22:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-26 22:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-26 22:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-26 22:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-26 22:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-26 22:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-26 22:06 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-26 22:06 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-26 22:06 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-26 22:06 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-26 22:06 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-26 22:05 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-26 22:05 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-26 22:05 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-26 22:05 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-26 22:05 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-26 22:05 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-26 22:05 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-26 22:05 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-26 22:05 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-26 22:05 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-26 22:05 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-26 22:05 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-26 22:05 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-26 22:05 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-26 22:05 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-26 22:04 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-26 22:04 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-26 22:04 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-26 22:04 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-26 22:04 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-26 22:04 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-26 22:04 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-26 22:04 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-26 22:04 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-26 22:04 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-26 22:00 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-26 22:00 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-26 21:58 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-26 21:58 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-26 21:58 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-26 21:58 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-26 21:58 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-26 21:58 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-26 21:58 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-26 21:58 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-26 21:58 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-26 21:58 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-26 21:58 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-26 21:58 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-26 21:58 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-26 21:57 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-26 21:57 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-26 21:57 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-26 21:57 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-26 21:57 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-26 21:57 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-26 21:57 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-26 21:57 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-26 21:57 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-26 21:57 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-26 21:57 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-26 21:57 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-26 21:57 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-26 21:57 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-26 21:57 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-26 21:57 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-26 21:57 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-26 21:57 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-26 21:57 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-26 21:57 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-26 21:57 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-26 21:57 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-26 21:57 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-26 21:57 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-26 21:57 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-26 21:57 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-26 21:57 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-26 21:57 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-26 21:57 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-26 21:57 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-26 21:56 - 2014-12-02 11:01 - 00001092 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 21:56 - 2014-12-02 10:19 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 21:56 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-26 21:56 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-26 21:41 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-26 21:41 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-26 21:41 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-26 21:41 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-26 21:38 - 2014-11-26 21:38 - 02148864 _____ () C:\Users\moi\Downloads\adwcleaner_4.102.exe
2014-11-26 21:27 - 2014-11-26 21:27 - 00003124 _____ () C:\WINDOWS\System32\Tasks\{D58DA426-C499-4C8E-87DF-6A456DF39D20}
2014-11-26 10:52 - 2014-11-26 10:52 - 00000000 ____D () C:\sh4ldr
2014-11-26 10:51 - 2014-11-26 10:52 - 00000000 ____D () C:\WINDOWS\46B04D534E344388B6EE80FAB66AEF9B.TMP
2014-11-21 13:50 - 2014-11-26 21:04 - 00000000 ____D () C:\Users\moi\Downloads\Malwarebytes Anti-Malware Premium v2.0.2.1012 Multilingual
2014-11-21 13:25 - 2014-12-02 10:59 - 01432765 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 11:25 - 2014-11-21 11:25 - 00000000 _____ () C:\autoexec.bat
2014-11-21 11:24 - 2014-11-21 11:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-18 15:16 - 2014-11-18 15:16 - 00000000 ____D () C:\Users\moi\AppData\Local\Macromedia
2014-11-14 15:08 - 2014-11-14 15:08 - 00000000 ____D () C:\Users\moi\AppData\Local\Sparta
2014-11-14 15:01 - 2014-11-14 15:01 - 00000000 __SHD () C:\Users\moi\AppData\Local\EmieBrowserModeList
2014-11-14 11:30 - 2014-11-14 14:18 - 00000000 ____D () C:\Users\moi\Documents\Fiddler2
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\TuneUp Software
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Local\TuneUp Software
2014-11-12 09:00 - 2014-11-26 21:05 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-12 09:00 - 2014-11-12 09:03 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-02 16:15 - 2014-11-20 18:21 - 00000000 ____D () C:\Users\moi\Desktop\Facturi
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-02 10:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-02 10:35 - 2013-01-26 17:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1596478717-3378438385-2532408222-1001
2014-12-02 10:23 - 2013-11-14 08:32 - 01824010 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-02 10:23 - 2013-11-14 08:13 - 00812350 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-12-02 10:23 - 2013-11-14 08:13 - 00159412 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-12-02 10:22 - 2012-09-01 01:32 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-02 10:19 - 2014-09-14 11:29 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 10:19 - 2014-04-18 09:08 - 00000000 ___RD () C:\Users\moi\OneDrive
2014-12-02 10:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-02 09:18 - 2014-07-14 10:57 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2014-12-02 09:10 - 2013-08-22 15:44 - 00484168 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-02 09:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-02 09:08 - 2014-09-09 15:13 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Skype
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-02 08:35 - 2012-09-01 01:39 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-02 08:35 - 2012-09-01 01:37 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 08:35 - 2012-09-01 00:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 08:31 - 2012-09-01 01:37 - 00000000 ____D () C:\ProgramData\Temp
2014-12-02 08:00 - 2014-09-09 15:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-02 07:59 - 2014-04-03 19:18 - 00003924 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10153A6F-6D25-4D18-9F06-621328672644}
2014-12-01 21:49 - 2013-02-15 21:44 - 00000936 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job
2014-12-01 21:49 - 2013-02-15 21:44 - 00000914 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job
2014-12-01 19:55 - 2014-09-11 22:06 - 00000000 ____D () C:\Users\moi\Desktop\Nouveau dossier
2014-11-28 09:08 - 2013-01-26 19:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-28 07:16 - 2014-07-10 22:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-27 18:04 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-27 17:52 - 2013-10-27 07:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-27 17:47 - 2013-01-26 19:08 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-27 13:09 - 2014-04-01 08:38 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 21:56 - 2014-04-01 08:38 - 00004064 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-26 21:56 - 2014-04-01 08:38 - 00003828 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-26 21:49 - 2014-09-14 10:46 - 00000000 ____D () C:\AdwCleaner
2014-11-26 21:28 - 2014-09-14 14:35 - 00000000 ____D () C:\Users\moi\AppData\Local\Unity
2014-11-26 21:15 - 2014-04-02 22:11 - 00000000 ____D () C:\Users\moi
2014-11-26 21:12 - 2014-07-07 11:46 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-09 15:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-26 21:07 - 2014-04-01 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-26 21:07 - 2014-01-30 21:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\BitTorrent
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\Users\moi\AppData\Roaming\DVDVideoSoft
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Roaming\VASCO
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Package Cache
2014-11-26 21:06 - 2014-07-07 11:48 - 00000000 ____D () C:\Users\moi\AppData\Roaming\ProductData
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-26 21:05 - 2014-11-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Extruplast
2014-11-26 21:05 - 2014-10-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-26 21:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-26 20:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-26 20:34 - 2013-01-26 19:18 - 00000000 __RHD () C:\MSOCache
2014-11-18 17:04 - 2014-09-24 12:57 - 00000000 ____D () C:\Users\moi\Documents\My Cheat Tables
2014-11-18 15:18 - 2013-01-26 23:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Adobe
2014-11-18 13:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-07 14:16 - 2014-04-02 23:00 - 00000000 ___DC () C:\WINDOWS\Panther
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
 
 
Some content of TEMP:
====================
C:\Users\moi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\moi\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-28 07:32
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:06:24
Running from C:\Users\moi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
BitTorrent (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube Download version 3.2.48.1015 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.48.1015 - DVDVideoSoft Ltd.)
Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Professionnel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OfertareExtruplast (HKLM-x32\...\OfertareExtruplast) (Version:  - S.C Extruplast SRL)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.2 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}) (Version: 3.2.3.2 - VASCO Data Security)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
 
==================== Restore Points  =========================
 
19-11-2014 21:32:20 Windows Update
21-11-2014 13:51:31 Removed Java 7 Update 25
26-11-2014 06:53:02 Windows Update
26-11-2014 19:30:12 Opération de restauration
02-12-2014 07:27:43 Removed E-POP
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {035AEAE9-128B-4C8E-8A45-ED3AD443EBA9} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {0ACDD911-2CE7-4F14-A252-D7D6BD3CEB8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {3204427E-42F8-4841-9FFC-4E105C859E89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {6CC1E963-9345-4B63-9AEB-706830242BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: {70A92A5C-B3AD-4A50-A754-14998C941C0E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {872DB252-E4A6-4D39-B918-AA9A20BA5E25} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {93612D72-2B4C-467A-B003-C493DB9BC32D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {9A84578D-72D7-4C4E-A23A-5754A4C5C1E5} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {B7D9BA1D-5FB7-43FB-8A58-59E51EE27418} - System32\Tasks\Driver Booster SkipUAC (Système) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B915B37C-67C6-4391-B1AE-75305C6733C4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {BE9C0DC1-F267-4956-B154-78339F69D136} - System32\Tasks\Driver Booster SkipUAC (moi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C4AB34B0-E825-4585-A50E-CA046E815F39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {D64F466B-F995-499F-9782-A28B8277A5D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {DF42FD9B-70BB-4810-A138-69C98344C256} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {E00D3523-E74F-4492-95D6-EB0A79160EC4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-26 10:48 - 2012-08-26 10:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-10 10:28 - 2012-08-10 10:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 10:23 - 2012-08-10 10:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\fr-FR\BtTray.fr-FR.dll
2012-08-24 10:10 - 2012-08-24 10:10 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-08-26 10:48 - 2012-08-26 10:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-09-01 01:40 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-27 13:09 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\moi\OneDrive:ms-properties
AlternateDataStreams: C:\Users\moi\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-1596478717-3378438385-2532408222-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1596478717-3378438385-2532408222-1003 - Limited - Enabled)
Invité (S-1-5-21-1596478717-3378438385-2532408222-501 - Limited - Enabled)
moi (S-1-5-21-1596478717-3378438385-2532408222-1001 - Administrator - Enabled) => C:\Users\moi
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamscheduler.exe, version : 3.0.2.0, horodatage : 0x5339cec3
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0x6b4
Heure de début de l’application défaillante : 0xmbamscheduler.exe0
Chemin d’accès de l’application défaillante : mbamscheduler.exe1
Chemin d’accès du module défaillant: mbamscheduler.exe2
ID de rapport : mbamscheduler.exe3
Nom complet du package défaillant : mbamscheduler.exe4
ID de l’application relative au package défaillant : mbamscheduler.exe5
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xb6c
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xc58
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17284, horodatage : 0x53f8130d
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x7456993d
ID du processus défaillant : 0x1db0
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Nom complet du package défaillant : explorer.exe4
ID de l’application relative au package défaillant : explorer.exe5
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante chrome.exe, version : 39.0.2171.71, horodatage : 0x547407a7
Nom du module défaillant : chrome.dll, version : 39.0.2171.71, horodatage : 0x547403b3
Code d’exception : 0x80000003
Décalage d’erreur : 0x004f2ce4
ID du processus défaillant : 0x1354
Heure de début de l’application défaillante : 0xchrome.exe0
Chemin d’accès de l’application défaillante : chrome.exe1
Chemin d’accès du module défaillant: chrome.exe2
ID de rapport : chrome.exe3
Nom complet du package défaillant : chrome.exe4
ID de l’application relative au package défaillant : chrome.exe5
 
 
System errors:
=============
Error: (12/02/2014 10:30:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.Reader.
 
Error: (12/02/2014 10:30:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.ZuneVideo.
 
Error: (12/02/2014 10:18:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Le service HitmanPro 3.7 Crusader (Boot) s’est arrêté avec l’erreur spécifique au service suivante : 
%%0
 
Error: (12/02/2014 10:18:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service AppEx Networks Accelerator LWF n’a pas pu démarrer en raison de l’erreur : 
%%31
 
Error: (12/02/2014 10:18:08 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (12/02/2014 10:16:48 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084WSearchNon disponible{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (12/02/2014 10:16:47 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084ShellHWDetectionNon disponible{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/02/2014 10:16:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: L’appel ScRegSetValueExW a échoué pour DeleteFlag avec l’erreur : 
%%5
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6b401d00e10eab2435bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll78d9dbc8-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccb6c01d00e1107a47b1eC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe561bb903-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccc5801d00e082283ad44C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe6493060a-79fb-11e4-809f-50b7c348176c
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f8130dunknown0.0.0.000000000c00000057456993d1db001d00e018d339ff7C:\WINDOWS\SysWOW64\explorer.exeunknowncc7a4160-79f4-11e4-809e-50b7c348176c
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7chrome.dll39.0.2171.71547403b380000003004f2ce4135401d00ce13a3d5423C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\chrome.dll37dc3460-7943-11e4-809e-50b7c348176c
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-02 08:32:23.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 08:32:19.393
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 03:36:35.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 03:36:33.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.388
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 39%
Total physical RAM: 5595.1 MB
Available physical RAM: 3394.63 MB
Total Pagefile: 6619.1 MB
Available Pagefile: 4886.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.95 GB) (Free:331.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:50:08
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.17031_none_5abc2e4b11b14f22\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.16384_none_5a893c0711d704b0\rpcss.dll
[2013-08-22 10:50][2014-04-18 06:48] 0172806 ____A () 2D13BAB0B28A50346143B983D1EAA0BC
 
C:\Windows\System32\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
====== End Of Search ======
 
 
 
 
 
 
 
AFTER I Type the following in the edit box after "Search:".
explorer.exe
 
I got answer this :
 
 
 
 
 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:59:43
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "explorer.exe" =============
 
C:\Windows\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc798c1821453a8\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_4d01a98581e82d4f\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0220250 ____A () 286928E00AD34E9F88EB5BFA52660A70
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0208662 ____A () C131BC6F12417306A9C8469CA49110B1
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe
[2014-04-16 22:51][2014-04-18 07:30] 0015546 ____A () 347EFF7EC89C3EB4F72F2408E1C4E16D
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013-11-14 08:37][2014-04-18 07:30] 0238918 ____A () 5177BB4FECDDB9CDBCF10EF65916968D
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272ee6f4db391ad\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_42acff334d876b54\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0270774 ____A () 2195687491E604BA42961470EDA7660E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0271249 ____A () 667BC926C7CB889BF276A5FEA316CAEE
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe
[2014-04-16 22:51][2014-04-18 06:55] 0169957 ____A () 6D919C26DCB567396CD2E119B8E4310E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013-11-14 08:37][2014-04-18 06:55] 0283735 ____A () FA98C5D746E7C9E0912E88AC44FF9926
 
C:\Windows\SysWOW64\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
====== End Of Search ======
 
 
 
 
Till here its good but i need farder ..i do not know what to do wich command to use ! 
the member who was doing this for someone elce he have done some sethings commands for that guy but they ware not good for me . 
Someone help me ..

 



#3 gabrielll

gabrielll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 02 December 2014 - 06:19 AM

Hello ! 

My pc is verrry slow and every time i try to go online with chrome for ex , i  have alot of pages who open , some of them with sound some not and some trying to download things directly .. 

I try almost everything .. malwarebites , hitman , adw cleaner , spyhunter , jrt and i even try with restore sistem .. i even reinstal the chrome .. 

Now i saw a member here who was telling to someone about FRST64 and i want to try it 

I instal FRST64 and i have done like this :

 

 

 

I download the   FRST64

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
After i type the following in the edit box after "Search:".

 

rpcss.dll

I got replay this : 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014

Ran by moi (administrator) on SAMSUNG on 02-12-2014 11:05:18
Running from C:\Users\moi\Desktop
Loaded Profile: moi (Available profiles: moi)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [1986048 2012-08-27] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\MountPoints2: {fc9e240e-bdc0-11e3-8054-50b7c348176c} - "E:\HTC_Sync_Manager_PC.exe" 
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {C1C553CA-F960-45C7-A40F-724182852F6C} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 109.88.203.3 62.197.111.140
 
FireFox:
========
FF ProfilePath: C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\hhqugsj8.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\moi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin64 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
FF HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1416562441&from=amt&uid=HitachiXHTS547550A9E384_J1120021CZJVDBCZJVDBX
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoogleÃÂ Drive) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Recherche Google) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (GoogleÃÂ Wallet) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Gmail) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-07-14] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-02] ()
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-01] (Elex do Brasil Participações Ltda)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:05 - 2014-12-02 11:05 - 00014349 _____ () C:\Users\moi\Desktop\FRST.txt
2014-12-02 11:04 - 2014-12-02 11:05 - 00000000 ____D () C:\FRST
2014-12-02 11:03 - 2014-12-02 11:03 - 02117120 _____ (Farbar) C:\Users\moi\Desktop\FRST64.exe
2014-12-02 10:21 - 2014-12-02 10:21 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-02 10:21 - 2014-12-02 10:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-02 10:20 - 2014-12-02 10:20 - 00000000 ___RD () C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-02 10:18 - 2014-12-02 10:18 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-12-02 10:16 - 2014-12-02 10:16 - 00002412 _____ () C:\WINDOWS\system32\.crusader
2014-12-02 09:12 - 2014-11-20 21:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-02 09:12 - 2014-11-20 21:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 09:10 - 2014-12-02 09:10 - 00000346 _____ () C:\WINDOWS\PFRO.log
2014-12-02 09:03 - 2014-12-02 09:04 - 162298320 _____ () C:\Users\moi\Desktop\EmsisoftEmergencyKit.exe
2014-12-02 08:46 - 2014-12-02 08:46 - 02154496 _____ () C:\Users\moi\Desktop\adwcleaner_4.103.exe
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Elex-tech
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-12-02 08:15 - 2014-12-01 08:30 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-12-02 08:15 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2014-12-02 08:11 - 2014-12-02 08:12 - 00773824 _____ (Elex do Brasil Participações Ltda) C:\Users\moi\Desktop\yet_another_cleaner_sk_810414.exe
2014-11-27 13:42 - 2014-11-27 13:42 - 00000000 ____D () C:\Users\moi\AppData\Local\Windows Live
2014-11-27 09:03 - 2014-11-27 09:03 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-27 08:36 - 2014-11-27 09:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-26 22:06 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-26 22:06 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-26 22:06 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-26 22:06 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-26 22:06 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-26 22:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-26 22:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-26 22:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-26 22:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-26 22:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-26 22:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-26 22:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-26 22:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-26 22:06 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-26 22:06 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-26 22:06 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-26 22:06 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-26 22:06 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-26 22:05 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-26 22:05 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-26 22:05 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-26 22:05 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-26 22:05 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-26 22:05 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-26 22:05 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-26 22:05 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-26 22:05 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-26 22:05 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-26 22:05 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-26 22:05 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-26 22:05 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-26 22:05 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-26 22:05 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-26 22:04 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-26 22:04 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-26 22:04 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-26 22:04 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-26 22:04 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-26 22:04 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-26 22:04 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-26 22:04 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-26 22:04 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-26 22:04 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-26 22:00 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-26 22:00 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-26 21:58 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-26 21:58 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-26 21:58 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-26 21:58 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-26 21:58 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-26 21:58 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-26 21:58 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-26 21:58 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-26 21:58 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-26 21:58 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-26 21:58 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-26 21:58 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-26 21:58 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-26 21:57 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-26 21:57 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-26 21:57 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-26 21:57 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-26 21:57 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-26 21:57 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-26 21:57 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-26 21:57 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-26 21:57 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-26 21:57 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-26 21:57 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-26 21:57 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-26 21:57 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-26 21:57 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-26 21:57 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-26 21:57 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-26 21:57 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-26 21:57 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-26 21:57 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-26 21:57 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-26 21:57 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-26 21:57 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-26 21:57 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-26 21:57 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-26 21:57 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-26 21:57 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-26 21:57 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-26 21:57 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-26 21:57 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-26 21:57 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-26 21:56 - 2014-12-02 11:01 - 00001092 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 21:56 - 2014-12-02 10:19 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 21:56 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-26 21:56 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-26 21:41 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-26 21:41 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-26 21:41 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-26 21:41 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-26 21:38 - 2014-11-26 21:38 - 02148864 _____ () C:\Users\moi\Downloads\adwcleaner_4.102.exe
2014-11-26 21:27 - 2014-11-26 21:27 - 00003124 _____ () C:\WINDOWS\System32\Tasks\{D58DA426-C499-4C8E-87DF-6A456DF39D20}
2014-11-26 10:52 - 2014-11-26 10:52 - 00000000 ____D () C:\sh4ldr
2014-11-26 10:51 - 2014-11-26 10:52 - 00000000 ____D () C:\WINDOWS\46B04D534E344388B6EE80FAB66AEF9B.TMP
2014-11-21 13:50 - 2014-11-26 21:04 - 00000000 ____D () C:\Users\moi\Downloads\Malwarebytes Anti-Malware Premium v2.0.2.1012 Multilingual
2014-11-21 13:25 - 2014-12-02 10:59 - 01432765 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 11:25 - 2014-11-21 11:25 - 00000000 _____ () C:\autoexec.bat
2014-11-21 11:24 - 2014-11-21 11:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-18 15:16 - 2014-11-18 15:16 - 00000000 ____D () C:\Users\moi\AppData\Local\Macromedia
2014-11-14 15:08 - 2014-11-14 15:08 - 00000000 ____D () C:\Users\moi\AppData\Local\Sparta
2014-11-14 15:01 - 2014-11-14 15:01 - 00000000 __SHD () C:\Users\moi\AppData\Local\EmieBrowserModeList
2014-11-14 11:30 - 2014-11-14 14:18 - 00000000 ____D () C:\Users\moi\Documents\Fiddler2
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\TuneUp Software
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Local\TuneUp Software
2014-11-12 09:00 - 2014-11-26 21:05 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-12 09:00 - 2014-11-12 09:03 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-02 16:15 - 2014-11-20 18:21 - 00000000 ____D () C:\Users\moi\Desktop\Facturi
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-02 10:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-02 10:35 - 2013-01-26 17:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1596478717-3378438385-2532408222-1001
2014-12-02 10:23 - 2013-11-14 08:32 - 01824010 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-02 10:23 - 2013-11-14 08:13 - 00812350 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-12-02 10:23 - 2013-11-14 08:13 - 00159412 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-12-02 10:22 - 2012-09-01 01:32 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-02 10:19 - 2014-09-14 11:29 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 10:19 - 2014-04-18 09:08 - 00000000 ___RD () C:\Users\moi\OneDrive
2014-12-02 10:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-02 09:18 - 2014-07-14 10:57 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2014-12-02 09:10 - 2013-08-22 15:44 - 00484168 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-02 09:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-02 09:08 - 2014-09-09 15:13 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Skype
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-02 08:35 - 2012-09-01 01:39 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-02 08:35 - 2012-09-01 01:37 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 08:35 - 2012-09-01 00:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 08:31 - 2012-09-01 01:37 - 00000000 ____D () C:\ProgramData\Temp
2014-12-02 08:00 - 2014-09-09 15:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-02 07:59 - 2014-04-03 19:18 - 00003924 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10153A6F-6D25-4D18-9F06-621328672644}
2014-12-01 21:49 - 2013-02-15 21:44 - 00000936 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job
2014-12-01 21:49 - 2013-02-15 21:44 - 00000914 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job
2014-12-01 19:55 - 2014-09-11 22:06 - 00000000 ____D () C:\Users\moi\Desktop\Nouveau dossier
2014-11-28 09:08 - 2013-01-26 19:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-28 07:16 - 2014-07-10 22:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-27 18:04 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-27 17:52 - 2013-10-27 07:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-27 17:47 - 2013-01-26 19:08 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-27 13:09 - 2014-04-01 08:38 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 21:56 - 2014-04-01 08:38 - 00004064 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-26 21:56 - 2014-04-01 08:38 - 00003828 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-26 21:49 - 2014-09-14 10:46 - 00000000 ____D () C:\AdwCleaner
2014-11-26 21:28 - 2014-09-14 14:35 - 00000000 ____D () C:\Users\moi\AppData\Local\Unity
2014-11-26 21:15 - 2014-04-02 22:11 - 00000000 ____D () C:\Users\moi
2014-11-26 21:12 - 2014-07-07 11:46 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-09 15:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-26 21:07 - 2014-04-01 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-26 21:07 - 2014-01-30 21:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\BitTorrent
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\Users\moi\AppData\Roaming\DVDVideoSoft
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Roaming\VASCO
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Package Cache
2014-11-26 21:06 - 2014-07-07 11:48 - 00000000 ____D () C:\Users\moi\AppData\Roaming\ProductData
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-26 21:05 - 2014-11-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Extruplast
2014-11-26 21:05 - 2014-10-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-26 21:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-26 20:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-26 20:34 - 2013-01-26 19:18 - 00000000 __RHD () C:\MSOCache
2014-11-18 17:04 - 2014-09-24 12:57 - 00000000 ____D () C:\Users\moi\Documents\My Cheat Tables
2014-11-18 15:18 - 2013-01-26 23:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Adobe
2014-11-18 13:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-07 14:16 - 2014-04-02 23:00 - 00000000 ___DC () C:\WINDOWS\Panther
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
 
 
Some content of TEMP:
====================
C:\Users\moi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\moi\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-28 07:32
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:06:24
Running from C:\Users\moi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
BitTorrent (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube Download version 3.2.48.1015 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.48.1015 - DVDVideoSoft Ltd.)
Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Professionnel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OfertareExtruplast (HKLM-x32\...\OfertareExtruplast) (Version:  - S.C Extruplast SRL)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.2 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}) (Version: 3.2.3.2 - VASCO Data Security)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
 
==================== Restore Points  =========================
 
19-11-2014 21:32:20 Windows Update
21-11-2014 13:51:31 Removed Java 7 Update 25
26-11-2014 06:53:02 Windows Update
26-11-2014 19:30:12 Opération de restauration
02-12-2014 07:27:43 Removed E-POP
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {035AEAE9-128B-4C8E-8A45-ED3AD443EBA9} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {0ACDD911-2CE7-4F14-A252-D7D6BD3CEB8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {3204427E-42F8-4841-9FFC-4E105C859E89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {6CC1E963-9345-4B63-9AEB-706830242BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: {70A92A5C-B3AD-4A50-A754-14998C941C0E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {872DB252-E4A6-4D39-B918-AA9A20BA5E25} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {93612D72-2B4C-467A-B003-C493DB9BC32D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {9A84578D-72D7-4C4E-A23A-5754A4C5C1E5} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {B7D9BA1D-5FB7-43FB-8A58-59E51EE27418} - System32\Tasks\Driver Booster SkipUAC (Système) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B915B37C-67C6-4391-B1AE-75305C6733C4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {BE9C0DC1-F267-4956-B154-78339F69D136} - System32\Tasks\Driver Booster SkipUAC (moi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C4AB34B0-E825-4585-A50E-CA046E815F39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {D64F466B-F995-499F-9782-A28B8277A5D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {DF42FD9B-70BB-4810-A138-69C98344C256} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {E00D3523-E74F-4492-95D6-EB0A79160EC4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-26 10:48 - 2012-08-26 10:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-10 10:28 - 2012-08-10 10:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 10:23 - 2012-08-10 10:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\fr-FR\BtTray.fr-FR.dll
2012-08-24 10:10 - 2012-08-24 10:10 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-08-26 10:48 - 2012-08-26 10:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-09-01 01:40 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-27 13:09 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\moi\OneDrive:ms-properties
AlternateDataStreams: C:\Users\moi\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-1596478717-3378438385-2532408222-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1596478717-3378438385-2532408222-1003 - Limited - Enabled)
Invité (S-1-5-21-1596478717-3378438385-2532408222-501 - Limited - Enabled)
moi (S-1-5-21-1596478717-3378438385-2532408222-1001 - Administrator - Enabled) => C:\Users\moi
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamscheduler.exe, version : 3.0.2.0, horodatage : 0x5339cec3
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0x6b4
Heure de début de l’application défaillante : 0xmbamscheduler.exe0
Chemin d’accès de l’application défaillante : mbamscheduler.exe1
Chemin d’accès du module défaillant: mbamscheduler.exe2
ID de rapport : mbamscheduler.exe3
Nom complet du package défaillant : mbamscheduler.exe4
ID de l’application relative au package défaillant : mbamscheduler.exe5
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xb6c
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xc58
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17284, horodatage : 0x53f8130d
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x7456993d
ID du processus défaillant : 0x1db0
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Nom complet du package défaillant : explorer.exe4
ID de l’application relative au package défaillant : explorer.exe5
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante chrome.exe, version : 39.0.2171.71, horodatage : 0x547407a7
Nom du module défaillant : chrome.dll, version : 39.0.2171.71, horodatage : 0x547403b3
Code d’exception : 0x80000003
Décalage d’erreur : 0x004f2ce4
ID du processus défaillant : 0x1354
Heure de début de l’application défaillante : 0xchrome.exe0
Chemin d’accès de l’application défaillante : chrome.exe1
Chemin d’accès du module défaillant: chrome.exe2
ID de rapport : chrome.exe3
Nom complet du package défaillant : chrome.exe4
ID de l’application relative au package défaillant : chrome.exe5
 
 
System errors:
=============
Error: (12/02/2014 10:30:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.Reader.
 
Error: (12/02/2014 10:30:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.ZuneVideo.
 
Error: (12/02/2014 10:18:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Le service HitmanPro 3.7 Crusader (Boot) s’est arrêté avec l’erreur spécifique au service suivante : 
%%0
 
Error: (12/02/2014 10:18:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service AppEx Networks Accelerator LWF n’a pas pu démarrer en raison de l’erreur : 
%%31
 
Error: (12/02/2014 10:18:08 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (12/02/2014 10:16:48 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084WSearchNon disponible{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (12/02/2014 10:16:47 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084ShellHWDetectionNon disponible{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/02/2014 10:16:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: L’appel ScRegSetValueExW a échoué pour DeleteFlag avec l’erreur : 
%%5
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6b401d00e10eab2435bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll78d9dbc8-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccb6c01d00e1107a47b1eC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe561bb903-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccc5801d00e082283ad44C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe6493060a-79fb-11e4-809f-50b7c348176c
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f8130dunknown0.0.0.000000000c00000057456993d1db001d00e018d339ff7C:\WINDOWS\SysWOW64\explorer.exeunknowncc7a4160-79f4-11e4-809e-50b7c348176c
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7chrome.dll39.0.2171.71547403b380000003004f2ce4135401d00ce13a3d5423C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\chrome.dll37dc3460-7943-11e4-809e-50b7c348176c
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-02 08:32:23.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 08:32:19.393
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 03:36:35.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 03:36:33.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.388
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 39%
Total physical RAM: 5595.1 MB
Available physical RAM: 3394.63 MB
Total Pagefile: 6619.1 MB
Available Pagefile: 4886.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.95 GB) (Free:331.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:50:08
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.17031_none_5abc2e4b11b14f22\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.16384_none_5a893c0711d704b0\rpcss.dll
[2013-08-22 10:50][2014-04-18 06:48] 0172806 ____A () 2D13BAB0B28A50346143B983D1EAA0BC
 
C:\Windows\System32\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
====== End Of Search ======
 
 
 
 
 
 
 
AFTER I Type the following in the edit box after "Search:".
explorer.exe
 
I got answer this :
 
 
 
 
 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:59:43
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "explorer.exe" =============
 
C:\Windows\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc798c1821453a8\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_4d01a98581e82d4f\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0220250 ____A () 286928E00AD34E9F88EB5BFA52660A70
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0208662 ____A () C131BC6F12417306A9C8469CA49110B1
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe
[2014-04-16 22:51][2014-04-18 07:30] 0015546 ____A () 347EFF7EC89C3EB4F72F2408E1C4E16D
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013-11-14 08:37][2014-04-18 07:30] 0238918 ____A () 5177BB4FECDDB9CDBCF10EF65916968D
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272ee6f4db391ad\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_42acff334d876b54\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0270774 ____A () 2195687491E604BA42961470EDA7660E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0271249 ____A () 667BC926C7CB889BF276A5FEA316CAEE
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe
[2014-04-16 22:51][2014-04-18 06:55] 0169957 ____A () 6D919C26DCB567396CD2E119B8E4310E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013-11-14 08:37][2014-04-18 06:55] 0283735 ____A () FA98C5D746E7C9E0912E88AC44FF9926
 
C:\Windows\SysWOW64\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
====== End Of Search ======
 
 
 
 
Till here its good but i need farder ..i do not know what to do wich command to use ! 
the member who was doing this for someone elce he have done some sethings commands for that guy but they ware not good for me . 
Someone help me ..

 



#4 gabrielll

gabrielll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 02 December 2014 - 06:20 AM

Hello ! 

My pc is verrry slow and every time i try to go online with chrome for ex , i  have alot of pages who open , some of them with sound some not and some trying to download things directly .. 

I try almost everything .. malwarebites , hitman , adw cleaner , spyhunter , jrt and i even try with restore sistem .. i even reinstal the chrome .. 

Now i saw a member here who was telling to someone about FRST64 and i want to try it 

I instal FRST64 and i have done like this :

 

 

 

I download the   FRST64

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
After i type the following in the edit box after "Search:".

 

rpcss.dll

I got replay this : 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014

Ran by moi (administrator) on SAMSUNG on 02-12-2014 11:05:18
Running from C:\Users\moi\Desktop
Loaded Profile: moi (Available profiles: moi)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [1986048 2012-08-27] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\MountPoints2: {fc9e240e-bdc0-11e3-8054-50b7c348176c} - "E:\HTC_Sync_Manager_PC.exe" 
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {C1C553CA-F960-45C7-A40F-724182852F6C} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 109.88.203.3 62.197.111.140
 
FireFox:
========
FF ProfilePath: C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\hhqugsj8.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\moi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin64 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
FF HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1416562441&from=amt&uid=HitachiXHTS547550A9E384_J1120021CZJVDBCZJVDBX
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoogleÃÂ Drive) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Recherche Google) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (GoogleÃÂ Wallet) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Gmail) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-07-14] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-02] ()
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-01] (Elex do Brasil Participações Ltda)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:05 - 2014-12-02 11:05 - 00014349 _____ () C:\Users\moi\Desktop\FRST.txt
2014-12-02 11:04 - 2014-12-02 11:05 - 00000000 ____D () C:\FRST
2014-12-02 11:03 - 2014-12-02 11:03 - 02117120 _____ (Farbar) C:\Users\moi\Desktop\FRST64.exe
2014-12-02 10:21 - 2014-12-02 10:21 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-02 10:21 - 2014-12-02 10:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-02 10:20 - 2014-12-02 10:20 - 00000000 ___RD () C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-02 10:18 - 2014-12-02 10:18 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-12-02 10:16 - 2014-12-02 10:16 - 00002412 _____ () C:\WINDOWS\system32\.crusader
2014-12-02 09:12 - 2014-11-20 21:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-02 09:12 - 2014-11-20 21:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 09:10 - 2014-12-02 09:10 - 00000346 _____ () C:\WINDOWS\PFRO.log
2014-12-02 09:03 - 2014-12-02 09:04 - 162298320 _____ () C:\Users\moi\Desktop\EmsisoftEmergencyKit.exe
2014-12-02 08:46 - 2014-12-02 08:46 - 02154496 _____ () C:\Users\moi\Desktop\adwcleaner_4.103.exe
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Elex-tech
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-12-02 08:15 - 2014-12-01 08:30 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-12-02 08:15 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2014-12-02 08:11 - 2014-12-02 08:12 - 00773824 _____ (Elex do Brasil Participações Ltda) C:\Users\moi\Desktop\yet_another_cleaner_sk_810414.exe
2014-11-27 13:42 - 2014-11-27 13:42 - 00000000 ____D () C:\Users\moi\AppData\Local\Windows Live
2014-11-27 09:03 - 2014-11-27 09:03 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-27 08:36 - 2014-11-27 09:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-26 22:06 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-26 22:06 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-26 22:06 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-26 22:06 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-26 22:06 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-26 22:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-26 22:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-26 22:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-26 22:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-26 22:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-26 22:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-26 22:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-26 22:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-26 22:06 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-26 22:06 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-26 22:06 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-26 22:06 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-26 22:06 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-26 22:05 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-26 22:05 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-26 22:05 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-26 22:05 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-26 22:05 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-26 22:05 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-26 22:05 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-26 22:05 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-26 22:05 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-26 22:05 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-26 22:05 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-26 22:05 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-26 22:05 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-26 22:05 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-26 22:05 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-26 22:04 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-26 22:04 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-26 22:04 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-26 22:04 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-26 22:04 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-26 22:04 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-26 22:04 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-26 22:04 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-26 22:04 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-26 22:04 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-26 22:00 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-26 22:00 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-26 21:58 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-26 21:58 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-26 21:58 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-26 21:58 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-26 21:58 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-26 21:58 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-26 21:58 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-26 21:58 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-26 21:58 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-26 21:58 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-26 21:58 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-26 21:58 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-26 21:58 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-26 21:57 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-26 21:57 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-26 21:57 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-26 21:57 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-26 21:57 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-26 21:57 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-26 21:57 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-26 21:57 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-26 21:57 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-26 21:57 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-26 21:57 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-26 21:57 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-26 21:57 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-26 21:57 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-26 21:57 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-26 21:57 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-26 21:57 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-26 21:57 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-26 21:57 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-26 21:57 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-26 21:57 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-26 21:57 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-26 21:57 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-26 21:57 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-26 21:57 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-26 21:57 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-26 21:57 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-26 21:57 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-26 21:57 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-26 21:57 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-26 21:56 - 2014-12-02 11:01 - 00001092 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 21:56 - 2014-12-02 10:19 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 21:56 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-26 21:56 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-26 21:41 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-26 21:41 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-26 21:41 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-26 21:41 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-26 21:38 - 2014-11-26 21:38 - 02148864 _____ () C:\Users\moi\Downloads\adwcleaner_4.102.exe
2014-11-26 21:27 - 2014-11-26 21:27 - 00003124 _____ () C:\WINDOWS\System32\Tasks\{D58DA426-C499-4C8E-87DF-6A456DF39D20}
2014-11-26 10:52 - 2014-11-26 10:52 - 00000000 ____D () C:\sh4ldr
2014-11-26 10:51 - 2014-11-26 10:52 - 00000000 ____D () C:\WINDOWS\46B04D534E344388B6EE80FAB66AEF9B.TMP
2014-11-21 13:50 - 2014-11-26 21:04 - 00000000 ____D () C:\Users\moi\Downloads\Malwarebytes Anti-Malware Premium v2.0.2.1012 Multilingual
2014-11-21 13:25 - 2014-12-02 10:59 - 01432765 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 11:25 - 2014-11-21 11:25 - 00000000 _____ () C:\autoexec.bat
2014-11-21 11:24 - 2014-11-21 11:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-18 15:16 - 2014-11-18 15:16 - 00000000 ____D () C:\Users\moi\AppData\Local\Macromedia
2014-11-14 15:08 - 2014-11-14 15:08 - 00000000 ____D () C:\Users\moi\AppData\Local\Sparta
2014-11-14 15:01 - 2014-11-14 15:01 - 00000000 __SHD () C:\Users\moi\AppData\Local\EmieBrowserModeList
2014-11-14 11:30 - 2014-11-14 14:18 - 00000000 ____D () C:\Users\moi\Documents\Fiddler2
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\TuneUp Software
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Local\TuneUp Software
2014-11-12 09:00 - 2014-11-26 21:05 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-12 09:00 - 2014-11-12 09:03 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-02 16:15 - 2014-11-20 18:21 - 00000000 ____D () C:\Users\moi\Desktop\Facturi
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-02 10:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-02 10:35 - 2013-01-26 17:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1596478717-3378438385-2532408222-1001
2014-12-02 10:23 - 2013-11-14 08:32 - 01824010 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-02 10:23 - 2013-11-14 08:13 - 00812350 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-12-02 10:23 - 2013-11-14 08:13 - 00159412 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-12-02 10:22 - 2012-09-01 01:32 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-02 10:19 - 2014-09-14 11:29 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 10:19 - 2014-04-18 09:08 - 00000000 ___RD () C:\Users\moi\OneDrive
2014-12-02 10:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-02 09:18 - 2014-07-14 10:57 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2014-12-02 09:10 - 2013-08-22 15:44 - 00484168 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-02 09:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-02 09:08 - 2014-09-09 15:13 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Skype
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-02 08:35 - 2012-09-01 01:39 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-02 08:35 - 2012-09-01 01:37 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 08:35 - 2012-09-01 00:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 08:31 - 2012-09-01 01:37 - 00000000 ____D () C:\ProgramData\Temp
2014-12-02 08:00 - 2014-09-09 15:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-02 07:59 - 2014-04-03 19:18 - 00003924 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10153A6F-6D25-4D18-9F06-621328672644}
2014-12-01 21:49 - 2013-02-15 21:44 - 00000936 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job
2014-12-01 21:49 - 2013-02-15 21:44 - 00000914 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job
2014-12-01 19:55 - 2014-09-11 22:06 - 00000000 ____D () C:\Users\moi\Desktop\Nouveau dossier
2014-11-28 09:08 - 2013-01-26 19:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-28 07:16 - 2014-07-10 22:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-27 18:04 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-27 17:52 - 2013-10-27 07:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-27 17:47 - 2013-01-26 19:08 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-27 13:09 - 2014-04-01 08:38 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 21:56 - 2014-04-01 08:38 - 00004064 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-26 21:56 - 2014-04-01 08:38 - 00003828 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-26 21:49 - 2014-09-14 10:46 - 00000000 ____D () C:\AdwCleaner
2014-11-26 21:28 - 2014-09-14 14:35 - 00000000 ____D () C:\Users\moi\AppData\Local\Unity
2014-11-26 21:15 - 2014-04-02 22:11 - 00000000 ____D () C:\Users\moi
2014-11-26 21:12 - 2014-07-07 11:46 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-09 15:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-26 21:07 - 2014-04-01 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-26 21:07 - 2014-01-30 21:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\BitTorrent
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\Users\moi\AppData\Roaming\DVDVideoSoft
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Roaming\VASCO
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Package Cache
2014-11-26 21:06 - 2014-07-07 11:48 - 00000000 ____D () C:\Users\moi\AppData\Roaming\ProductData
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-26 21:05 - 2014-11-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Extruplast
2014-11-26 21:05 - 2014-10-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-26 21:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-26 20:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-26 20:34 - 2013-01-26 19:18 - 00000000 __RHD () C:\MSOCache
2014-11-18 17:04 - 2014-09-24 12:57 - 00000000 ____D () C:\Users\moi\Documents\My Cheat Tables
2014-11-18 15:18 - 2013-01-26 23:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Adobe
2014-11-18 13:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-07 14:16 - 2014-04-02 23:00 - 00000000 ___DC () C:\WINDOWS\Panther
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
 
 
Some content of TEMP:
====================
C:\Users\moi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\moi\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-28 07:32
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:06:24
Running from C:\Users\moi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
BitTorrent (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube Download version 3.2.48.1015 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.48.1015 - DVDVideoSoft Ltd.)
Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Professionnel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OfertareExtruplast (HKLM-x32\...\OfertareExtruplast) (Version:  - S.C Extruplast SRL)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.2 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}) (Version: 3.2.3.2 - VASCO Data Security)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
 
==================== Restore Points  =========================
 
19-11-2014 21:32:20 Windows Update
21-11-2014 13:51:31 Removed Java 7 Update 25
26-11-2014 06:53:02 Windows Update
26-11-2014 19:30:12 Opération de restauration
02-12-2014 07:27:43 Removed E-POP
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {035AEAE9-128B-4C8E-8A45-ED3AD443EBA9} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {0ACDD911-2CE7-4F14-A252-D7D6BD3CEB8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {3204427E-42F8-4841-9FFC-4E105C859E89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {6CC1E963-9345-4B63-9AEB-706830242BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: {70A92A5C-B3AD-4A50-A754-14998C941C0E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {872DB252-E4A6-4D39-B918-AA9A20BA5E25} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {93612D72-2B4C-467A-B003-C493DB9BC32D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {9A84578D-72D7-4C4E-A23A-5754A4C5C1E5} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {B7D9BA1D-5FB7-43FB-8A58-59E51EE27418} - System32\Tasks\Driver Booster SkipUAC (Système) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B915B37C-67C6-4391-B1AE-75305C6733C4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {BE9C0DC1-F267-4956-B154-78339F69D136} - System32\Tasks\Driver Booster SkipUAC (moi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C4AB34B0-E825-4585-A50E-CA046E815F39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {D64F466B-F995-499F-9782-A28B8277A5D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {DF42FD9B-70BB-4810-A138-69C98344C256} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {E00D3523-E74F-4492-95D6-EB0A79160EC4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-26 10:48 - 2012-08-26 10:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-10 10:28 - 2012-08-10 10:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 10:23 - 2012-08-10 10:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\fr-FR\BtTray.fr-FR.dll
2012-08-24 10:10 - 2012-08-24 10:10 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-08-26 10:48 - 2012-08-26 10:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-09-01 01:40 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-27 13:09 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\moi\OneDrive:ms-properties
AlternateDataStreams: C:\Users\moi\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-1596478717-3378438385-2532408222-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1596478717-3378438385-2532408222-1003 - Limited - Enabled)
Invité (S-1-5-21-1596478717-3378438385-2532408222-501 - Limited - Enabled)
moi (S-1-5-21-1596478717-3378438385-2532408222-1001 - Administrator - Enabled) => C:\Users\moi
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamscheduler.exe, version : 3.0.2.0, horodatage : 0x5339cec3
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0x6b4
Heure de début de l’application défaillante : 0xmbamscheduler.exe0
Chemin d’accès de l’application défaillante : mbamscheduler.exe1
Chemin d’accès du module défaillant: mbamscheduler.exe2
ID de rapport : mbamscheduler.exe3
Nom complet du package défaillant : mbamscheduler.exe4
ID de l’application relative au package défaillant : mbamscheduler.exe5
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xb6c
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xc58
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17284, horodatage : 0x53f8130d
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x7456993d
ID du processus défaillant : 0x1db0
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Nom complet du package défaillant : explorer.exe4
ID de l’application relative au package défaillant : explorer.exe5
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante chrome.exe, version : 39.0.2171.71, horodatage : 0x547407a7
Nom du module défaillant : chrome.dll, version : 39.0.2171.71, horodatage : 0x547403b3
Code d’exception : 0x80000003
Décalage d’erreur : 0x004f2ce4
ID du processus défaillant : 0x1354
Heure de début de l’application défaillante : 0xchrome.exe0
Chemin d’accès de l’application défaillante : chrome.exe1
Chemin d’accès du module défaillant: chrome.exe2
ID de rapport : chrome.exe3
Nom complet du package défaillant : chrome.exe4
ID de l’application relative au package défaillant : chrome.exe5
 
 
System errors:
=============
Error: (12/02/2014 10:30:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.Reader.
 
Error: (12/02/2014 10:30:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.ZuneVideo.
 
Error: (12/02/2014 10:18:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Le service HitmanPro 3.7 Crusader (Boot) s’est arrêté avec l’erreur spécifique au service suivante : 
%%0
 
Error: (12/02/2014 10:18:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service AppEx Networks Accelerator LWF n’a pas pu démarrer en raison de l’erreur : 
%%31
 
Error: (12/02/2014 10:18:08 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (12/02/2014 10:16:48 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084WSearchNon disponible{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (12/02/2014 10:16:47 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084ShellHWDetectionNon disponible{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/02/2014 10:16:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: L’appel ScRegSetValueExW a échoué pour DeleteFlag avec l’erreur : 
%%5
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6b401d00e10eab2435bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll78d9dbc8-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccb6c01d00e1107a47b1eC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe561bb903-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccc5801d00e082283ad44C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe6493060a-79fb-11e4-809f-50b7c348176c
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f8130dunknown0.0.0.000000000c00000057456993d1db001d00e018d339ff7C:\WINDOWS\SysWOW64\explorer.exeunknowncc7a4160-79f4-11e4-809e-50b7c348176c
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7chrome.dll39.0.2171.71547403b380000003004f2ce4135401d00ce13a3d5423C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\chrome.dll37dc3460-7943-11e4-809e-50b7c348176c
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-02 08:32:23.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 08:32:19.393
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 03:36:35.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 03:36:33.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.388
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 39%
Total physical RAM: 5595.1 MB
Available physical RAM: 3394.63 MB
Total Pagefile: 6619.1 MB
Available Pagefile: 4886.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.95 GB) (Free:331.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:50:08
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.17031_none_5abc2e4b11b14f22\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.16384_none_5a893c0711d704b0\rpcss.dll
[2013-08-22 10:50][2014-04-18 06:48] 0172806 ____A () 2D13BAB0B28A50346143B983D1EAA0BC
 
C:\Windows\System32\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
====== End Of Search ======
 
 
 
 
 
 
 
AFTER I Type the following in the edit box after "Search:".
explorer.exe
 
I got answer this :
 
 
 
 
 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:59:43
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "explorer.exe" =============
 
C:\Windows\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc798c1821453a8\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_4d01a98581e82d4f\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0220250 ____A () 286928E00AD34E9F88EB5BFA52660A70
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0208662 ____A () C131BC6F12417306A9C8469CA49110B1
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe
[2014-04-16 22:51][2014-04-18 07:30] 0015546 ____A () 347EFF7EC89C3EB4F72F2408E1C4E16D
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013-11-14 08:37][2014-04-18 07:30] 0238918 ____A () 5177BB4FECDDB9CDBCF10EF65916968D
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272ee6f4db391ad\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_42acff334d876b54\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0270774 ____A () 2195687491E604BA42961470EDA7660E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0271249 ____A () 667BC926C7CB889BF276A5FEA316CAEE
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe
[2014-04-16 22:51][2014-04-18 06:55] 0169957 ____A () 6D919C26DCB567396CD2E119B8E4310E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013-11-14 08:37][2014-04-18 06:55] 0283735 ____A () FA98C5D746E7C9E0912E88AC44FF9926
 
C:\Windows\SysWOW64\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
====== End Of Search ======
 
 
 
 
Till here its good but i need farder ..i do not know what to do wich command to use ! 
the member who was doing this for someone elce he have done some sethings commands for that guy but they ware not good for me . 
Someone help me ..

 



#5 gabrielll

gabrielll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 02 December 2014 - 06:20 AM

Hello ! 

My pc is verrry slow and every time i try to go online with chrome for ex , i  have alot of pages who open , some of them with sound some not and some trying to download things directly .. 

I try almost everything .. malwarebites , hitman , adw cleaner , spyhunter , jrt and i even try with restore sistem .. i even reinstal the chrome .. 

Now i saw a member here who was telling to someone about FRST64 and i want to try it 

I instal FRST64 and i have done like this :

 

 

 

I download the   FRST64

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
After i type the following in the edit box after "Search:".

 

rpcss.dll

I got replay this : 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014

Ran by moi (administrator) on SAMSUNG on 02-12-2014 11:05:18
Running from C:\Users\moi\Desktop
Loaded Profile: moi (Available profiles: moi)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [1986048 2012-08-27] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\MountPoints2: {fc9e240e-bdc0-11e3-8054-50b7c348176c} - "E:\HTC_Sync_Manager_PC.exe" 
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {C1C553CA-F960-45C7-A40F-724182852F6C} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 109.88.203.3 62.197.111.140
 
FireFox:
========
FF ProfilePath: C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\hhqugsj8.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\moi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin64 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
FF HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1416562441&from=amt&uid=HitachiXHTS547550A9E384_J1120021CZJVDBCZJVDBX
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoogleÃÂ Drive) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Recherche Google) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (GoogleÃÂ Wallet) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Gmail) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-07-14] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-02] ()
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-01] (Elex do Brasil Participações Ltda)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:05 - 2014-12-02 11:05 - 00014349 _____ () C:\Users\moi\Desktop\FRST.txt
2014-12-02 11:04 - 2014-12-02 11:05 - 00000000 ____D () C:\FRST
2014-12-02 11:03 - 2014-12-02 11:03 - 02117120 _____ (Farbar) C:\Users\moi\Desktop\FRST64.exe
2014-12-02 10:21 - 2014-12-02 10:21 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-02 10:21 - 2014-12-02 10:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-02 10:20 - 2014-12-02 10:20 - 00000000 ___RD () C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-02 10:18 - 2014-12-02 10:18 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-12-02 10:16 - 2014-12-02 10:16 - 00002412 _____ () C:\WINDOWS\system32\.crusader
2014-12-02 09:12 - 2014-11-20 21:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-02 09:12 - 2014-11-20 21:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 09:10 - 2014-12-02 09:10 - 00000346 _____ () C:\WINDOWS\PFRO.log
2014-12-02 09:03 - 2014-12-02 09:04 - 162298320 _____ () C:\Users\moi\Desktop\EmsisoftEmergencyKit.exe
2014-12-02 08:46 - 2014-12-02 08:46 - 02154496 _____ () C:\Users\moi\Desktop\adwcleaner_4.103.exe
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Elex-tech
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-12-02 08:15 - 2014-12-01 08:30 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-12-02 08:15 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2014-12-02 08:11 - 2014-12-02 08:12 - 00773824 _____ (Elex do Brasil Participações Ltda) C:\Users\moi\Desktop\yet_another_cleaner_sk_810414.exe
2014-11-27 13:42 - 2014-11-27 13:42 - 00000000 ____D () C:\Users\moi\AppData\Local\Windows Live
2014-11-27 09:03 - 2014-11-27 09:03 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-27 08:36 - 2014-11-27 09:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-26 22:06 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-26 22:06 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-26 22:06 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-26 22:06 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-26 22:06 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-26 22:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-26 22:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-26 22:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-26 22:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-26 22:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-26 22:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-26 22:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-26 22:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-26 22:06 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-26 22:06 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-26 22:06 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-26 22:06 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-26 22:06 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-26 22:05 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-26 22:05 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-26 22:05 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-26 22:05 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-26 22:05 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-26 22:05 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-26 22:05 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-26 22:05 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-26 22:05 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-26 22:05 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-26 22:05 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-26 22:05 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-26 22:05 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-26 22:05 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-26 22:05 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-26 22:04 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-26 22:04 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-26 22:04 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-26 22:04 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-26 22:04 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-26 22:04 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-26 22:04 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-26 22:04 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-26 22:04 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-26 22:04 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-26 22:00 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-26 22:00 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-26 21:58 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-26 21:58 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-26 21:58 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-26 21:58 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-26 21:58 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-26 21:58 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-26 21:58 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-26 21:58 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-26 21:58 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-26 21:58 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-26 21:58 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-26 21:58 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-26 21:58 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-26 21:57 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-26 21:57 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-26 21:57 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-26 21:57 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-26 21:57 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-26 21:57 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-26 21:57 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-26 21:57 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-26 21:57 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-26 21:57 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-26 21:57 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-26 21:57 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-26 21:57 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-26 21:57 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-26 21:57 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-26 21:57 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-26 21:57 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-26 21:57 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-26 21:57 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-26 21:57 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-26 21:57 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-26 21:57 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-26 21:57 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-26 21:57 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-26 21:57 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-26 21:57 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-26 21:57 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-26 21:57 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-26 21:57 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-26 21:57 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-26 21:56 - 2014-12-02 11:01 - 00001092 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 21:56 - 2014-12-02 10:19 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 21:56 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-26 21:56 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-26 21:41 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-26 21:41 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-26 21:41 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-26 21:41 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-26 21:38 - 2014-11-26 21:38 - 02148864 _____ () C:\Users\moi\Downloads\adwcleaner_4.102.exe
2014-11-26 21:27 - 2014-11-26 21:27 - 00003124 _____ () C:\WINDOWS\System32\Tasks\{D58DA426-C499-4C8E-87DF-6A456DF39D20}
2014-11-26 10:52 - 2014-11-26 10:52 - 00000000 ____D () C:\sh4ldr
2014-11-26 10:51 - 2014-11-26 10:52 - 00000000 ____D () C:\WINDOWS\46B04D534E344388B6EE80FAB66AEF9B.TMP
2014-11-21 13:50 - 2014-11-26 21:04 - 00000000 ____D () C:\Users\moi\Downloads\Malwarebytes Anti-Malware Premium v2.0.2.1012 Multilingual
2014-11-21 13:25 - 2014-12-02 10:59 - 01432765 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 11:25 - 2014-11-21 11:25 - 00000000 _____ () C:\autoexec.bat
2014-11-21 11:24 - 2014-11-21 11:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-18 15:16 - 2014-11-18 15:16 - 00000000 ____D () C:\Users\moi\AppData\Local\Macromedia
2014-11-14 15:08 - 2014-11-14 15:08 - 00000000 ____D () C:\Users\moi\AppData\Local\Sparta
2014-11-14 15:01 - 2014-11-14 15:01 - 00000000 __SHD () C:\Users\moi\AppData\Local\EmieBrowserModeList
2014-11-14 11:30 - 2014-11-14 14:18 - 00000000 ____D () C:\Users\moi\Documents\Fiddler2
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\TuneUp Software
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Local\TuneUp Software
2014-11-12 09:00 - 2014-11-26 21:05 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-12 09:00 - 2014-11-12 09:03 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-02 16:15 - 2014-11-20 18:21 - 00000000 ____D () C:\Users\moi\Desktop\Facturi
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-02 10:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-02 10:35 - 2013-01-26 17:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1596478717-3378438385-2532408222-1001
2014-12-02 10:23 - 2013-11-14 08:32 - 01824010 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-02 10:23 - 2013-11-14 08:13 - 00812350 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-12-02 10:23 - 2013-11-14 08:13 - 00159412 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-12-02 10:22 - 2012-09-01 01:32 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-02 10:19 - 2014-09-14 11:29 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 10:19 - 2014-04-18 09:08 - 00000000 ___RD () C:\Users\moi\OneDrive
2014-12-02 10:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-02 09:18 - 2014-07-14 10:57 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2014-12-02 09:10 - 2013-08-22 15:44 - 00484168 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-02 09:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-02 09:08 - 2014-09-09 15:13 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Skype
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-02 08:35 - 2012-09-01 01:39 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-02 08:35 - 2012-09-01 01:37 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 08:35 - 2012-09-01 00:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 08:31 - 2012-09-01 01:37 - 00000000 ____D () C:\ProgramData\Temp
2014-12-02 08:00 - 2014-09-09 15:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-02 07:59 - 2014-04-03 19:18 - 00003924 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10153A6F-6D25-4D18-9F06-621328672644}
2014-12-01 21:49 - 2013-02-15 21:44 - 00000936 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job
2014-12-01 21:49 - 2013-02-15 21:44 - 00000914 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job
2014-12-01 19:55 - 2014-09-11 22:06 - 00000000 ____D () C:\Users\moi\Desktop\Nouveau dossier
2014-11-28 09:08 - 2013-01-26 19:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-28 07:16 - 2014-07-10 22:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-27 18:04 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-27 17:52 - 2013-10-27 07:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-27 17:47 - 2013-01-26 19:08 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-27 13:09 - 2014-04-01 08:38 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 21:56 - 2014-04-01 08:38 - 00004064 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-26 21:56 - 2014-04-01 08:38 - 00003828 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-26 21:49 - 2014-09-14 10:46 - 00000000 ____D () C:\AdwCleaner
2014-11-26 21:28 - 2014-09-14 14:35 - 00000000 ____D () C:\Users\moi\AppData\Local\Unity
2014-11-26 21:15 - 2014-04-02 22:11 - 00000000 ____D () C:\Users\moi
2014-11-26 21:12 - 2014-07-07 11:46 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-09 15:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-26 21:07 - 2014-04-01 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-26 21:07 - 2014-01-30 21:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\BitTorrent
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\Users\moi\AppData\Roaming\DVDVideoSoft
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Roaming\VASCO
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Package Cache
2014-11-26 21:06 - 2014-07-07 11:48 - 00000000 ____D () C:\Users\moi\AppData\Roaming\ProductData
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-26 21:05 - 2014-11-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Extruplast
2014-11-26 21:05 - 2014-10-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-26 21:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-26 20:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-26 20:34 - 2013-01-26 19:18 - 00000000 __RHD () C:\MSOCache
2014-11-18 17:04 - 2014-09-24 12:57 - 00000000 ____D () C:\Users\moi\Documents\My Cheat Tables
2014-11-18 15:18 - 2013-01-26 23:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Adobe
2014-11-18 13:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-07 14:16 - 2014-04-02 23:00 - 00000000 ___DC () C:\WINDOWS\Panther
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
 
 
Some content of TEMP:
====================
C:\Users\moi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\moi\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-28 07:32
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:06:24
Running from C:\Users\moi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
BitTorrent (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube Download version 3.2.48.1015 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.48.1015 - DVDVideoSoft Ltd.)
Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Professionnel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OfertareExtruplast (HKLM-x32\...\OfertareExtruplast) (Version:  - S.C Extruplast SRL)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.2 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}) (Version: 3.2.3.2 - VASCO Data Security)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
 
==================== Restore Points  =========================
 
19-11-2014 21:32:20 Windows Update
21-11-2014 13:51:31 Removed Java 7 Update 25
26-11-2014 06:53:02 Windows Update
26-11-2014 19:30:12 Opération de restauration
02-12-2014 07:27:43 Removed E-POP
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {035AEAE9-128B-4C8E-8A45-ED3AD443EBA9} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {0ACDD911-2CE7-4F14-A252-D7D6BD3CEB8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {3204427E-42F8-4841-9FFC-4E105C859E89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {6CC1E963-9345-4B63-9AEB-706830242BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: {70A92A5C-B3AD-4A50-A754-14998C941C0E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {872DB252-E4A6-4D39-B918-AA9A20BA5E25} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {93612D72-2B4C-467A-B003-C493DB9BC32D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {9A84578D-72D7-4C4E-A23A-5754A4C5C1E5} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {B7D9BA1D-5FB7-43FB-8A58-59E51EE27418} - System32\Tasks\Driver Booster SkipUAC (Système) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B915B37C-67C6-4391-B1AE-75305C6733C4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {BE9C0DC1-F267-4956-B154-78339F69D136} - System32\Tasks\Driver Booster SkipUAC (moi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C4AB34B0-E825-4585-A50E-CA046E815F39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {D64F466B-F995-499F-9782-A28B8277A5D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {DF42FD9B-70BB-4810-A138-69C98344C256} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {E00D3523-E74F-4492-95D6-EB0A79160EC4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-26 10:48 - 2012-08-26 10:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-10 10:28 - 2012-08-10 10:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 10:23 - 2012-08-10 10:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\fr-FR\BtTray.fr-FR.dll
2012-08-24 10:10 - 2012-08-24 10:10 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-08-26 10:48 - 2012-08-26 10:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-09-01 01:40 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-27 13:09 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\moi\OneDrive:ms-properties
AlternateDataStreams: C:\Users\moi\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-1596478717-3378438385-2532408222-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1596478717-3378438385-2532408222-1003 - Limited - Enabled)
Invité (S-1-5-21-1596478717-3378438385-2532408222-501 - Limited - Enabled)
moi (S-1-5-21-1596478717-3378438385-2532408222-1001 - Administrator - Enabled) => C:\Users\moi
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamscheduler.exe, version : 3.0.2.0, horodatage : 0x5339cec3
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0x6b4
Heure de début de l’application défaillante : 0xmbamscheduler.exe0
Chemin d’accès de l’application défaillante : mbamscheduler.exe1
Chemin d’accès du module défaillant: mbamscheduler.exe2
ID de rapport : mbamscheduler.exe3
Nom complet du package défaillant : mbamscheduler.exe4
ID de l’application relative au package défaillant : mbamscheduler.exe5
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xb6c
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xc58
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17284, horodatage : 0x53f8130d
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x7456993d
ID du processus défaillant : 0x1db0
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Nom complet du package défaillant : explorer.exe4
ID de l’application relative au package défaillant : explorer.exe5
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante chrome.exe, version : 39.0.2171.71, horodatage : 0x547407a7
Nom du module défaillant : chrome.dll, version : 39.0.2171.71, horodatage : 0x547403b3
Code d’exception : 0x80000003
Décalage d’erreur : 0x004f2ce4
ID du processus défaillant : 0x1354
Heure de début de l’application défaillante : 0xchrome.exe0
Chemin d’accès de l’application défaillante : chrome.exe1
Chemin d’accès du module défaillant: chrome.exe2
ID de rapport : chrome.exe3
Nom complet du package défaillant : chrome.exe4
ID de l’application relative au package défaillant : chrome.exe5
 
 
System errors:
=============
Error: (12/02/2014 10:30:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.Reader.
 
Error: (12/02/2014 10:30:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.ZuneVideo.
 
Error: (12/02/2014 10:18:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Le service HitmanPro 3.7 Crusader (Boot) s’est arrêté avec l’erreur spécifique au service suivante : 
%%0
 
Error: (12/02/2014 10:18:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service AppEx Networks Accelerator LWF n’a pas pu démarrer en raison de l’erreur : 
%%31
 
Error: (12/02/2014 10:18:08 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (12/02/2014 10:16:48 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084WSearchNon disponible{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (12/02/2014 10:16:47 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084ShellHWDetectionNon disponible{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/02/2014 10:16:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: L’appel ScRegSetValueExW a échoué pour DeleteFlag avec l’erreur : 
%%5
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6b401d00e10eab2435bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll78d9dbc8-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccb6c01d00e1107a47b1eC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe561bb903-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccc5801d00e082283ad44C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe6493060a-79fb-11e4-809f-50b7c348176c
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f8130dunknown0.0.0.000000000c00000057456993d1db001d00e018d339ff7C:\WINDOWS\SysWOW64\explorer.exeunknowncc7a4160-79f4-11e4-809e-50b7c348176c
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7chrome.dll39.0.2171.71547403b380000003004f2ce4135401d00ce13a3d5423C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\chrome.dll37dc3460-7943-11e4-809e-50b7c348176c
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-02 08:32:23.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 08:32:19.393
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 03:36:35.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 03:36:33.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.388
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 39%
Total physical RAM: 5595.1 MB
Available physical RAM: 3394.63 MB
Total Pagefile: 6619.1 MB
Available Pagefile: 4886.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.95 GB) (Free:331.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:50:08
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.17031_none_5abc2e4b11b14f22\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.16384_none_5a893c0711d704b0\rpcss.dll
[2013-08-22 10:50][2014-04-18 06:48] 0172806 ____A () 2D13BAB0B28A50346143B983D1EAA0BC
 
C:\Windows\System32\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
====== End Of Search ======
 
 
 
 
 
 
 
AFTER I Type the following in the edit box after "Search:".
explorer.exe
 
I got answer this :
 
 
 
 
 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:59:43
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "explorer.exe" =============
 
C:\Windows\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc798c1821453a8\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_4d01a98581e82d4f\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0220250 ____A () 286928E00AD34E9F88EB5BFA52660A70
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0208662 ____A () C131BC6F12417306A9C8469CA49110B1
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe
[2014-04-16 22:51][2014-04-18 07:30] 0015546 ____A () 347EFF7EC89C3EB4F72F2408E1C4E16D
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013-11-14 08:37][2014-04-18 07:30] 0238918 ____A () 5177BB4FECDDB9CDBCF10EF65916968D
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272ee6f4db391ad\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_42acff334d876b54\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0270774 ____A () 2195687491E604BA42961470EDA7660E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0271249 ____A () 667BC926C7CB889BF276A5FEA316CAEE
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe
[2014-04-16 22:51][2014-04-18 06:55] 0169957 ____A () 6D919C26DCB567396CD2E119B8E4310E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013-11-14 08:37][2014-04-18 06:55] 0283735 ____A () FA98C5D746E7C9E0912E88AC44FF9926
 
C:\Windows\SysWOW64\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
====== End Of Search ======
 
 
 
 
Till here its good but i need farder ..i do not know what to do wich command to use ! 
the member who was doing this for someone elce he have done some sethings commands for that guy but they ware not good for me . 
Someone help me ..

 



#6 gabrielll

gabrielll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 02 December 2014 - 06:20 AM

Hello ! 

My pc is verrry slow and every time i try to go online with chrome for ex , i  have alot of pages who open , some of them with sound some not and some trying to download things directly .. 

I try almost everything .. malwarebites , hitman , adw cleaner , spyhunter , jrt and i even try with restore sistem .. i even reinstal the chrome .. 

Now i saw a member here who was telling to someone about FRST64 and i want to try it 

I instal FRST64 and i have done like this :

 

 

 

I download the   FRST64

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
After i type the following in the edit box after "Search:".

 

rpcss.dll

I got replay this : 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014

Ran by moi (administrator) on SAMSUNG on 02-12-2014 11:05:18
Running from C:\Users\moi\Desktop
Loaded Profile: moi (Available profiles: moi)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [1986048 2012-08-27] (Samsung Electronics CO., LTD.)
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\MountPoints2: {fc9e240e-bdc0-11e3-8054-50b7c348176c} - "E:\HTC_Sync_Manager_PC.exe" 
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001 -> {C1C553CA-F960-45C7-A40F-724182852F6C} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 109.88.203.3 62.197.111.140
 
FireFox:
========
FF ProfilePath: C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\hhqugsj8.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\moi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF Plugin HKU\S-1-5-21-1596478717-3378438385-2532408222-1001: vasco.com/VascoCardReaderPlugin64 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
FF HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1416562441&from=amt&uid=HitachiXHTS547550A9E384_J1120021CZJVDBCZJVDBX
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoogleÃÂ Drive) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (YouTube) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Recherche Google) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (GoogleÃÂ Wallet) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Gmail) - C:\Users\moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-07-14] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-02] ()
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-01] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-01] (Elex do Brasil Participações Ltda)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:05 - 2014-12-02 11:05 - 00014349 _____ () C:\Users\moi\Desktop\FRST.txt
2014-12-02 11:04 - 2014-12-02 11:05 - 00000000 ____D () C:\FRST
2014-12-02 11:03 - 2014-12-02 11:03 - 02117120 _____ (Farbar) C:\Users\moi\Desktop\FRST64.exe
2014-12-02 10:21 - 2014-12-02 10:21 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-02 10:21 - 2014-12-02 10:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-02 10:20 - 2014-12-02 10:20 - 00000000 ___RD () C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-02 10:18 - 2014-12-02 10:18 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-12-02 10:16 - 2014-12-02 10:16 - 00002412 _____ () C:\WINDOWS\system32\.crusader
2014-12-02 09:12 - 2014-11-20 21:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-02 09:12 - 2014-11-20 21:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 09:10 - 2014-12-02 09:10 - 00000346 _____ () C:\WINDOWS\PFRO.log
2014-12-02 09:03 - 2014-12-02 09:04 - 162298320 _____ () C:\Users\moi\Desktop\EmsisoftEmergencyKit.exe
2014-12-02 08:46 - 2014-12-02 08:46 - 02154496 _____ () C:\Users\moi\Desktop\adwcleaner_4.103.exe
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\WINDOWS\system32\log
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Elex-tech
2014-12-02 08:15 - 2014-12-02 08:15 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-12-02 08:15 - 2014-12-01 08:30 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-12-02 08:15 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2014-12-02 08:11 - 2014-12-02 08:12 - 00773824 _____ (Elex do Brasil Participações Ltda) C:\Users\moi\Desktop\yet_another_cleaner_sk_810414.exe
2014-11-27 13:42 - 2014-11-27 13:42 - 00000000 ____D () C:\Users\moi\AppData\Local\Windows Live
2014-11-27 09:03 - 2014-11-27 09:03 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-27 08:36 - 2014-11-27 09:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-26 22:06 - 2014-11-05 00:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-26 22:06 - 2014-11-04 01:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-26 22:06 - 2014-10-31 05:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-26 22:06 - 2014-10-31 05:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-26 22:06 - 2014-10-31 05:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-26 22:06 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-26 22:06 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-26 22:06 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-26 22:06 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-26 22:06 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-26 22:06 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-26 22:06 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-26 22:06 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-26 22:06 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-26 22:06 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-26 22:06 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-26 22:06 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-26 22:06 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-26 22:06 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-26 22:05 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-26 22:05 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-26 22:05 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-26 22:05 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-26 22:05 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-26 22:05 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-26 22:05 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-26 22:05 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-26 22:05 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-26 22:05 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-26 22:05 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-26 22:05 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-26 22:05 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-26 22:05 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-26 22:05 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-26 22:05 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-26 22:05 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-26 22:05 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-26 22:04 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-26 22:04 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-26 22:04 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-26 22:04 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-26 22:04 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-26 22:04 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-26 22:04 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-26 22:04 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-26 22:04 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-26 22:04 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-26 22:04 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-26 22:04 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-26 22:04 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-26 22:04 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-26 22:00 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-26 22:00 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-26 21:58 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-26 21:58 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-26 21:58 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-26 21:58 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-26 21:58 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-26 21:58 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-26 21:58 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-26 21:58 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-26 21:58 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-26 21:58 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-26 21:58 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-26 21:58 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-26 21:58 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-26 21:58 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-26 21:58 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-26 21:58 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-26 21:58 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-26 21:57 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-26 21:57 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-26 21:57 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-26 21:57 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-26 21:57 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-26 21:57 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-26 21:57 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-26 21:57 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-26 21:57 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-26 21:57 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-26 21:57 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-26 21:57 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-26 21:57 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-26 21:57 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-26 21:57 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-26 21:57 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-26 21:57 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-26 21:57 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-26 21:57 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-26 21:57 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-26 21:57 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-26 21:57 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-26 21:57 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-26 21:57 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-26 21:57 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-26 21:57 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-26 21:57 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-26 21:57 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-26 21:57 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-26 21:57 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-26 21:57 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-26 21:57 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-26 21:57 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-26 21:57 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-26 21:57 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-26 21:57 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-26 21:57 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-26 21:57 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-26 21:57 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-26 21:57 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-26 21:57 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-26 21:57 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-26 21:57 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-26 21:57 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-26 21:57 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-26 21:57 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-26 21:57 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-26 21:56 - 2014-12-02 11:01 - 00001092 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 21:56 - 2014-12-02 10:19 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 21:56 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-26 21:56 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-26 21:41 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-26 21:41 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-26 21:41 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-26 21:41 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-26 21:41 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-26 21:41 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-26 21:41 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-26 21:39 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-26 21:38 - 2014-11-26 21:38 - 02148864 _____ () C:\Users\moi\Downloads\adwcleaner_4.102.exe
2014-11-26 21:27 - 2014-11-26 21:27 - 00003124 _____ () C:\WINDOWS\System32\Tasks\{D58DA426-C499-4C8E-87DF-6A456DF39D20}
2014-11-26 10:52 - 2014-11-26 10:52 - 00000000 ____D () C:\sh4ldr
2014-11-26 10:51 - 2014-11-26 10:52 - 00000000 ____D () C:\WINDOWS\46B04D534E344388B6EE80FAB66AEF9B.TMP
2014-11-21 13:50 - 2014-11-26 21:04 - 00000000 ____D () C:\Users\moi\Downloads\Malwarebytes Anti-Malware Premium v2.0.2.1012 Multilingual
2014-11-21 13:25 - 2014-12-02 10:59 - 01432765 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 11:25 - 2014-11-21 11:25 - 00000000 _____ () C:\autoexec.bat
2014-11-21 11:24 - 2014-11-21 11:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-18 15:16 - 2014-11-18 15:16 - 00000000 ____D () C:\Users\moi\AppData\Local\Macromedia
2014-11-14 15:08 - 2014-11-14 15:08 - 00000000 ____D () C:\Users\moi\AppData\Local\Sparta
2014-11-14 15:01 - 2014-11-14 15:01 - 00000000 __SHD () C:\Users\moi\AppData\Local\EmieBrowserModeList
2014-11-14 11:30 - 2014-11-14 14:18 - 00000000 ____D () C:\Users\moi\Documents\Fiddler2
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\TuneUp Software
2014-11-12 09:03 - 2014-11-12 09:03 - 00000000 ____D () C:\Users\moi\AppData\Local\TuneUp Software
2014-11-12 09:00 - 2014-11-26 21:05 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-12 09:00 - 2014-11-12 09:03 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-02 16:15 - 2014-11-20 18:21 - 00000000 ____D () C:\Users\moi\Desktop\Facturi
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-02 10:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-02 10:35 - 2013-01-26 17:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1596478717-3378438385-2532408222-1001
2014-12-02 10:23 - 2013-11-14 08:32 - 01824010 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-02 10:23 - 2013-11-14 08:13 - 00812350 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-12-02 10:23 - 2013-11-14 08:13 - 00159412 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-12-02 10:22 - 2012-09-01 01:32 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-02 10:19 - 2014-09-14 11:29 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 10:19 - 2014-04-18 09:08 - 00000000 ___RD () C:\Users\moi\OneDrive
2014-12-02 10:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-02 09:18 - 2014-07-14 10:57 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2014-12-02 09:10 - 2013-08-22 15:44 - 00484168 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-02 09:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-02 09:08 - 2014-09-09 15:13 - 00000000 ____D () C:\Users\moi\AppData\Roaming\Skype
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-02 08:36 - 2012-09-01 00:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-02 08:35 - 2012-09-01 01:39 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-02 08:35 - 2012-09-01 01:37 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 08:35 - 2012-09-01 00:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-02 08:31 - 2012-09-01 01:37 - 00000000 ____D () C:\ProgramData\Temp
2014-12-02 08:00 - 2014-09-09 15:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-02 07:59 - 2014-04-03 19:18 - 00003924 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10153A6F-6D25-4D18-9F06-621328672644}
2014-12-01 21:49 - 2013-02-15 21:44 - 00000936 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job
2014-12-01 21:49 - 2013-02-15 21:44 - 00000914 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job
2014-12-01 19:55 - 2014-09-11 22:06 - 00000000 ____D () C:\Users\moi\Desktop\Nouveau dossier
2014-11-28 09:08 - 2013-01-26 19:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-28 07:16 - 2014-07-10 22:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-28 07:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-27 18:04 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-27 17:52 - 2013-10-27 07:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-27 17:47 - 2013-01-26 19:08 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-27 13:09 - 2014-04-01 08:38 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 21:56 - 2014-04-01 08:38 - 00004064 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-26 21:56 - 2014-04-01 08:38 - 00003828 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-26 21:49 - 2014-09-14 10:46 - 00000000 ____D () C:\AdwCleaner
2014-11-26 21:28 - 2014-09-14 14:35 - 00000000 ____D () C:\Users\moi\AppData\Local\Unity
2014-11-26 21:15 - 2014-04-02 22:11 - 00000000 ____D () C:\Users\moi
2014-11-26 21:12 - 2014-07-07 11:46 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-11-26 21:07 - 2014-10-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-14 11:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-26 21:07 - 2014-09-09 15:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-26 21:07 - 2014-04-01 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-26 21:07 - 2014-01-30 21:03 - 00000000 ____D () C:\Users\moi\AppData\Roaming\BitTorrent
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-26 21:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\Users\moi\AppData\Roaming\DVDVideoSoft
2014-11-26 21:07 - 2013-02-13 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Roaming\VASCO
2014-11-26 21:06 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Package Cache
2014-11-26 21:06 - 2014-07-07 11:48 - 00000000 ____D () C:\Users\moi\AppData\Roaming\ProductData
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-26 21:06 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-26 21:05 - 2014-11-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Extruplast
2014-11-26 21:05 - 2014-10-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-26 21:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-26 20:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-26 20:34 - 2013-01-26 19:18 - 00000000 __RHD () C:\MSOCache
2014-11-18 17:04 - 2014-09-24 12:57 - 00000000 ____D () C:\Users\moi\Documents\My Cheat Tables
2014-11-18 15:18 - 2013-01-26 23:37 - 00000000 ____D () C:\Users\moi\AppData\Local\Adobe
2014-11-18 13:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-07 14:16 - 2014-04-02 23:00 - 00000000 ___DC () C:\WINDOWS\Panther
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
 
 
Some content of TEMP:
====================
C:\Users\moi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\moi\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-28 07:32
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:06:24
Running from C:\Users\moi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
BitTorrent (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube Download version 3.2.48.1015 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.48.1015 - DVDVideoSoft Ltd.)
Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Professionnel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OfertareExtruplast (HKLM-x32\...\OfertareExtruplast) (Version:  - S.C Extruplast SRL)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast 3.9.2 (HKLM-x32\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.2 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-1596478717-3378438385-2532408222-1001\...\{8bc0c044-0d13-4fe6-90c1-af39c36cb927}) (Version: 3.2.3.2 - VASCO Data Security)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1596478717-3378438385-2532408222-1001_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\moi\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll (VASCO Data Security)
 
==================== Restore Points  =========================
 
19-11-2014 21:32:20 Windows Update
21-11-2014 13:51:31 Removed Java 7 Update 25
26-11-2014 06:53:02 Windows Update
26-11-2014 19:30:12 Opération de restauration
02-12-2014 07:27:43 Removed E-POP
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {035AEAE9-128B-4C8E-8A45-ED3AD443EBA9} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {0ACDD911-2CE7-4F14-A252-D7D6BD3CEB8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {3204427E-42F8-4841-9FFC-4E105C859E89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {6CC1E963-9345-4B63-9AEB-706830242BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: {70A92A5C-B3AD-4A50-A754-14998C941C0E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {872DB252-E4A6-4D39-B918-AA9A20BA5E25} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {93612D72-2B4C-467A-B003-C493DB9BC32D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {9A84578D-72D7-4C4E-A23A-5754A4C5C1E5} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {B7D9BA1D-5FB7-43FB-8A58-59E51EE27418} - System32\Tasks\Driver Booster SkipUAC (Système) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B915B37C-67C6-4391-B1AE-75305C6733C4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {BE9C0DC1-F267-4956-B154-78339F69D136} - System32\Tasks\Driver Booster SkipUAC (moi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C4AB34B0-E825-4585-A50E-CA046E815F39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {D64F466B-F995-499F-9782-A28B8277A5D2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {DF42FD9B-70BB-4810-A138-69C98344C256} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {E00D3523-E74F-4492-95D6-EB0A79160EC4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-15] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001Core.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1596478717-3378438385-2532408222-1001UA.job => C:\Users\moi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-26 10:48 - 2012-08-26 10:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-10 10:28 - 2012-08-10 10:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 10:23 - 2012-08-10 10:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\fr-FR\BtTray.fr-FR.dll
2012-08-24 10:10 - 2012-08-24 10:10 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-08-26 10:48 - 2012-08-26 10:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 10:48 - 2012-08-26 10:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-09-01 01:40 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-27 13:09 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 13:09 - 2014-11-25 07:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\moi\OneDrive:ms-properties
AlternateDataStreams: C:\Users\moi\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-1596478717-3378438385-2532408222-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1596478717-3378438385-2532408222-1003 - Limited - Enabled)
Invité (S-1-5-21-1596478717-3378438385-2532408222-501 - Limited - Enabled)
moi (S-1-5-21-1596478717-3378438385-2532408222-1001 - Administrator - Enabled) => C:\Users\moi
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamscheduler.exe, version : 3.0.2.0, horodatage : 0x5339cec3
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0x6b4
Heure de début de l’application défaillante : 0xmbamscheduler.exe0
Chemin d’accès de l’application défaillante : mbamscheduler.exe1
Chemin d’accès du module défaillant: mbamscheduler.exe2
ID de rapport : mbamscheduler.exe3
Nom complet du package défaillant : mbamscheduler.exe4
ID de l’application relative au package défaillant : mbamscheduler.exe5
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xb6c
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Nom du module défaillant : MakeMarkerFile.exe, version : 1.0.0.2, horodatage : 0x5021e5e8
Code d’exception : 0xc0000417
Décalage d’erreur : 0x000000000014d7cc
ID du processus défaillant : 0xc58
Heure de début de l’application défaillante : 0xMakeMarkerFile.exe0
Chemin d’accès de l’application défaillante : MakeMarkerFile.exe1
Chemin d’accès du module défaillant: MakeMarkerFile.exe2
ID de rapport : MakeMarkerFile.exe3
Nom complet du package défaillant : MakeMarkerFile.exe4
ID de l’application relative au package défaillant : MakeMarkerFile.exe5
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17284, horodatage : 0x53f8130d
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x7456993d
ID du processus défaillant : 0x1db0
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Nom complet du package défaillant : explorer.exe4
ID de l’application relative au package défaillant : explorer.exe5
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante chrome.exe, version : 39.0.2171.71, horodatage : 0x547407a7
Nom du module défaillant : chrome.dll, version : 39.0.2171.71, horodatage : 0x547403b3
Code d’exception : 0x80000003
Décalage d’erreur : 0x004f2ce4
ID du processus défaillant : 0x1354
Heure de début de l’application défaillante : 0xchrome.exe0
Chemin d’accès de l’application défaillante : chrome.exe1
Chemin d’accès du module défaillant: chrome.exe2
ID de rapport : chrome.exe3
Nom complet du package défaillant : chrome.exe4
ID de l’application relative au package défaillant : chrome.exe5
 
 
System errors:
=============
Error: (12/02/2014 10:30:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.Reader.
 
Error: (12/02/2014 10:30:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORITE NT)
Description: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80246010 : Microsoft.ZuneVideo.
 
Error: (12/02/2014 10:18:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Le service HitmanPro 3.7 Crusader (Boot) s’est arrêté avec l’erreur spécifique au service suivante : 
%%0
 
Error: (12/02/2014 10:18:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service AppEx Networks Accelerator LWF n’a pas pu démarrer en raison de l’erreur : 
%%31
 
Error: (12/02/2014 10:18:08 AM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (12/02/2014 10:16:48 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084WSearchNon disponible{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (12/02/2014 10:16:47 AM) (Source: DCOM) (EventID: 10005) (User: SAMSUNG)
Description: 1084ShellHWDetectionNon disponible{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/02/2014 10:16:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: L’appel ScRegSetValueExW a échoué pour DeleteFlag avec l’erreur : 
%%5
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
Error: (12/02/2014 10:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur : 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/02/2014 10:20:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6b401d00e10eab2435bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll78d9dbc8-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 10:19:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccb6c01d00e1107a47b1eC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe561bb903-7a04-11e4-80a1-50b7c348176c
 
Error: (12/02/2014 09:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccc5801d00e082283ad44C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe6493060a-79fb-11e4-809f-50b7c348176c
 
Error: (12/02/2014 08:28:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f8130dunknown0.0.0.000000000c00000057456993d1db001d00e018d339ff7C:\WINDOWS\SysWOW64\explorer.exeunknowncc7a4160-79f4-11e4-809e-50b7c348176c
 
Error: (12/01/2014 11:17:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7chrome.dll39.0.2171.71547403b380000003004f2ce4135401d00ce13a3d5423C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\chrome.dll37dc3460-7943-11e4-809e-50b7c348176c
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-02 08:32:23.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 08:32:19.393
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-12-02 03:36:35.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 03:36:33.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.388
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:29.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-02 00:36:28.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 39%
Total physical RAM: 5595.1 MB
Available physical RAM: 3394.63 MB
Total Pagefile: 6619.1 MB
Available Pagefile: 4886.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.95 GB) (Free:331.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:50:08
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.17031_none_5abc2e4b11b14f22\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.3.9600.16384_none_5a893c0711d704b0\rpcss.dll
[2013-08-22 10:50][2014-04-18 06:48] 0172806 ____A () 2D13BAB0B28A50346143B983D1EAA0BC
 
C:\Windows\System32\rpcss.dll
[2014-04-16 22:51][2014-02-22 10:38] 0753664 ____A (Microsoft Corporation) 81979817943D830BF24571B7C1B28A1A [File is signed]
 
====== End Of Search ======
 
 
 
 
 
 
 
AFTER I Type the following in the edit box after "Search:".
explorer.exe
 
I got answer this :
 
 
 
 
 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by moi at 2014-12-02 11:59:43
Running from C:\Users\moi\Desktop
Boot Mode: Normal
 
================== Search Files: "explorer.exe" =============
 
C:\Windows\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc798c1821453a8\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_4d01a98581e82d4f\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0220250 ____A () 286928E00AD34E9F88EB5BFA52660A70
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe
[2014-09-17 10:37][2014-09-17 10:37] 0208662 ____A () C131BC6F12417306A9C8469CA49110B1
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe
[2014-04-16 22:51][2014-04-18 07:30] 0015546 ____A () 347EFF7EC89C3EB4F72F2408E1C4E16D
 
C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2013-11-14 08:37][2014-04-18 07:30] 0238918 ____A () 5177BB4FECDDB9CDBCF10EF65916968D
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272ee6f4db391ad\explorer.exe
[2014-09-14 21:10][2014-08-23 08:48] 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA [File is signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_42acff334d876b54\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0270774 ____A () 2195687491E604BA42961470EDA7660E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe
[2014-09-17 10:22][2014-09-17 10:22] 0271249 ____A () 667BC926C7CB889BF276A5FEA316CAEE
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe
[2014-04-16 22:51][2014-04-18 06:55] 0169957 ____A () 6D919C26DCB567396CD2E119B8E4310E
 
C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
[2013-11-14 08:37][2014-04-18 06:55] 0283735 ____A () FA98C5D746E7C9E0912E88AC44FF9926
 
C:\Windows\SysWOW64\explorer.exe
[2014-09-14 21:10][2014-08-23 08:13] 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 [File is signed]
 
====== End Of Search ======
 
 
 
 
Till here its good but i need farder ..i do not know what to do wich command to use ! 
the member who was doing this for someone elce he have done some sethings commands for that guy but they ware not good for me . 
Someone help me ..

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users