Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le dia


  • This topic is locked This topic is locked
9 replies to this topic

#1 jamsingh

jamsingh

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 18 January 2016 - 03:58 PM

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:13:53, on 18/01/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\benjam\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\benjam\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_AE4BDB2961C518D762BA62F440F075EA] "C:\Users\benjam\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window --auto-launch-at-startup --profile-directory="Default"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_13896D54BA9B27F8EE7B5BB225DA9F4E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [BingSvc] C:\Users\benjam\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\benjam\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro 3.05\OptProLauncher.exe
O4 - Startup: Dropbox.lnk = benjam\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.ma-config.com
O15 - Trusted Zone: http://*.touslesdrivers.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEB34B63-30B9-4F93-9317-F45BC96907C3}: NameServer = 82.163.142.3,95.211.158.130
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs: C:/PROGRA~3/{CF922~1/193~1.1/ledi.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Agent (MaConfigAgent) - Unknown owner - C:\Program Files\ma-config.com\MaConfigAgent.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
 
--
End of file - 8296 bytes
 


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 20 January 2016 - 09:53 AM

Hi jamsingh :)

My name is Aura and I'll be assisting you with your issue. Can you give me more information on what's happening on your system? What are the issues?

Also, we don't rely on HJT logs anymore, since it's outdated and doesn't support newer version of Windows. Therefore, I'll ask you to follow the instructions below to run a scan with FRST instead and provide the content of the FRST.txt and Addition.txt logs it'll output.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
Your next reply should include:
  • Description of the issues you are experiencing;
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 jamsingh

jamsingh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 21 January 2016 - 04:15 PM

i ve been infected!

i keep receiving advertising, especially for antivirus from weard urls

pages that i don't want keep opening and even change from a page i'm on.

i ve deleted two or three lines that hijackthis notified as unnecessary.

i've also  reinstalled avg.

 

here's a link to my addition.txt:

http://www.cjoint.com/c/FAvvoD5ikfQ

 

here's my frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by benjam (administrator) on BENJAMIN (21-01-2016 21:55:30)
Running from C:\Users\benjam\Downloads
Loaded Profiles: benjam (Available Profiles: benjam)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Solvusoft Corporation) C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(© 2015 Microsoft Corporation) C:\Users\benjam\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\benjam\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\40.2.4\ScriptHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\benjam\Downloads\FRST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcfgex.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2814864 2016-01-19] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1034026902-810435838-861524761-1001\...\Run: [GoogleChromeAutoLaunch_AE4BDB2961C518D762BA62F440F075EA] => "C:\Users\benjam\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window --auto-launch-at-startup --profile-directory="Default"
HKU\S-1-5-21-1034026902-810435838-861524761-1001\...\Run: [GoogleChromeAutoLaunch_13896D54BA9B27F8EE7B5BB225DA9F4E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-1034026902-810435838-861524761-1001\...\Run: [BingSvc] => C:\Users\benjam\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1034026902-810435838-861524761-1001\...\Run: [Dropbox Update] => C:\Users\benjam\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjam\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjam\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjam\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjam\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjam\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjam\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjam\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\benjam\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-05-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\benjam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\benjam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7FF8F7E0-550C-4F12-A702-0770DA6CC2E0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AEB34B63-30B9-4F93-9317-F45BC96907C3}: [NameServer] 82.163.142.3,95.211.158.130
Tcpip\..\Interfaces\{AEB34B63-30B9-4F93-9317-F45BC96907C3}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1034026902-810435838-861524761-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={2BE4C651-4E0E-4A4F-8208-732BA1794635}&mid=cf370a4df0d947cc9d270d47e7428f52-5f79577ab26d2dcbe15b2621ab8acf7d76923134&lang=fr&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2016-01-19 18:00:07&v=4.2.4.155&pid=wtu&sg=&sap=hp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1034026902-810435838-861524761-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2BE4C651-4E0E-4A4F-8208-732BA1794635}&mid=cf370a4df0d947cc9d270d47e7428f52-5f79577ab26d2dcbe15b2621ab8acf7d76923134&lang=fr&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2016-01-19 18:00:07&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll [2016-01-19] (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\benjam\AppData\Roaming\Mozilla\Firefox\Profiles\mesjddep.default-1445533427905
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1034026902-810435838-861524761-1001: @citrixonline.com/appdetectorplugin -> C:\Users\benjam\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-17] (Citrix Online)
FF SearchPlugin: C:\Users\benjam\AppData\Roaming\Mozilla\Firefox\Profiles\mesjddep.default-1445533427905\searchplugins\avg-secure-search.xml [2016-01-19]
FF Extension: AVG Web TuneUp - C:\Users\benjam\AppData\Roaming\Mozilla\Firefox\Profiles\mesjddep.default-1445533427905\Extensions\avg@toolbar.xpi [2016-01-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
 
Chrome: 
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ggbg_15_12&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyCyCyC0AtCzyzzzy0CtN0D0Tzu0StCtCyBtCtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0AyB0F0DyD0E0FtG0DyEzyyEtG0CtB0DyDtG0CyBzz0FtGyCyC0CzyzytBtDyEyD0A0C0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0BtCzytA0EtA0AtG0AyB0ByDtGyEzy0ByCtG0ByCyEtDtGtA0AyB0AyD0EtA0F0DyCyBtB2Q&cr=1514094203&ir="
CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR Profile: C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Hootsuite Hootlet) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2016-01-19]
CHR Extension: (YouTube) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (AVG Secure Search) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-01-19]
CHR Extension: (Recherche Google) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-19]
CHR Extension: (Skype) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-19]
CHR Extension: (App) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdoikamefojgdhadjfkicccajfikjkbb [2016-01-13]
CHR Extension: (My Tasks in StudioSouris - FAIRE UN B...) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaaigielanocnlmjbkkhcicfoegboci [2016-01-14]
CHR Extension: (Your Designs – Canva) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnncmnfcndlghkomlbaadoonfnjcadg [2016-01-14]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-22]
CHR Extension: (Gmail) - C:\Users\benjam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-1034026902-810435838-861524761-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2820424 2014-10-15] (CybelSoft)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 vToolbarUpdater40.2.4; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2016-01-19] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2016-01-19] ()
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2015-03-23] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [12311776 2012-09-14] (Intel Corporation) [File not signed]
S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-24] (CybelSoft)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
U3 wampapache; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-21 21:55 - 2016-01-21 21:55 - 00021153 _____ C:\Users\benjam\Downloads\FRST.txt
2016-01-21 20:09 - 2016-01-21 21:55 - 00000000 ____D C:\FRST
2016-01-21 19:21 - 2016-01-21 19:21 - 02370560 _____ (Farbar) C:\Users\benjam\Downloads\FRST64.exe
2016-01-21 19:16 - 2016-01-21 19:16 - 01721856 _____ (Farbar) C:\Users\benjam\Downloads\FRST.exe
2016-01-20 15:52 - 2016-01-20 15:52 - 00001395 _____ C:\Users\benjam\Downloads\testPolygone (1).kmz
2016-01-20 15:51 - 2016-01-20 15:51 - 00001395 _____ C:\Users\benjam\Downloads\testPolygone.kmz
2016-01-20 15:34 - 2016-01-20 15:34 - 00000840 _____ C:\Users\benjam\Downloads\Année 1.kmz
2016-01-20 15:29 - 2016-01-20 15:29 - 00001071 _____ C:\Users\benjam\Downloads\qsdgfqdfgd.kmz
2016-01-20 15:26 - 2016-01-20 15:26 - 00000736 _____ C:\Users\benjam\Downloads\Eolienne 2 Bernardswiller.kmz
2016-01-20 15:24 - 2016-01-20 15:24 - 00000736 _____ C:\Users\benjam\Downloads\Eolienne 1 Bernardswiller.kmz
2016-01-20 15:05 - 2016-01-20 15:05 - 00000727 _____ C:\Users\benjam\Downloads\32 Grande Armée.kmz
2016-01-20 15:04 - 2016-01-20 15:04 - 00000725 _____ C:\Users\benjam\Downloads\Sans titre - Repère.kmz
2016-01-20 14:40 - 2016-01-20 14:40 - 00000712 _____ C:\Users\benjam\Downloads\irlane islande.kmz
2016-01-20 14:36 - 2016-01-20 14:36 - 00000713 _____ C:\Users\benjam\Downloads\GoogleEarth_Repère.kmz
2016-01-20 14:34 - 2016-01-20 14:34 - 00071210 _____ C:\Users\benjam\AppData\Local\recently-used.xbel
2016-01-20 12:29 - 2016-01-20 12:29 - 00496608 _____ C:\Users\benjam\Documents\AutoSave_Untitled.skp
2016-01-19 18:00 - 2016-01-20 07:30 - 00000000 ____D C:\Users\benjam\AppData\Local\AVG Web TuneUp
2016-01-19 18:00 - 2016-01-19 18:00 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2016-01-19 18:00 - 2016-01-19 18:00 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2016-01-19 17:59 - 2016-01-19 18:00 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-01-19 17:59 - 2016-01-19 17:59 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-01-19 17:59 - 2016-01-19 17:59 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-01-19 17:48 - 2016-01-19 17:48 - 00000000 ____D C:\Users\benjam\AppData\Roaming\AVG
2016-01-19 17:47 - 2016-01-19 17:47 - 00000000 ____D C:\Users\benjam\AppData\Roaming\TuneUp Software
2016-01-19 17:47 - 2016-01-19 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-19 17:47 - 2016-01-19 17:47 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-19 17:44 - 2016-01-19 17:44 - 00000000 ___HD C:\$AVG
2016-01-19 17:38 - 2016-01-21 15:34 - 00000000 ____D C:\ProgramData\MFAData
2016-01-19 17:38 - 2016-01-19 17:38 - 00000000 ____D C:\Users\benjam\AppData\Local\MFAData
2016-01-19 17:37 - 2016-01-19 17:37 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-19 17:37 - 2016-01-19 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-19 17:35 - 2016-01-19 17:44 - 00000000 ____D C:\ProgramData\Avg
2016-01-19 17:35 - 2016-01-19 17:42 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-19 17:33 - 2016-01-19 17:48 - 00000000 ____D C:\Users\benjam\AppData\Local\Avg
2016-01-19 17:33 - 2016-01-19 17:37 - 00000000 ____D C:\Users\benjam\AppData\Local\AvgSetupLog
2016-01-19 17:33 - 2016-01-19 17:33 - 02970984 _____ (AVG Technologies CZ, s.r.o.) C:\Users\benjam\Downloads\AVG_Protection_Free_698.exe
2016-01-19 16:48 - 2016-01-19 16:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-19 16:39 - 2016-01-19 16:39 - 00085832 _____ C:\Users\benjam\Desktop\ZHPDiag.txt
2016-01-19 16:23 - 2016-01-19 16:31 - 00000000 ____D C:\Users\benjam\AppData\Roaming\ZHP
2016-01-19 16:23 - 2016-01-19 16:23 - 02081280 _____ C:\Users\benjam\Downloads\ZHPDiag3.exe
2016-01-19 16:23 - 2016-01-19 16:23 - 00000821 _____ C:\Users\benjam\Desktop\ZHPDiag.lnk
2016-01-19 16:22 - 2016-01-19 16:22 - 08388608 _____ C:\Users\benjam\Downloads\adobe_flash_player (2).vhdx
2016-01-19 16:13 - 2016-01-19 16:14 - 00000804 _____ C:\DelFix.txt
2016-01-19 16:12 - 2016-01-19 16:13 - 00781312 _____ C:\Users\benjam\Downloads\delfix_1.011.exe
2016-01-19 13:35 - 2016-01-19 13:35 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-01-19 13:35 - 2016-01-19 13:35 - 00000000 ____D C:\Users\benjam\AppData\LocalLow\Google
2016-01-19 13:33 - 2016-01-19 13:33 - 00927824 _____ (Google Inc.) C:\Users\benjam\Downloads\GoogleEarthSetup.exe
2016-01-18 22:14 - 2016-01-18 22:14 - 08388608 _____ C:\Users\benjam\Downloads\adobe_flash_player (1).vhdx
2016-01-18 20:48 - 2016-01-18 20:48 - 00000000 ____D C:\Users\benjam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2016-01-18 20:48 - 2016-01-18 20:48 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-01-18 20:47 - 2016-01-18 20:47 - 08388608 _____ C:\Users\benjam\Downloads\adobe_flash_player.vhdx
2016-01-17 15:40 - 2016-01-05 21:16 - 00826328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-17 15:40 - 2016-01-05 21:16 - 00176088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-15 20:35 - 2016-01-19 19:18 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-01-15 20:35 - 2016-01-15 20:35 - 00026364 _____ C:\Windows\System32\Tasks\DNSJAMESVILLE
2016-01-15 14:12 - 2016-01-15 14:12 - 01308790 _____ C:\Users\benjam\Downloads\Pièces jointes_2016115.zip
2016-01-15 10:37 - 2016-01-15 10:37 - 00013434 _____ C:\Users\benjam\Documents\wp-settings.php
2016-01-14 17:31 - 2016-01-14 17:31 - 00053172 _____ C:\Users\benjam\Downloads\tym1.pdf
2016-01-14 17:26 - 2016-01-14 17:26 - 00103321 _____ C:\Users\benjam\Downloads\tym2.pdf
2016-01-14 16:47 - 2016-01-14 16:47 - 00092888 _____ C:\Users\benjam\Downloads\logaster_No_4_small_size_380x75_pixels_(PNG).zip
2016-01-14 16:41 - 2016-01-14 16:41 - 00200384 _____ C:\Users\benjam\Downloads\Excellente année 2016.pdf
2016-01-13 14:50 - 2016-01-14 16:50 - 00000000 ____D C:\Users\benjam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome
2016-01-13 13:24 - 2016-01-13 13:24 - 01308790 _____ C:\Users\benjam\Downloads\Pièces jointes_2016113.zip
2016-01-13 12:00 - 2015-12-08 16:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 12:00 - 2015-12-08 16:16 - 01303040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 12:00 - 2015-12-08 16:16 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 12:00 - 2015-12-05 19:48 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 12:00 - 2015-12-04 17:12 - 00793312 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 12:00 - 2015-12-04 17:12 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-01-13 12:00 - 2015-12-04 17:12 - 00446872 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-01-13 12:00 - 2015-12-04 17:12 - 00253624 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-01-13 12:00 - 2015-12-04 15:55 - 00612528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 12:00 - 2015-12-04 15:55 - 00463880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-01-13 12:00 - 2015-12-04 15:55 - 00324456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-01-13 12:00 - 2015-12-04 15:52 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 12:00 - 2015-12-04 15:52 - 02615808 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 12:00 - 2015-12-04 15:52 - 01770496 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 12:00 - 2015-12-04 15:52 - 01376256 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 12:00 - 2015-12-04 15:52 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 12:00 - 2015-12-04 15:52 - 01150464 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2016-01-13 12:00 - 2015-12-04 15:52 - 01100800 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 12:00 - 2015-12-04 15:52 - 01073664 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 12:00 - 2015-12-04 15:52 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 12:00 - 2015-12-04 15:52 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 12:00 - 2015-12-04 15:52 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 02893824 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 01208832 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 01174016 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 12:00 - 2015-12-04 15:51 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 12:00 - 2015-12-04 15:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 12:00 - 2015-12-04 15:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 12:00 - 2015-12-04 15:46 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 02312704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 01468928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 01374208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 12:00 - 2015-12-04 15:46 - 00904192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2016-01-13 12:00 - 2015-12-04 15:46 - 00846336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 00722944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 00468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 12:00 - 2015-12-04 15:46 - 00382464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-01-13 12:00 - 2015-12-04 15:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 12:00 - 2015-12-04 15:46 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 12:00 - 2015-12-04 15:46 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 12:00 - 2015-12-04 15:45 - 02400256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 00946688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 12:00 - 2015-12-04 15:45 - 00929792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 00869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 12:00 - 2015-12-04 15:45 - 00571392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 00546304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 12:00 - 2015-12-04 15:45 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 00251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 12:00 - 2015-12-04 15:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 12:00 - 2015-12-04 15:45 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 12:00 - 2015-12-04 15:45 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 12:00 - 2015-12-04 15:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 12:00 - 2015-12-04 15:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 12:00 - 2015-12-04 15:45 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 12:00 - 2015-12-03 20:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 11:59 - 2015-12-15 01:01 - 14269440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 11:59 - 2015-12-15 01:01 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 11:59 - 2015-12-15 01:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 11:59 - 2015-12-15 01:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 11:59 - 2015-12-15 01:01 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 11:59 - 2015-12-15 01:01 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 11:59 - 2015-12-15 01:01 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 19349504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 15422976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 13723648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 03805696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 02658304 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 11:59 - 2015-12-15 01:00 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 11:59 - 2015-12-15 00:59 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 11:59 - 2015-12-05 23:20 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 11:59 - 2015-12-05 23:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 11:59 - 2015-12-05 23:19 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-13 11:59 - 2015-12-05 15:49 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 11:59 - 2015-12-05 15:49 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 11:59 - 2015-12-05 15:49 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-13 11:58 - 2015-12-31 00:29 - 06972760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 11:58 - 2015-12-09 17:07 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 11:58 - 2015-12-09 15:27 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 11:58 - 2015-12-09 15:27 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 11:58 - 2015-12-09 15:27 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 11:58 - 2015-12-09 15:27 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 11:58 - 2015-12-09 15:27 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 11:58 - 2015-12-09 15:27 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 11:58 - 2015-12-09 15:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 11:57 - 2015-12-04 01:55 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 11:57 - 2015-12-03 22:47 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 15:40 - 2016-01-12 15:40 - 00038619 _____ C:\Users\benjam\Downloads\logaster_No_3_small_size_122x75_pixels_(PNG).zip
2016-01-11 21:16 - 2016-01-11 21:16 - 00483649 _____ C:\Users\benjam\Documents\Pièces jointes_2016111.zip
2016-01-11 04:54 - 2016-01-11 04:54 - 00156461 _____ C:\Users\benjam\Documents\all-in-one-event-calendar-extended-views_1.2.0 (1).zip
2016-01-11 04:53 - 2016-01-11 04:53 - 00156461 _____ C:\Users\benjam\Documents\all-in-one-event-calendar-extended-views_1.2.0.zip
2016-01-11 01:50 - 2016-01-11 01:51 - 01165325 _____ C:\Users\benjam\Downloads\360Learning_User guide.pdf
2016-01-09 04:34 - 2016-01-09 04:34 - 01839091 _____ C:\Users\benjam\Documents\morpho.zip
2016-01-09 00:22 - 2016-01-09 00:22 - 00018959 _____ C:\Users\benjam\Downloads\Downloaded.zip
2016-01-07 16:11 - 2016-01-07 16:11 - 07391112 _____ C:\Users\benjam\Documents\Pièces jointes_201617.zip
2016-01-07 11:05 - 2016-01-07 11:05 - 00271912 _____ C:\Users\benjam\Downloads\SwissLife_logo.eps.spooler.download.eps
2016-01-06 22:43 - 2016-01-06 22:43 - 08548193 _____ C:\Users\benjam\Documents\Launch.zip
2016-01-06 17:49 - 2016-01-06 17:49 - 00014778 _____ C:\Users\benjam\Downloads\Anne Frisch (2).vcf
2016-01-06 14:20 - 2016-01-06 14:20 - 00000617 _____ C:\Users\benjam\Documents\functions-oldsql.php
2016-01-06 13:57 - 2016-01-06 14:37 - 00003080 _____ C:\Users\benjam\Documents\wp-config_mos.php
2016-01-04 09:46 - 2016-01-04 09:46 - 03753301 _____ C:\Users\benjam\Documents\evolve.3.5.0 (3).zip
2015-12-31 16:58 - 2015-12-31 19:44 - 02233344 _____ C:\Users\benjam\Downloads\t--moignages concerts.ppt
2015-12-26 14:57 - 2015-12-26 14:58 - 10152576 _____ (MEGA Limited) C:\Users\benjam\Documents\MEGAsyncSetup.exe
2015-12-25 01:05 - 2015-12-25 01:05 - 00056510 _____ C:\Users\benjam\Documents\mt_columns.zip
2015-12-25 01:05 - 2015-12-25 01:05 - 00054082 _____ C:\Users\benjam\Documents\mt_post_carousel.zip
2015-12-25 01:04 - 2015-12-25 01:05 - 00053286 _____ C:\Users\benjam\Documents\mt_map.zip
2015-12-25 01:04 - 2015-12-25 01:04 - 00096255 _____ C:\Users\benjam\Documents\mt_testimonials.zip
2015-12-25 01:04 - 2015-12-25 01:04 - 00095052 _____ C:\Users\benjam\Documents\mt_services.zip
2015-12-25 01:04 - 2015-12-25 01:04 - 00094726 _____ C:\Users\benjam\Documents\mt_members.zip
2015-12-25 01:04 - 2015-12-25 01:04 - 00092112 _____ C:\Users\benjam\Documents\mt_clients.zip
2015-12-25 01:04 - 2015-12-25 01:04 - 00089289 _____ C:\Users\benjam\Documents\mt_projects.zip
2015-12-25 01:04 - 2015-12-25 01:04 - 00067734 _____ C:\Users\benjam\Documents\mt_skills.zip
2015-12-25 01:04 - 2015-12-25 01:04 - 00066561 _____ C:\Users\benjam\Documents\mt_details.zip
2015-12-24 23:59 - 2015-12-24 23:59 - 00000000 ____D C:\Users\benjam\Documents\FitCoach_Package_OPENME
2015-12-24 20:53 - 2015-12-24 20:54 - 17989870 _____ C:\Users\benjam\Documents\FitCoach_Package_OPENME.zip
2015-12-23 14:27 - 2015-12-23 14:27 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-12-23 14:26 - 2014-03-18 05:00 - 00406016 _____ (CANON INC.) C:\Windows\system32\CNMLMCA.DLL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-21 21:37 - 2015-03-12 16:14 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-21 21:24 - 2015-05-05 10:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-21 21:13 - 2015-06-16 13:03 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1034026902-810435838-861524761-1001UA.job
2016-01-21 20:09 - 2012-07-26 06:37 - 00000000 ____D C:\Windows
2016-01-21 19:18 - 2015-05-15 15:32 - 04302336 ___SH C:\Users\benjam\Downloads\Thumbs.db
2016-01-21 19:13 - 2015-06-16 13:03 - 00001166 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1034026902-810435838-861524761-1001Core.job
2016-01-21 16:24 - 2015-05-05 10:24 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-21 15:50 - 2015-03-12 16:15 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-21 15:41 - 2015-03-12 13:01 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-01-21 15:39 - 2015-10-22 18:51 - 00003122 _____ C:\Windows\System32\Tasks\DriverDocRunAtStartup
2016-01-21 15:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-01-21 15:36 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-21 15:34 - 2015-05-26 12:22 - 00000000 ___RD C:\Users\benjam\Dropbox
2016-01-21 15:34 - 2015-05-26 12:14 - 00000000 ____D C:\Users\benjam\AppData\Roaming\Dropbox
2016-01-21 15:33 - 2015-03-12 16:14 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-20 16:00 - 2015-03-22 14:42 - 00000000 ____D C:\Users\benjam\.gimp-2.8
2016-01-20 12:12 - 2015-03-22 14:44 - 00000000 ____D C:\Users\benjam\AppData\Local\gtk-2.0
2016-01-20 09:02 - 2015-05-04 17:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-20 08:54 - 2015-03-20 14:17 - 00397312 ___SH C:\Users\benjam\Desktop\Thumbs.db
2016-01-19 20:17 - 2015-11-30 18:44 - 00000000 ____D C:\Users\benjam\Desktop\eticppp
2016-01-19 19:20 - 2015-03-17 12:27 - 00000000 ____D C:\ProgramData\{abe0cfdd-7e22-e74a-abe0-0cfdd7e23f75}
2016-01-19 19:19 - 2015-12-21 20:18 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 3.05
2016-01-19 19:19 - 2015-12-21 20:18 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-01-19 17:58 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\Inf
2016-01-19 17:57 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-19 17:52 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-01-19 17:47 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-01-19 13:35 - 2015-03-12 16:13 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-19 12:53 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2016-01-19 12:41 - 2015-12-21 20:33 - 00003258 _____ C:\Windows\System32\Tasks\Optimizer Pro Schedule
2016-01-18 20:51 - 2015-03-12 12:51 - 00000000 ____D C:\Users\benjam\AppData\Local\VirtualStore
2016-01-17 15:45 - 2012-07-26 08:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-17 15:39 - 2015-05-11 08:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-17 15:37 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-17 15:33 - 2015-03-19 15:11 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-17 15:33 - 2015-03-19 15:11 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-15 12:23 - 2012-07-26 08:59 - 00000000 ____D C:\Windows\CbsTemp
2016-01-15 12:19 - 2015-03-19 09:57 - 00000000 ____D C:\Windows\system32\MRT
2016-01-15 12:09 - 2015-03-19 09:57 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-15 10:41 - 2015-06-28 22:55 - 00000000 ____D C:\Users\benjam\AppData\Roaming\FileZilla
2016-01-13 23:03 - 2015-12-21 20:18 - 00000296 _____ C:\Windows\Tasks\One System CarePeriod.job
2016-01-13 19:51 - 2015-10-22 18:51 - 00000298 _____ C:\Windows\Tasks\DriverDoc_UPDATES.job
2016-01-12 14:24 - 2015-12-21 22:55 - 16764836 _____ C:\Users\benjam\Documents\CherryFramework-cherryframework4-v4.0.5.1-1-g598e2c3.zip
2016-01-12 14:24 - 2015-12-09 17:57 - 09946484 _____ C:\Users\benjam\Documents\evolve.3.5.0.zip
2016-01-12 13:13 - 2015-12-01 14:34 - 00000000 ____D C:\Users\benjam\Desktop\studios souris
2016-01-12 13:13 - 2015-04-21 13:46 - 00236032 ___SH C:\Users\benjam\Documents\Thumbs.db
2016-01-12 13:11 - 2015-12-01 14:42 - 00000000 ____D C:\Users\benjam\Desktop\new
2016-01-12 11:43 - 2015-12-01 14:37 - 00000000 ____D C:\Users\benjam\Desktop\job
2015-12-23 14:29 - 2015-03-12 12:51 - 00000000 ____D C:\Users\benjam\AppData\Local\Packages
2015-12-23 14:28 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\FxsTmp
 
==================== Files in the root of some directories =======
 
2015-03-12 17:11 - 2015-03-19 09:28 - 0000136 _____ () C:\Users\benjam\AppData\Roaming\WB.CFG
2015-03-16 23:06 - 2015-03-16 23:06 - 0274045 _____ () C:\Users\benjam\AppData\Local\dsi1.dat
2015-03-16 23:06 - 2015-03-16 23:06 - 0161916 _____ () C:\Users\benjam\AppData\Local\dsi2.dat
2016-01-20 14:34 - 2016-01-20 14:34 - 0071210 _____ () C:\Users\benjam\AppData\Local\recently-used.xbel
2015-05-26 11:29 - 2015-10-22 17:41 - 0001801 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\benjam\AppData\Local\Temp\BingSvc.exe
C:\Users\benjam\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\benjam\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\benjam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk1di8w.dll
C:\Users\benjam\AppData\Local\Temp\optprosetup.exe
C:\Users\benjam\AppData\Local\Temp\Quarantine.exe
C:\Users\benjam\AppData\Local\Temp\SarbacaneInstall40.exe
C:\Users\benjam\AppData\Local\Temp\sqlite3.dll
C:\Users\benjam\AppData\Local\Temp\vcredist_x64.exe
C:\Users\benjam\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\benjam\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-19 12:39
 
==================== End of FRST.txt ============================


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 22 January 2016 - 06:03 PM

Hi jamsingh :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • Finally, in the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

I found the following in your FRST logs.
2016-01-21 15:41 - 2015-03-12 13:01 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
Task: {26CC18F4-91CF-45D7-9398-AB447330F412} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-03-12] ()
AutoKMS is a known loader for Microsoft products. Is that copy of Windows pirated?

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up. If you have an issue when uninstalling a program, please let me know.
  • AVG Web TuneUp - Not malicious, but useless and can be considered a PUP;
  • Cleaner Pro - PC Optimizer PUP
  • DNS Unlocker version 1.4 - Adware;
  • DriverDoc - Driver Updater PUP;
  • HiJackThis - Not malicious obviously, but isn't compatible with Windows 8, you can uninstall it;
  • McAfee Security Scan Plus - Not malicious obviously, but isn't that good, there's better scanners than it;
  • One System Care- PC Optimizer PUP;
  • Optimizer Pro v3.2 - PC Optimizer PUP;
  • Update for PriceFountain - Adware;
Once you're done uninstalling the programs above, we'll run our first fix with FRST. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;
[attachment=175817:fixlist.txt]

Your next reply should include:
  • Answer to my question regarding the legitimacy of your Windows copy;
  • If you managed to uninstall all the programs listed above or not;
  • Copy/pasted content of the FRST fix log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 jamsingh

jamsingh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 23 January 2016 - 09:22 AM

hello yoan,

thanks for your time and help!

i think stuffs worked out as i dont see more advertising ans strange windows since i ve "fixed" the file you send me

i've been asking a friend of mine to use his windows and install it on my pc... is it wrong?

i ve managed to uninstall some of the programms you notified:  

bu one cannot be removed because i dont know where to find it:

  • Update for PriceFountain - Adware;

here's the copy of the file i receive after having fix the files.

 

Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by benjam (2016-01-23 13:41:40)
Running from C:\Users\benjam\Downloads
Boot Mode: Normal
 
================== Search Files: "fixlist.txt" =============
 
====== End of Search ======
 
 
thank you so much!!!
  •  


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 24 January 2016 - 10:23 AM

i've been asking a friend of mine to use his windows and install it on my pc... is it wrong?


So basically, you asked your friend to use his Windows installation media to install Windows on your computer? When it asked you to activate Windows (by entering a product key), what did you do?

It's okay if you cannot find the "Update for PriceFountain" program. We'll take care of it later on if the other scans I make you run doesn't take care of it first :)

Also, it seems that you didn't run FRST like instructed. You ran a file search on your system with the word "fixlist.txt" instead. You need to launch FRST, and click on the Fix button to run the fix (with the fixlist.txt file being in the same folder as FRST.exe/FRST64.exe). Can you follow my instructions to run the FRST fix once more please? The fix log is supposed to be bigger.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 jamsingh

jamsingh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 24 January 2016 - 11:49 AM

i don't remember because he installed it for me...!

i did search the file... but then, as i didn't find, i retried and click on the fix button.

and it worked out.

so maybe it s ok, because since this moment i dont have no more windows and advertising on my page.

do i have to do it again? 

thank you for your help

i think maybe you need to verify that everything is ok.

tell me what i need to do now...



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 24 January 2016 - 04:59 PM

i don't remember because he installed it for me...!


Your friend most likely installed you a pirated copy of Windows 8. Sadly, the best thing to do in that kind of situation is to clean reinstall Windows, and use a legitimate product key to activate it. Which means that if you don't have one, you'll have to buy it.
 

i did search the file... but then, as i didn't find, i retried and click on the fix button.
and it worked out.
so maybe it s ok, because since this moment i dont have no more windows and advertising on my page.
do i have to do it again?


In that case, it means that you ran the fix, but you didn't copy/paste the content of the output fixlog.txt for me to check. The fixlog.txt file should be located in the same folder where you ran FRST when you clicked on the Fix button. I asked you to run it on your Desktop, so it should be there. Otherwise, since you ran FRST for the first time in your Downloads folder and it might still be there, you can take a look there as well. Otherwise, go in the C:\FRST\Logs folder and you should see file(s) named Fixlog_(DATES)_.txt. Open all of them (if there's more than one), then copy/paste their content in your next reply please.

Here's an example of how it looks like:
rzPX5Bf.png

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 PM

Posted 27 January 2016 - 01:15 PM

Hi jamsingh :)

Are you still with me? Can you follow the instructions in my last post?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:07 PM

Posted 30 January 2016 - 08:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users