Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: No way to get rid OMIGA-Plus malware

  1. #1
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default No way to get rid OMIGA-Plus malware

    Hello Spybot.
    As AdwCleaner cannot remove OMIGA-PLUS malware despite the fact it is correctly detected,
    I have decided to use registered Spybot sotware.

    After scanning malwares, I restart my Laptop and everything seems clean.
    There is none OMIGA reference in the registry, and the browsers opening page are ok.
    But few minutes later, a suspicious activity occurs in the computer.
    And I noticed in the running task manager :
    Baofengupdate.exe with a temporary high activity and just after, there is omiga-plus.exe.
    All OMIGA keys are again installed in registry and hijacks the Firefox/Internet explorer opening page

    Please find attached zip logs about last Spybot scans. I can send you the adwCleaner logs but I guess
    this is not your business.

    Thank you a lot of your help.

    OS : Windows 7 64 bit
    RAM : 4 GB RAM
    Partition : 2
    Sessions : 3 (admin / Kemal / Guest)
    Browsers : Firefox 35 and Internet Explorer 11
    Location : France
    Registered user : yes

    Note : I have uninstalled Firefox 35. I will reinstall it after removing definitely OMIGA-PLUS.

    ---------------------------------------------------------------
    Admin Edit
    For future reference and others reading.
    http://forums.spybot.info/showthread...nce%29-Updated
    Attached Files Attached Files

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    To help downloads tools to your desktop.

    Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.




    Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    Quote Originally Posted by Juliet View Post
    To help downloads tools to your desktop.
    ...
    Copy the contents of both logs and paste in your next reply.
    ...
    FRST.txt
    -----------
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by Utilisateur (administrator) on UTILISATEUR-PC on 27-01-2015 19:45:39
    Running from C:\Users\Utilisateur\Downloads
    Loaded Profiles: Utilisateur & Kemal (Available profiles: Utilisateur & Kemal & Invité)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe
    (Microsoft Corporation) C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-25] (ASUS)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe [740736 2012-08-03] (ASUS Cloud Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
    HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
    HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
    HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\MountPoints2: {3c9f226c-76d9-11e4-b2cc-e52e51fd3340} - E:\iLinker.exe
    HKU\S-1-5-21-826106567-84020505-3709442446-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-07-10] (Google Inc.)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
    BootExecute: autocheck autochk * sdnclean64.exebddel.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=...9G863DCG863DCX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=...9G863DCG863DCX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-826106567-84020505-3709442446-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-826106567-84020505-3709442446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-826106567-84020505-3709442446-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-fr/?ocid=iehp
    URLSearchHook: HKU\S-1-5-21-826106567-84020505-3709442446-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    URLSearchHook: HKU\S-1-5-21-826106567-84020505-3709442446-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=...9G863DCG863DCX
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKU\S-1-5-21-826106567-84020505-3709442446-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\5psz75gc.default-1415551359275
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
    FF Plugin HKU\S-1-5-21-826106567-84020505-3709442446-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Utilisateur\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-826106567-84020505-3709442446-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Utilisateur\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-826106567-84020505-3709442446-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Utilisateur\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-02-24]
    FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
    FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-07-19]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-25]
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=...9G863DCG863DCX

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
    S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
    R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
    S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WlanWpsSvc; C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]
    R2 xras; C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe [32768 2011-09-03] (Microsoft Corporation) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-04-11] (Windows (R) Win 7 DDK provider)
    R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2012-04-11] (Windows (R) Win 7 DDK provider)
    S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
    S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
    S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
    S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation )
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-27 19:45 - 2015-01-27 19:46 - 00022649 _____ () C:\Users\Utilisateur\Downloads\FRST.txt
    2015-01-27 19:45 - 2015-01-27 19:45 - 00000000 ____D () C:\FRST
    2015-01-27 19:42 - 2015-01-27 19:43 - 02129920 _____ (Farbar) C:\Users\Utilisateur\Downloads\FRST64.exe
    2015-01-27 06:36 - 2015-01-27 06:36 - 00003292 _____ () C:\Windows\System32\Tasks\cfcNQFd7UjNAaAx
    2015-01-27 06:35 - 2015-01-27 06:36 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\KLeHUMA
    2015-01-27 06:35 - 2015-01-27 06:35 - 00003252 _____ () C:\Windows\System32\Tasks\OmdNNmbo1Gk39YQ
    2015-01-27 06:35 - 2015-01-27 06:35 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\JUtU2Bf
    2015-01-24 21:30 - 2015-01-24 21:30 - 00023480 _____ () C:\Windows\SysWOW64\bddel.exe
    2015-01-24 21:29 - 2015-01-24 21:29 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
    2015-01-24 21:28 - 2015-01-24 21:29 - 00000000 ____D () C:\Program Files (x86)\XTab
    2015-01-24 21:27 - 2015-01-24 21:27 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\omiga-plus
    2015-01-24 20:56 - 2015-01-24 20:57 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
    2015-01-24 20:26 - 2015-01-24 20:26 - 00013024 _____ () C:\Windows\PFRO.log
    2015-01-24 20:26 - 2015-01-24 20:26 - 00000056 _____ () C:\Windows\setupact.log
    2015-01-24 20:26 - 2015-01-24 20:26 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-24 20:20 - 2015-01-25 21:51 - 00003318 _____ () C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website
    2015-01-24 10:36 - 2015-01-24 10:36 - 00001637 _____ () C:\Users\Utilisateur\Documents\message_spybot.txt
    2015-01-23 21:33 - 2015-01-23 21:33 - 00001244 _____ () C:\Users\Utilisateur\Desktop\adwcleaner_4.108.exe - Raccourci.lnk
    2015-01-21 21:23 - 2015-01-21 21:23 - 00000670 _____ () C:\Users\Utilisateur\Desktop\Bibliothèques.lnk
    2015-01-21 21:22 - 2015-01-21 21:22 - 00000363 _____ () C:\Users\Utilisateur\Desktop\Ordinateur.lnk
    2015-01-21 06:50 - 2015-01-21 06:50 - 00003182 _____ () C:\Windows\System32\Tasks\{EDBF4801-BE88-432D-B9BB-68756DBECE25}
    2015-01-18 13:46 - 2015-01-18 13:46 - 00001776 _____ () C:\Users\Utilisateur\Documents\cc_20150118_134636.reg
    2015-01-18 08:30 - 2015-01-18 08:30 - 00000000 ____D () C:\Users\Utilisateur\Documents\ProcAlyzer Dumps
    2015-01-16 18:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-16 18:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-16 18:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-16 18:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-16 18:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-16 18:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-16 18:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-15 03:25 - 2015-01-15 03:25 - 04376752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2015-01-14 23:03 - 2015-01-14 23:04 - 00005225 _____ () C:\Users\Kemal\Downloads\invite.ics
    2015-01-14 07:12 - 2015-01-24 21:11 - 00031909 _____ () C:\Users\Utilisateur\Documents\omiga-plus removal.txt
    2015-01-14 06:48 - 2015-01-14 06:48 - 00449947 ____R () C:\Windows\hosts.20150123-220420.backup
    2015-01-14 04:40 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 04:40 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 04:40 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 04:40 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 04:40 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 04:40 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 22:50 - 2015-01-17 21:51 - 00000000 ____D () C:\Users\Kemal\AppData\Roaming\dvdcss
    2015-01-13 21:13 - 2015-01-14 06:57 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
    2015-01-13 21:13 - 2015-01-13 21:13 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
    2015-01-11 14:19 - 2015-01-11 14:19 - 01628672 _____ (Whiler.com ©) C:\Users\Utilisateur\Downloads\wfp.exe
    2015-01-11 09:00 - 2015-01-11 09:00 - 00001311 _____ () C:\Users\Utilisateur\Desktop\Roaming - Raccourci.lnk
    2015-01-10 17:28 - 2015-01-10 17:28 - 00097640 _____ () C:\Users\Utilisateur\Documents\cc_20150110_172803.reg
    2015-01-10 17:22 - 2014-10-07 06:47 - 00450796 _____ () C:\Windows\system32\Drivers\etc\hosts.20150110-172220.backup
    2015-01-10 14:27 - 2015-01-10 14:27 - 00707664 _____ (iS3, Inc.) C:\Users\Utilisateur\Downloads\SZSetup_AID10121_AV.exe
    2015-01-10 14:22 - 2015-01-10 14:23 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Utilisateur\Downloads\SpyHunter-Installer.exe
    2015-01-09 17:37 - 2015-01-09 17:52 - 00006523 _____ () C:\Windows\wininit.ini
    2015-01-09 14:23 - 2015-01-22 06:46 - 00052998 _____ () C:\Windows\SysWOW64\bddel.dat
    2015-01-09 14:07 - 2015-01-09 14:07 - 00001377 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2015-01-09 14:04 - 2015-01-09 14:04 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Utilisateur\Downloads\spybot2-license.exe
    2015-01-06 06:57 - 2015-01-06 08:29 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\Wise Auto Shutdown
    2015-01-06 06:57 - 2015-01-06 06:57 - 00822984 _____ () C:\Users\Utilisateur\Downloads\wise-auto-shutdown_1-43_fr_430419.zip
    2015-01-06 06:57 - 2015-01-06 06:57 - 00000000 ____D () C:\Users\Utilisateur\Downloads\wise-auto-shutdown_1-43_fr_430419
    2015-01-06 06:54 - 2015-01-09 17:18 - 00000000 ____D () C:\Users\Utilisateur\Downloads\PowerOff_Patch_traduction_francaise
    2015-01-05 16:36 - 2015-01-05 16:36 - 00000202 _____ () C:\Users\Invité\Desktop\1.URL
    2015-01-01 22:37 - 2015-01-01 22:37 - 00029930 _____ () C:\Users\Utilisateur\Documents\cc_20150101_223741.reg
    2015-01-01 22:32 - 2015-01-01 22:32 - 00000000 ____D () C:\Users\Utilisateur\AppData\Local\{A7CFE5D3-A77D-405B-9A78-0307FF18A542}
    2015-01-01 22:14 - 2015-01-01 22:14 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-01-01 22:14 - 2015-01-01 22:14 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-01-01 22:14 - 2015-01-01 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-01-01 22:13 - 2015-01-01 22:14 - 00000000 ____D () C:\Program Files\CCleaner
    2015-01-01 22:12 - 2015-01-01 22:13 - 05317104 _____ (Piriform Ltd) C:\Users\Utilisateur\Downloads\ccsetup501.exe
    2015-01-01 21:30 - 2015-01-01 21:30 - 01513984 _____ () C:\Users\Utilisateur\Downloads\7z936-x64.msi
    2015-01-01 12:23 - 2015-01-01 12:23 - 00000000 _____ () C:\autoexec.bat
    2015-01-01 11:46 - 2015-01-01 11:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-01 11:45 - 2015-01-01 11:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Utilisateur\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-01 11:36 - 2015-01-01 11:36 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-01 11:22 - 2015-01-01 11:22 - 00001121 _____ () C:\Users\Utilisateur\Desktop\JRT.exe - Raccourci.lnk
    2015-01-01 11:21 - 2015-01-01 11:21 - 01707939 _____ (Thisisu) C:\Users\Utilisateur\Downloads\JRT.exe
    2014-12-31 07:22 - 2014-12-31 07:22 - 00004616 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
    2014-12-31 07:22 - 2014-12-31 07:22 - 00002448 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
    2014-12-31 07:22 - 2014-12-31 07:22 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
    2014-12-31 07:22 - 2014-12-31 07:22 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\LavasoftStatistics
    2014-12-31 07:22 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
    2014-12-31 07:22 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
    2014-12-28 08:50 - 2014-12-28 08:50 - 00000639 _____ () C:\Users\Utilisateur\Desktop\DCIM.lnk

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-27 19:24 - 2014-07-10 19:43 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-27 19:11 - 2014-03-26 18:32 - 02087697 _____ () C:\Windows\WindowsUpdate.log
    2015-01-27 19:06 - 2014-12-10 21:55 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000UA.job
    2015-01-27 19:05 - 2012-02-24 03:29 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-27 17:47 - 2014-03-26 18:28 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    2015-01-27 08:05 - 2012-02-24 03:29 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-27 07:01 - 2014-05-19 23:47 - 00000000 ____D () C:\Users\Utilisateur\Desktop\Captvty
    2015-01-27 06:36 - 2014-11-27 22:15 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\Sy7ws4c
    2015-01-27 06:35 - 2014-04-28 10:06 - 00001031 _____ () C:\Users\Utilisateur\Desktop\Internet Explorer.lnk
    2015-01-27 06:30 - 2014-03-26 09:57 - 00000387 _____ () C:\Users\Utilisateur\AppData\Roaming\sp_data.sys
    2015-01-27 06:29 - 2014-03-26 18:28 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2015-01-26 22:06 - 2014-12-10 21:55 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000Core.job
    2015-01-26 21:41 - 2014-12-11 06:44 - 00000387 _____ () C:\Users\Kemal\AppData\Roaming\sp_data.sys
    2015-01-26 07:20 - 2014-08-12 00:02 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\vlc
    2015-01-25 22:58 - 2014-11-27 22:58 - 00000041 _____ () C:\Users\Utilisateur\AppData\Local\recently-fix.db
    2015-01-25 21:55 - 2014-07-23 18:32 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\XBMC
    2015-01-24 21:27 - 2014-03-26 09:55 - 00001241 _____ () C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-24 20:33 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-24 20:33 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-24 20:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-24 20:25 - 2014-08-16 18:42 - 00000000 ____D () C:\AdwCleaner
    2015-01-24 20:24 - 2012-02-24 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-24 09:47 - 2014-07-08 06:50 - 00001843 _____ () C:\Users\Utilisateur\Desktop\MySyncFolder.lnk
    2015-01-24 09:47 - 2014-03-26 11:03 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\ASUS WebStorage
    2015-01-23 21:12 - 2014-06-23 22:58 - 00000387 _____ () C:\Users\Invité\AppData\Roaming\sp_data.sys
    2015-01-21 06:46 - 2014-07-10 19:43 - 00003940 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-21 06:46 - 2014-05-19 23:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-21 06:46 - 2014-05-19 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-18 14:09 - 2014-08-24 17:21 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\HandBrake
    2015-01-18 10:46 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2015-01-18 08:40 - 2014-10-30 19:51 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-18 08:36 - 2014-09-27 07:48 - 00000000 ____D () C:\Windows\pss
    2015-01-18 08:30 - 2014-10-30 19:52 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\Skype
    2015-01-18 08:30 - 2014-05-24 22:26 - 00000000 ___RD () C:\Users\Utilisateur\Dropbox
    2015-01-18 08:29 - 2014-05-24 22:19 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\Dropbox
    2015-01-18 02:56 - 2014-12-11 21:14 - 00000000 ____D () C:\Users\Kemal\AppData\Roaming\Skype
    2015-01-17 22:03 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
    2015-01-17 21:52 - 2014-12-11 06:47 - 00000000 ____D () C:\Users\Kemal\AppData\Roaming\vlc
    2015-01-16 03:05 - 2012-02-24 03:28 - 01644652 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-16 03:05 - 2011-02-19 05:29 - 00747894 _____ () C:\Windows\system32\perfh00C.dat
    2015-01-16 03:05 - 2011-02-19 05:29 - 00150386 _____ () C:\Windows\system32\perfc00C.dat
    2015-01-16 03:05 - 2009-07-14 06:13 - 01644652 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-15 03:06 - 2014-04-25 11:34 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 03:00 - 2014-04-25 11:34 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-10 17:22 - 2009-07-14 03:34 - 00450918 _____ () C:\Windows\system32\Drivers\etc\hosts.old
    2015-01-09 22:34 - 2014-10-06 22:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-01-09 17:21 - 2014-11-16 11:22 - 00000000 ____D () C:\Program Files\WWE
    2015-01-09 14:07 - 2014-10-06 22:26 - 00001389 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-01-09 14:07 - 2014-10-06 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-01-09 14:07 - 2014-10-06 22:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-01-01 22:35 - 2014-10-30 07:33 - 00000000 ____D () C:\Users\Utilisateur\Tracing
    2015-01-01 22:35 - 2014-05-25 15:25 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
    2015-01-01 22:33 - 2014-09-09 19:13 - 00000000 ____D () C:\Windows\Minidump
    2015-01-01 22:33 - 2009-07-29 07:03 - 00000000 ____D () C:\Windows\Panther
    2015-01-01 22:32 - 2014-10-30 07:33 - 00000000 ____D () C:\Users\Utilisateur\AppData\Local\Windows Live
    2015-01-01 21:35 - 2014-08-16 00:24 - 00000000 ____D () C:\Users\Utilisateur\Documents\Téléchargements
    2015-01-01 21:33 - 2014-05-30 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-01-01 21:33 - 2014-05-30 22:42 - 00000000 ____D () C:\Program Files (x86)\7-Zip
    2015-01-01 12:23 - 2014-03-26 09:54 - 00000000 ____D () C:\Users\Utilisateur
    2014-12-31 12:14 - 2014-05-09 19:46 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-31 07:45 - 2014-11-01 13:40 - 00000000 ____D () C:\Users\Invité\AppData\Roaming\Skype

    ==================== Files in the root of some directories =======

    2014-03-26 09:57 - 2015-01-27 06:30 - 0000387 _____ () C:\Users\Utilisateur\AppData\Roaming\sp_data.sys
    2014-11-16 11:23 - 2014-11-16 11:23 - 0613012 _____ (CMI Limited) C:\Users\Utilisateur\AppData\Local\nsgFC82.tmp
    2014-11-27 22:58 - 2015-01-25 22:58 - 0000041 _____ () C:\Users\Utilisateur\AppData\Local\recently-fix.db
    2014-08-18 11:57 - 2014-08-29 22:43 - 0007632 _____ () C:\Users\Utilisateur\AppData\Local\Resmon.ResmonCfg
    2012-02-24 03:42 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
    2014-03-26 18:39 - 2014-03-26 18:39 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2014-03-26 18:38 - 2014-03-26 18:39 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2014-03-26 18:37 - 2014-03-26 18:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Some content of TEMP:
    ====================
    C:\Users\Invité\AppData\Local\Temp\jna1178497602362581442.dll
    C:\Users\Invité\AppData\Local\Temp\jna1211039624642059220.dll
    C:\Users\Invité\AppData\Local\Temp\jna1383442829726740788.dll
    C:\Users\Invité\AppData\Local\Temp\jna1977359801693000870.dll
    C:\Users\Invité\AppData\Local\Temp\jna2197120439133527894.dll
    C:\Users\Invité\AppData\Local\Temp\jna2277595375658369167.dll
    C:\Users\Invité\AppData\Local\Temp\jna243862197797001572.dll
    C:\Users\Invité\AppData\Local\Temp\jna2775391479744641694.dll
    C:\Users\Invité\AppData\Local\Temp\jna2986045107858454976.dll
    C:\Users\Invité\AppData\Local\Temp\jna302632306526068263.dll
    C:\Users\Invité\AppData\Local\Temp\jna3088985297609842968.dll
    C:\Users\Invité\AppData\Local\Temp\jna3101714189133288450.dll
    C:\Users\Invité\AppData\Local\Temp\jna3383510205279284931.dll
    C:\Users\Invité\AppData\Local\Temp\jna3535304441280280684.dll
    C:\Users\Invité\AppData\Local\Temp\jna3555880895728052267.dll
    C:\Users\Invité\AppData\Local\Temp\jna3593623382484289948.dll
    C:\Users\Invité\AppData\Local\Temp\jna3733126913726148884.dll
    C:\Users\Invité\AppData\Local\Temp\jna3853132973065267832.dll
    C:\Users\Invité\AppData\Local\Temp\jna4526913718526732086.dll
    C:\Users\Invité\AppData\Local\Temp\jna4690766740122746062.dll
    C:\Users\Invité\AppData\Local\Temp\jna4796243522659313016.dll
    C:\Users\Invité\AppData\Local\Temp\jna4803330618200862042.dll
    C:\Users\Invité\AppData\Local\Temp\jna487407568030564490.dll
    C:\Users\Invité\AppData\Local\Temp\jna4972326363337868779.dll
    C:\Users\Invité\AppData\Local\Temp\jna5173885497718265923.dll
    C:\Users\Invité\AppData\Local\Temp\jna5312012197818223513.dll
    C:\Users\Invité\AppData\Local\Temp\jna5443123851323268851.dll
    C:\Users\Invité\AppData\Local\Temp\jna6030299832101186190.dll
    C:\Users\Invité\AppData\Local\Temp\jna6039079445236765401.dll
    C:\Users\Invité\AppData\Local\Temp\jna6144228763771653434.dll
    C:\Users\Invité\AppData\Local\Temp\jna6507612878039814646.dll
    C:\Users\Invité\AppData\Local\Temp\jna6512892731503540.dll
    C:\Users\Invité\AppData\Local\Temp\jna6668123378812702523.dll
    C:\Users\Invité\AppData\Local\Temp\jna6669292597080258531.dll
    C:\Users\Invité\AppData\Local\Temp\jna675133829078794009.dll
    C:\Users\Invité\AppData\Local\Temp\jna6909855156836057465.dll
    C:\Users\Invité\AppData\Local\Temp\jna7141054312516992879.dll
    C:\Users\Invité\AppData\Local\Temp\jna7276416725892100693.dll
    C:\Users\Invité\AppData\Local\Temp\jna7380423035214835602.dll
    C:\Users\Invité\AppData\Local\Temp\jna7505086486602767800.dll
    C:\Users\Invité\AppData\Local\Temp\jna7904470647474757403.dll
    C:\Users\Invité\AppData\Local\Temp\jna8152853060589444938.dll
    C:\Users\Invité\AppData\Local\Temp\jna8154091721333926500.dll
    C:\Users\Invité\AppData\Local\Temp\jna8300068673721323701.dll
    C:\Users\Invité\AppData\Local\Temp\jna850836996284371671.dll
    C:\Users\Invité\AppData\Local\Temp\jna856273129658999747.dll
    C:\Users\Invité\AppData\Local\Temp\jna8646522272473181557.dll
    C:\Users\Invité\AppData\Local\Temp\jna8678423693128416101.dll
    C:\Users\Invité\AppData\Local\Temp\jna8763584822064213522.dll
    C:\Users\Invité\AppData\Local\Temp\jna9188169647812234069.dll
    C:\Users\Utilisateur\AppData\Local\Temp\Quarantine.exe
    C:\Users\Utilisateur\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-24 00:19

    ==================== End Of Log ============================

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by Utilisateur at 2015-01-27 19:46:41
    Running from C:\Users\Utilisateur\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    7-Zip 9.36 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0936-000001000000}) (Version: 9.36.00.0 - Igor Pavlov)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    adsl TV (HKLM-x32\...\{3AFDD2C6-8663-46B5-B195-6CEB00D44768}) (Version: 2013.1 - adsl TV / FM)
    Akamai NetSession Interface (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.25 - ASUS)
    ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
    ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.2 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
    ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.11 - ASUS)
    ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.143.296 - ASUS Cloud Corporation)
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    CD Catalog Expert 9.30.807.11 (HKLM-x32\...\CD Catalog Expert_is1) (Version: - eTeSoft)
    Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
    CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version: - Oberon Media)
    Dropbox (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    eMule0.60 (HKLM-x32\...\eMule0.60) (Version: 1.0.0.4 - eMule.com)
    ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    File Repair (HKLM-x32\...\File Repair_is1) (Version: - File Repair)
    FileZilla Client 3.9.0.3 (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
    fix version 1.0.0.0 (HKLM-x32\...\{ACA88935-7188-47AD-B220-B50106DC0D9C}_is1) (Version: 1.0.0.0 - )
    Free AVI MPEG WMV MP4 FLV Video Joiner 5.5.2 (HKLM-x32\...\Free AVI MPEG WMV MP4 FLV Video Joiner_is1) (Version: - MediaRightSoft, Inc.)
    Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Garmin City Navigator Europe NTU 2015.10 (HKLM-x32\...\{FB96D8EF-1EC6-4548-A65C-9485261262CC}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin City Navigator Europe NTU 2015.30 (HKLM-x32\...\{63F1BF21-7435-4055-AA71-7ED2B7948C8C}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 15.0.874.120 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google+ Auto Backup (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
    HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
    InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.1 - ASUS)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 10.6.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
    Microsoft .NET Framework 4.5.1 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    MP4Joiner v2.1.2 (HKLM-x32\...\MP4Joiner_is1) (Version: - )
    myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
    NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM-x32\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - Nom de votre société)
    NETGEAR WNA1000M Wireless USB 2.0 Adapter (x32 Version: 1.01.10 - Nom de votre société) Hidden
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
    omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version: - omiga-plus) <==== ATTENTION
    OpenOffice 4.1.1 (HKLM-x32\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation)
    Package de pilotes Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Package de pilotes Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
    PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
    PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
    Samsung i-Launcher 1.1.0.24 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.1.0.24 - Samsung Electronics Co., Ltd.)
    SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.12 - ASUS)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WD Drive Utilities (HKLM-x32\...\{DCFEC8D0-BF9F-4113-90E4-E242E7B2F628}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM-x32\...\{977F4EA1-2AF5-4DB3-875F-4AC87D210408}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
    WD Security (HKLM-x32\...\{9116D574-CB51-485F-B2A0-4A0B5C8945A2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{532352DA-521D-496D-9FB0-1F8B2580D6DA}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
    Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
    XBMC (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\XBMC) (Version: - Team XBMC)
    Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
    גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
    بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
    معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Utilisateur\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Utilisateur\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    21-01-2015 21:06:37 Windows Update
    25-01-2015 18:04:02 Windows Update

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {013D9984-227B-4F96-A968-1F1BA7572EE1} - System32\Tasks\WIN-statsSystem => C:\Users\Utilisateur\AppData\Local\Microsoft\WinU\~aphyajp.exe
    Task: {0614440E-7C5A-4DD0-8D0E-5EDA16CD11BB} - System32\Tasks\TaskUserUpdate_wp => C:\Users\Utilisateur\AppData\Roaming\~jzpahob.exe
    Task: {0870D014-1102-49E6-9A08-56EA278E0A23} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000UA => C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
    Task: {0A0D4383-4422-4142-96AC-74D1E439ADE6} - System32\Tasks\z2w4HN4zlt5lYuc => C:\Users\Utilisateur\AppData\Roaming\Sy7ws4c\9p6YvRm.exe [2014-11-27] ( )
    Task: {0B3022E3-1822-42D2-853B-060D9B16FE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
    Task: {0B7DD0A4-4FA8-430F-96D2-82B8F1BCB955} - System32\Tasks\WIN-statsAdmin => C:\Users\Utilisateur\AppData\Local\Microsoft\WinU\~zhtqkih.exe <==== ATTENTION
    Task: {29D15C94-666B-4628-8423-DD8C2DC54FA3} - System32\Tasks\{DAB7ECE1-2FEC-49B1-BF01-54FCCA886AAB} => pcalua.exe -a C:\Users\Utilisateur\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=ill <==== ATTENTION
    Task: {332777D5-43B1-4EBA-BC4D-AAFEE865987A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {507389C1-465C-4FCE-AF65-501C64A64D6C} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
    Task: {5B6E5C25-A56E-4440-AB10-86BABEF30FDE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {62A5424B-4DC6-456F-A9CB-7A51F5181553} - System32\Tasks\{EDBF4801-BE88-432D-B9BB-68756DBECE25} => pcalua.exe -a C:\Users\Utilisateur\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=ill <==== ATTENTION
    Task: {6F656A8F-FAD3-46A1-8AF9-12BE2BFEFBCF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
    Task: {7B48E641-7E98-4B28-A45D-FE40D559249D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {8BDDB50A-894A-44C8-8F18-AC996B599520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
    Task: {91D9D04C-F0C9-4B0F-B9CD-393240C6E616} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {980B3EED-638E-4414-860E-0918AE14EF19} - System32\Tasks\cfcNQFd7UjNAaAx => C:\Users\Utilisateur\AppData\Roaming\KLeHUMA\yXPZePX.exe [2015-01-27] ( )
    Task: {9C98394E-C1E6-4308-AE0C-1ABE3C910FD8} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
    Task: {B10DDA23-FBD5-4058-B1FF-1A9B3E97EC2A} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2012-04-11] (ASUSTeK Computer Inc.)
    Task: {B5C3875C-B02C-448C-910C-BA8E552D38AF} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\Utilisateur\AppData\Roaming\~zmyewko.exe
    Task: {B5F3D250-D766-4DA9-BB9E-9106424A609F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
    Task: {CFB67D04-ED40-4AD9-B17D-0AE42EA07ACB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {D0A49612-8ACB-4576-B0F4-3CB40B2A7AAD} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\Utilisateur\AppData\Roaming\~lbojkhu.exe
    Task: {D2D81AB0-0BAF-4F10-BC78-E1A939DC0C15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-21] (Adobe Systems Incorporated)
    Task: {D42276B6-F2AF-44F1-B103-14304CA8DC45} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {DA8E6C4C-6637-46FA-AE0C-2F0E822478C3} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2012-04-11] (ASUSTeK Computer Inc.)
    Task: {DB217CC5-D821-4B19-8354-0A1082FA5339} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {E47EF15F-74EF-4FB3-965A-0AD62E6C034A} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
    Task: {EBCF182A-9C4D-4431-8210-CED8453FFA95} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000Core => C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
    Task: {F0B20AFD-324F-4955-BCD3-DB6DA5D6FDD8} - System32\Tasks\OmdNNmbo1Gk39YQ => C:\Users\Utilisateur\AppData\Roaming\JUtU2Bf\HM1ozPi.exe [2015-01-27] ( )
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000Core.job => C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000UA.job => C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-26 18:28 - 2012-02-21 20:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    2011-06-30 21:23 - 2011-06-30 21:23 - 00167936 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
    2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2009-03-02 03:08 - 2009-03-02 03:08 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper_x64.dll
    2011-09-05 08:19 - 2011-09-05 08:19 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\LogicNP.PropSheetExtensionHelper_x64.dll
    2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2014-12-12 23:25 - 2014-12-12 23:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll
    2014-10-06 22:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-10-06 22:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-10-06 22:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-10-06 22:26 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-10-06 22:26 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-03-26 18:28 - 2012-02-21 20:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2012-02-21 22:49 - 2012-02-21 22:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2011-09-05 08:19 - 2011-09-05 08:19 - 00028672 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AxInterop.ShockwaveFlashObjects.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website:DESTICON_jeux16x16-10451673zqvpe782856011
    AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website:DESTICON_news16x16-10451674kaklj1915740143
    AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website:DESTICON_programmes16x16-10451675ybadg-1557053037
    AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website:DESTICON_tf116x16-10451676eqrds532773840
    AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website:DESTICON_tf1etvous16x16-10451677uferw851922391
    AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website:DESTICON_video16x16-10451678qaddr-535368628

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: PDF Architect 2 => 3
    MSCONFIG\Services: pdfforge CrashHandler => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Utilisateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Utilisateur\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
    MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
    MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
    MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
    MSCONFIG\startupreg: Google Update => "C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Utilisateur\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

    ========================= Accounts: ==========================

    Administrateur (S-1-5-21-826106567-84020505-3709442446-500 - Administrator - Disabled)
    Invité (S-1-5-21-826106567-84020505-3709442446-501 - Limited - Enabled) => C:\Users\Invité
    Kemal (S-1-5-21-826106567-84020505-3709442446-1001 - Limited - Enabled) => C:\Users\Kemal
    Utilisateur (S-1-5-21-826106567-84020505-3709442446-1000 - Administrator - Enabled) => C:\Users\Utilisateur

    ==================== Faulty Device Manager Devices =============

    Name: Realtek PCIe GBE Family Controller
    Description: Realtek PCIe GBE Family Controller
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: RTL8167
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: 802.11n Wireless LAN Card
    Description: 802.11n Wireless LAN Card
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Ralink Technology, Corp.
    Service: netr28x
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/26/2015 08:26:51 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante FreemakeUtilsService.exe, version : 1.0.0.0, horodatage : 0x53c4e946
    Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
    Code d’exception : 0xe0434352
    Décalage d’erreur : 0x0000c42d
    ID du processus défaillant : 0x7a4
    Heure de début de l’application défaillante : 0xFreemakeUtilsService.exe0
    Chemin d’accès de l’application défaillante : FreemakeUtilsService.exe1
    Chemin d’accès du module défaillant: FreemakeUtilsService.exe2
    ID de rapport : FreemakeUtilsService.exe3

    Error: (01/26/2015 08:26:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application*: FreemakeUtilsService.exe
    Version du Framework*: v4.0.30319
    Description : le processus a été arrêté en raison d'une exception non gérée.
    Informations sur l'exception*: System.ArgumentException
    Pile*:
    à System.Security.Principal.SecurityIdentifier..ctor(System.String)
    à FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
    à FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
    à FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
    à FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
    à FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
    à System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
    à System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
    à System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
    à System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    à System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
    à System.Threading.ThreadPoolWorkQueue.Dispatch()
    à System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

    Error: (01/26/2015 07:20:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante vlc.exe, version : 2.1.5.0, horodatage : 0x00000000
    Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521eaf24
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x0000000000018e5d
    ID du processus défaillant : 0x4958
    Heure de début de l’application défaillante : 0xvlc.exe0
    Chemin d’accès de l’application défaillante : vlc.exe1
    Chemin d’accès du module défaillant: vlc.exe2
    ID de rapport : vlc.exe3

    Error: (01/25/2015 03:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante vlc.exe, version : 2.1.5.0, horodatage : 0x00000000
    Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521eaf24
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x0000000000018e5d
    ID du processus défaillant : 0x34c4
    Heure de début de l’application défaillante : 0xvlc.exe0
    Chemin d’accès de l’application défaillante : vlc.exe1
    Chemin d’accès du module défaillant: vlc.exe2
    ID de rapport : vlc.exe3

    Error: (01/24/2015 08:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
    Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x0002eae4
    ID du processus défaillant : 0xdb0
    Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
    Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
    Chemin d’accès du module défaillant: WDBackupEngine.exe2
    ID de rapport : WDBackupEngine.exe3

    Error: (01/24/2015 08:49:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
    Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x000369b9
    ID du processus défaillant : 0x6a4
    Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
    Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
    Chemin d’accès du module défaillant: WDBackupEngine.exe2
    ID de rapport : WDBackupEngine.exe3

    Error: (01/24/2015 08:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
    Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x000361b0
    ID du processus défaillant : 0x86c
    Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
    Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
    Chemin d’accès du module défaillant: WDBackupEngine.exe2
    ID de rapport : WDBackupEngine.exe3

    Error: (01/24/2015 08:42:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
    Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x000361b0
    ID du processus défaillant : 0x4ec
    Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
    Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
    Chemin d’accès du module défaillant: WDBackupEngine.exe2
    ID de rapport : WDBackupEngine.exe3

    Error: (01/24/2015 08:39:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
    Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x00022e8f
    ID du processus défaillant : 0x610
    Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
    Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
    Chemin d’accès du module défaillant: WDBackupEngine.exe2
    ID de rapport : WDBackupEngine.exe3

    Error: (01/24/2015 08:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
    Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x000369b9
    ID du processus défaillant : 0xe44
    Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
    Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
    Chemin d’accès du module défaillant: WDBackupEngine.exe2
    ID de rapport : WDBackupEngine.exe3


    System errors:
    =============
    Error: (01/27/2015 07:36:23 PM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
    Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

    Error: (01/27/2015 07:36:23 PM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
    Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

    Error: (01/27/2015 07:36:23 PM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
    Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

    Error: (01/27/2015 05:55:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

    Error: (01/27/2015 11:53:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
    Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

    Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
    Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

    Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
    Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

    Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
    Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

    Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
    Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

    Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
    Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.


    Microsoft Office Sessions:
    =========================
    Error: (01/26/2015 08:26:51 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: FreemakeUtilsService.exe1.0.0.053c4e946KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d7a401d0380b9a6a1822C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\Windows\syswow64\KERNELBASE.dllb15edd05-a52c-11e4-a2b1-bcb17045ba4e

    Error: (01/26/2015 08:26:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application*: FreemakeUtilsService.exe
    Version du Framework*: v4.0.30319
    Description : le processus a été arrêté en raison d'une exception non gérée.
    Informations sur l'exception*: System.ArgumentException
    Pile*:
    à System.Security.Principal.SecurityIdentifier..ctor(System.String)
    à FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
    à FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
    à FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
    à FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
    à FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
    à System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
    à System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
    à System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
    à System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    à System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
    à System.Threading.ThreadPoolWorkQueue.Dispatch()
    à System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

    Error: (01/26/2015 07:20:27 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d495801d0392d80594744C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll6b3d3bda-a523-11e4-a2b1-bcb17045ba4e

    Error: (01/25/2015 03:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d34c401d0387c8ff0d669C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dllb652696c-a49e-11e4-a2b1-bcb17045ba4e

    Error: (01/24/2015 08:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c00000050002eae4db001d0380ed0cf6476C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll99f7f1c5-a402-11e4-a2b1-bcb17045ba4e

    Error: (01/24/2015 08:49:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c0000005000369b96a401d0380e531fdc1eC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll0de39745-a402-11e4-a2b1-bcb17045ba4e

    Error: (01/24/2015 08:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c0000005000361b086c01d0380de98d1437C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll902a896c-a401-11e4-a2b1-bcb17045ba4e

    Error: (01/24/2015 08:42:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c0000005000361b04ec01d0380d828da97cC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll269ee5a6-a401-11e4-a2b1-bcb17045ba4e

    Error: (01/24/2015 08:39:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c000000500022e8f61001d0380d20a91238C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dllbd28ae42-a400-11e4-a2b1-bcb17045ba4e

    Error: (01/24/2015 08:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c0000005000369b9e4401d0380cc0ecba33C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll5dc207c7-a400-11e4-a2b1-bcb17045ba4e


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-27 19:39:23.432
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

    Date: 2015-01-27 07:01:53.083
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

    Date: 2015-01-27 06:29:55.551
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

    Date: 2015-01-26 21:36:48.221
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

    Date: 2015-01-26 11:01:29.239
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

    Date: 2015-01-26 10:55:58.501
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

    Date: 2015-01-26 10:30:04.102
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

    Date: 2015-01-26 06:55:28.747
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

    Date: 2015-01-25 21:55:25.302
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

    Date: 2015-01-25 21:24:52.040
    Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
    Percentage of memory in use: 49%
    Total physical RAM: 3979.66 MB
    Available physical RAM: 1992.21 MB
    Total Pagefile: 7957.51 MB
    Available Pagefile: 4591.55 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:194.44 GB) (Free:47.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (DATA) (Fixed) (Total:478.87 GB) (Free:189.78 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: C3664E96)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Running from C:\Users\Utilisateur\Downloads

    We will have to move FRST to your desktop
    Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
    Please go to an open spot your desktop, right click and select PASTE
    You should now have Farbar Recovery Scan Tool on your desktop.


    ~~~~~

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)




    start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=...9G863DCG863DCX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about_:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=...9G863DCG863DCX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=...9G863DCG863DCX
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
    BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Toolbar: HKU\S-1-5-21-826106567-84020505-3709442446-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=...9G863DCG863DCX
    R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
    C:\Program Files (x86)\XTab\ProtectService.exe
    2015-01-27 06:36 - 2015-01-27 06:36 - 00003292 _____ () C:\Windows\System32\Tasks\cfcNQFd7UjNAaAx
    2015-01-27 06:35 - 2015-01-27 06:36 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\KLeHUMA
    2015-01-27 06:35 - 2015-01-27 06:35 - 00003252 _____ () C:\Windows\System32\Tasks\OmdNNmbo1Gk39YQ
    2015-01-27 06:35 - 2015-01-27 06:35 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\JUtU2Bf
    2015-01-24 21:29 - 2015-01-24 21:29 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
    2015-01-24 21:28 - 2015-01-24 21:29 - 00000000 ____D () C:\Program Files (x86)\XTab
    2015-01-24 21:27 - 2015-01-24 21:27 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\omiga-plus
    C:\Users\Invité\AppData\Local\Temp\jna1178497602362581442.dll
    C:\Users\Invité\AppData\Local\Temp\jna1211039624642059220.dll
    C:\Users\Invité\AppData\Local\Temp\jna1383442829726740788.dll
    C:\Users\Invité\AppData\Local\Temp\jna1977359801693000870.dll
    C:\Users\Invité\AppData\Local\Temp\jna2197120439133527894.dll
    C:\Users\Invité\AppData\Local\Temp\jna2277595375658369167.dll
    C:\Users\Invité\AppData\Local\Temp\jna243862197797001572.dll
    C:\Users\Invité\AppData\Local\Temp\jna2775391479744641694.dll
    C:\Users\Invité\AppData\Local\Temp\jna2986045107858454976.dll
    C:\Users\Invité\AppData\Local\Temp\jna302632306526068263.dll
    C:\Users\Invité\AppData\Local\Temp\jna3088985297609842968.dll
    C:\Users\Invité\AppData\Local\Temp\jna3101714189133288450.dll
    C:\Users\Invité\AppData\Local\Temp\jna3383510205279284931.dll
    C:\Users\Invité\AppData\Local\Temp\jna3535304441280280684.dll
    C:\Users\Invité\AppData\Local\Temp\jna3555880895728052267.dll
    C:\Users\Invité\AppData\Local\Temp\jna3593623382484289948.dll
    C:\Users\Invité\AppData\Local\Temp\jna3733126913726148884.dll
    C:\Users\Invité\AppData\Local\Temp\jna3853132973065267832.dll
    C:\Users\Invité\AppData\Local\Temp\jna4526913718526732086.dll
    C:\Users\Invité\AppData\Local\Temp\jna4690766740122746062.dll
    C:\Users\Invité\AppData\Local\Temp\jna4796243522659313016.dll
    C:\Users\Invité\AppData\Local\Temp\jna4803330618200862042.dll
    C:\Users\Invité\AppData\Local\Temp\jna487407568030564490.dll
    C:\Users\Invité\AppData\Local\Temp\jna4972326363337868779.dll
    C:\Users\Invité\AppData\Local\Temp\jna5173885497718265923.dll
    C:\Users\Invité\AppData\Local\Temp\jna5312012197818223513.dll
    C:\Users\Invité\AppData\Local\Temp\jna5443123851323268851.dll
    C:\Users\Invité\AppData\Local\Temp\jna6030299832101186190.dll
    C:\Users\Invité\AppData\Local\Temp\jna6039079445236765401.dll
    C:\Users\Invité\AppData\Local\Temp\jna6144228763771653434.dll
    C:\Users\Invité\AppData\Local\Temp\jna6507612878039814646.dll
    C:\Users\Invité\AppData\Local\Temp\jna6512892731503540.dll
    C:\Users\Invité\AppData\Local\Temp\jna6668123378812702523.dll
    C:\Users\Invité\AppData\Local\Temp\jna6669292597080258531.dll
    C:\Users\Invité\AppData\Local\Temp\jna675133829078794009.dll
    C:\Users\Invité\AppData\Local\Temp\jna6909855156836057465.dll
    C:\Users\Invité\AppData\Local\Temp\jna7141054312516992879.dll
    C:\Users\Invité\AppData\Local\Temp\jna7276416725892100693.dll
    C:\Users\Invité\AppData\Local\Temp\jna7380423035214835602.dll
    C:\Users\Invité\AppData\Local\Temp\jna7505086486602767800.dll
    C:\Users\Invité\AppData\Local\Temp\jna7904470647474757403.dll
    C:\Users\Invité\AppData\Local\Temp\jna8152853060589444938.dll
    C:\Users\Invité\AppData\Local\Temp\jna8154091721333926500.dll
    C:\Users\Invité\AppData\Local\Temp\jna8300068673721323701.dll
    C:\Users\Invité\AppData\Local\Temp\jna850836996284371671.dll
    C:\Users\Invité\AppData\Local\Temp\jna856273129658999747.dll
    C:\Users\Invité\AppData\Local\Temp\jna8646522272473181557.dll
    C:\Users\Invité\AppData\Local\Temp\jna8678423693128416101.dll
    C:\Users\Invité\AppData\Local\Temp\jna8763584822064213522.dll
    C:\Users\Invité\AppData\Local\Temp\jna9188169647812234069.dll
    C:\Users\Utilisateur\AppData\Local\Temp\Quarantine.exe
    C:\Users\Utilisateur\AppData\Local\Temp\sqlite3.dll
    omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version: - omiga-plus) <==== ATTENTION
    Task: {0614440E-7C5A-4DD0-8D0E-5EDA16CD11BB} - System32\Tasks\TaskUserUpdate_wp => C:\Users\Utilisateur\AppData\Roaming\~jzpahob.exe
    Task: {0A0D4383-4422-4142-96AC-74D1E439ADE6} - System32\Tasks\z2w4HN4zlt5lYuc => C:\Users\Utilisateur\AppData\Roaming\Sy7ws4c\9p6YvRm.exe [2014-11-27] ( )
    Task: {0B7DD0A4-4FA8-430F-96D2-82B8F1BCB955} - System32\Tasks\WIN-statsAdmin => C:\Users\Utilisateur\AppData\Local\Microsoft\WinU\~zhtqkih.exe <==== ATTENTION
    Task: {29D15C94-666B-4628-8423-DD8C2DC54FA3} - System32\Tasks\{DAB7ECE1-2FEC-49B1-BF01-54FCCA886AAB} => pcalua.exe -a C:\Users\Utilisateur\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=ill <==== ATTENTION
    Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: {62A5424B-4DC6-456F-A9CB-7A51F5181553} - System32\Tasks\{EDBF4801-BE88-432D-B9BB-68756DBECE25} => pcalua.exe -a C:\Users\Utilisateur\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=ill <==== ATTENTION
    Task: {980B3EED-638E-4414-860E-0918AE14EF19} - System32\Tasks\cfcNQFd7UjNAaAx => C:\Users\Utilisateur\AppData\Roaming\KLeHUMA\yXPZePX.exe [2015-01-27] ( )
    Task: {B5C3875C-B02C-448C-910C-BA8E552D38AF} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\Utilisateur\AppData\Roaming\~zmyewko.exe
    Task: {D0A49612-8ACB-4576-B0F4-3CB40B2A7AAD} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\Utilisateur\AppData\Roaming\~lbojkhu.exe
    Task: {F0B20AFD-324F-4955-BCD3-DB6DA5D6FDD8} - System32\Tasks\OmdNNmbo1Gk39YQ => C:\Users\Utilisateur\AppData\Roaming\JUtU2Bf\HM1ozPi.exe [2015-01-27] ( )
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    ~~~~~~~~~~~~~~~~~

    The next set of tools you may have already used, if yes, please delete them and download updated versions.

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    ~~
    please post
    Fixlog.txt
    C:\AdwCleaner.txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    Quote Originally Posted by Juliet View Post
    ...
    please post
    Fixlog.txt
    C:\AdwCleaner.txt
    JRT.txt
    Hi Juliet. Thank you for your help.
    For unknown reason, JRT has been launched for more than 6 hours and is still in progress (11th step - checking shortcuts).
    So, this morning, I can only give you 2 files out of 3. Please see attached zip file. I will send you jrt.txt as soon as the scan will
    be finished and when I shall have ended the work. Sorry.
    Attached Files Attached Files

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Stop JRT, if running correctly it doesn't take that long.

    OK, those tools took quite a bit out.

    Tell me how the computer is now.



    Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
    Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
    Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
    Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    Quote Originally Posted by Juliet View Post
    Stop JRT, if running correctly it doesn't take that long.
    OK, those tools took quite a bit out.
    Tell me how the computer is now.
    Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now...
    Hi Juliet. I will revert to you tonight after the job. I live in Paris.
    I need details about Malwarebytes :
    > Can you suggest me a direct link to download it (free version or pro version with subscription) ?
    > Should I uninstalled Spybot from my computer before using Malwarebytes
    Thank you for the advice.

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by djtarek View Post
    Hi Juliet. I will revert to you tonight after the job. I live in Paris.
    I need details about Malwarebytes :
    > Can you suggest me a direct link to download it (free version or pro version with subscription) ?
    > Should I uninstalled Spybot from my computer before using Malwarebytes
    Thank you for the advice.
    Download Malwarebytes' Anti-Malware to your desktop.

    During the install you can select Free version, and if it still installs the Premium version thats not a problem. It will revert to Free after the the trial period is over.

    You can disable SpyBot if you wish, then when we are finished set the settings back to what you like
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    Quote Originally Posted by Juliet View Post
    ...then when we are finished set the settings back to what you like
    Please find attached Malwarebytes Log and a popup screenshot (an alert has been raised after the first reboot).
    Of course, I have deleted all detected malwares.
    I gonna use my computer tonight to see if OMIGA-PLUS is definetly removed.
    I will give you my feedback tomorrow.
    Attached Images Attached Images
    Attached Files Attached Files

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Thank you
    Many items were detected and deleted.

    Use your computer as normal without extra activities. Then please give me an update on how it is acting.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •