No way to get rid OMIGA-Plus malware

djtarek · Jan 26, 2015

Hello Spybot.
As AdwCleaner cannot remove OMIGA-PLUS malware despite the fact it is correctly detected,
I have decided to use registered Spybot sotware.

After scanning malwares, I restart my Laptop and everything seems clean.
There is none OMIGA reference in the registry, and the browsers opening page are ok.
But few minutes later, a suspicious activity occurs in the computer.
And I noticed in the running task manager :
Baofengupdate.exe with a temporary high activity and just after, there is omiga-plus.exe.
All OMIGA keys are again installed in registry and hijacks the Firefox/Internet explorer opening page

Please find attached zip logs about last Spybot scans. I can send you the adwCleaner logs but I guess
this is not your business.

Thank you a lot of your help.

OS : Windows 7 64 bit
RAM : 4 GB RAM
Partition : 2
Sessions : 3 (admin / Kemal / Guest)
Browsers : Firefox 35 and Internet Explorer 11
Location : France
Registered user : yes

Note : I have uninstalled Firefox 35. I will reinstall it after removing definitely OMIGA-PLUS.

---------------------------------------------------------------
Admin Edit
For future reference and others reading.

http://forums.spybot.info/showthrea...ocedure-Before-Requesting-Assistance)-Updated

Juliet · Jan 27, 2015

To help downloads tools to your desktop.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser.

Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select

Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

djtarek · Jan 27, 2015

Juliet said:
To help downloads tools to your desktop.
...
Copy the contents of both logs and paste in your next reply.
...

FRST.txt
-----------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Utilisateur (administrator) on UTILISATEUR-PC on 27-01-2015 19:45:39
Running from C:\Users\Utilisateur\Downloads
Loaded Profiles: Utilisateur & Kemal (Available profiles: Utilisateur & Kemal & Invité)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe
(Microsoft Corporation) C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-25] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe [740736 2012-08-03] (ASUS Cloud Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\MountPoints2: {3c9f226c-76d9-11e4-b2cc-e52e51fd3340} - E:\iLinker.exe
HKU\S-1-5-21-826106567-84020505-3709442446-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-07-10] (Google Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type...HitachiXHTS547575A9E384_J2190059G863DCG863DCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type...HitachiXHTS547575A9E384_J2190059G863DCG863DCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-826106567-84020505-3709442446-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-826106567-84020505-3709442446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-826106567-84020505-3709442446-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-fr/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-826106567-84020505-3709442446-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-826106567-84020505-3709442446-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type...HitachiXHTS547575A9E384_J2190059G863DCG863DCX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-826106567-84020505-3709442446-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254

FireFox:
========
FF ProfilePath: C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\5psz75gc.default-1415551359275
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-826106567-84020505-3709442446-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Utilisateur\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-826106567-84020505-3709442446-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Utilisateur\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-826106567-84020505-3709442446-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Utilisateur\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-02-24]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-07-19]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-25]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type...HitachiXHTS547575A9E384_J2190059G863DCG863DCX

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]
R2 xras; C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe [32768 2011-09-03] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-04-11] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2012-04-11] (Windows (R) Win 7 DDK provider)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation )
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 19:45 - 2015-01-27 19:46 - 00022649 _____ () C:\Users\Utilisateur\Downloads\FRST.txt
2015-01-27 19:45 - 2015-01-27 19:45 - 00000000 ____D () C:\FRST
2015-01-27 19:42 - 2015-01-27 19:43 - 02129920 _____ (Farbar) C:\Users\Utilisateur\Downloads\FRST64.exe
2015-01-27 06:36 - 2015-01-27 06:36 - 00003292 _____ () C:\Windows\System32\Tasks\cfcNQFd7UjNAaAx
2015-01-27 06:35 - 2015-01-27 06:36 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\KLeHUMA
2015-01-27 06:35 - 2015-01-27 06:35 - 00003252 _____ () C:\Windows\System32\Tasks\OmdNNmbo1Gk39YQ
2015-01-27 06:35 - 2015-01-27 06:35 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\JUtU2Bf
2015-01-24 21:30 - 2015-01-24 21:30 - 00023480 _____ () C:\Windows\SysWOW64\bddel.exe
2015-01-24 21:29 - 2015-01-24 21:29 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-24 21:28 - 2015-01-24 21:29 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-24 21:27 - 2015-01-24 21:27 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\omiga-plus
2015-01-24 20:56 - 2015-01-24 20:57 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-01-24 20:26 - 2015-01-24 20:26 - 00013024 _____ () C:\Windows\PFRO.log
2015-01-24 20:26 - 2015-01-24 20:26 - 00000056 _____ () C:\Windows\setupact.log
2015-01-24 20:26 - 2015-01-24 20:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-24 20:20 - 2015-01-25 21:51 - 00003318 _____ () C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website
2015-01-24 10:36 - 2015-01-24 10:36 - 00001637 _____ () C:\Users\Utilisateur\Documents\message_spybot.txt
2015-01-23 21:33 - 2015-01-23 21:33 - 00001244 _____ () C:\Users\Utilisateur\Desktop\adwcleaner_4.108.exe - Raccourci.lnk
2015-01-21 21:23 - 2015-01-21 21:23 - 00000670 _____ () C:\Users\Utilisateur\Desktop\Bibliothèques.lnk
2015-01-21 21:22 - 2015-01-21 21:22 - 00000363 _____ () C:\Users\Utilisateur\Desktop\Ordinateur.lnk
2015-01-21 06:50 - 2015-01-21 06:50 - 00003182 _____ () C:\Windows\System32\Tasks\{EDBF4801-BE88-432D-B9BB-68756DBECE25}
2015-01-18 13:46 - 2015-01-18 13:46 - 00001776 _____ () C:\Users\Utilisateur\Documents\cc_20150118_134636.reg
2015-01-18 08:30 - 2015-01-18 08:30 - 00000000 ____D () C:\Users\Utilisateur\Documents\ProcAlyzer Dumps
2015-01-16 18:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 18:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 18:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 18:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 18:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 18:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 18:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 03:25 - 2015-01-15 03:25 - 04376752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 23:03 - 2015-01-14 23:04 - 00005225 _____ () C:\Users\Kemal\Downloads\invite.ics
2015-01-14 07:12 - 2015-01-24 21:11 - 00031909 _____ () C:\Users\Utilisateur\Documents\omiga-plus removal.txt
2015-01-14 06:48 - 2015-01-14 06:48 - 00449947 ____R () C:\Windows\hosts.20150123-220420.backup
2015-01-14 04:40 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:40 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:40 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:40 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:40 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 04:40 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 22:50 - 2015-01-17 21:51 - 00000000 ____D () C:\Users\Kemal\AppData\Roaming\dvdcss
2015-01-13 21:13 - 2015-01-14 06:57 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-01-13 21:13 - 2015-01-13 21:13 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-01-11 14:19 - 2015-01-11 14:19 - 01628672 _____ (Whiler.com ©) C:\Users\Utilisateur\Downloads\wfp.exe
2015-01-11 09:00 - 2015-01-11 09:00 - 00001311 _____ () C:\Users\Utilisateur\Desktop\Roaming - Raccourci.lnk
2015-01-10 17:28 - 2015-01-10 17:28 - 00097640 _____ () C:\Users\Utilisateur\Documents\cc_20150110_172803.reg
2015-01-10 17:22 - 2014-10-07 06:47 - 00450796 _____ () C:\Windows\system32\Drivers\etc\hosts.20150110-172220.backup
2015-01-10 14:27 - 2015-01-10 14:27 - 00707664 _____ (iS3, Inc.) C:\Users\Utilisateur\Downloads\SZSetup_AID10121_AV.exe
2015-01-10 14:22 - 2015-01-10 14:23 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Utilisateur\Downloads\SpyHunter-Installer.exe
2015-01-09 17:37 - 2015-01-09 17:52 - 00006523 _____ () C:\Windows\wininit.ini
2015-01-09 14:23 - 2015-01-22 06:46 - 00052998 _____ () C:\Windows\SysWOW64\bddel.dat
2015-01-09 14:07 - 2015-01-09 14:07 - 00001377 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-09 14:04 - 2015-01-09 14:04 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Utilisateur\Downloads\spybot2-license.exe
2015-01-06 06:57 - 2015-01-06 08:29 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\Wise Auto Shutdown
2015-01-06 06:57 - 2015-01-06 06:57 - 00822984 _____ () C:\Users\Utilisateur\Downloads\wise-auto-shutdown_1-43_fr_430419.zip
2015-01-06 06:57 - 2015-01-06 06:57 - 00000000 ____D () C:\Users\Utilisateur\Downloads\wise-auto-shutdown_1-43_fr_430419
2015-01-06 06:54 - 2015-01-09 17:18 - 00000000 ____D () C:\Users\Utilisateur\Downloads\PowerOff_Patch_traduction_francaise
2015-01-05 16:36 - 2015-01-05 16:36 - 00000202 _____ () C:\Users\Invité\Desktop\1.URL
2015-01-01 22:37 - 2015-01-01 22:37 - 00029930 _____ () C:\Users\Utilisateur\Documents\cc_20150101_223741.reg
2015-01-01 22:32 - 2015-01-01 22:32 - 00000000 ____D () C:\Users\Utilisateur\AppData\Local\{A7CFE5D3-A77D-405B-9A78-0307FF18A542}
2015-01-01 22:14 - 2015-01-01 22:14 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-01 22:14 - 2015-01-01 22:14 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-01 22:14 - 2015-01-01 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-01 22:13 - 2015-01-01 22:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-01 22:12 - 2015-01-01 22:13 - 05317104 _____ (Piriform Ltd) C:\Users\Utilisateur\Downloads\ccsetup501.exe
2015-01-01 21:30 - 2015-01-01 21:30 - 01513984 _____ () C:\Users\Utilisateur\Downloads\7z936-x64.msi
2015-01-01 12:23 - 2015-01-01 12:23 - 00000000 _____ () C:\autoexec.bat
2015-01-01 11:46 - 2015-01-01 11:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 11:45 - 2015-01-01 11:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Utilisateur\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-01 11:36 - 2015-01-01 11:36 - 00000000 ____D () C:\Windows\ERUNT
2015-01-01 11:22 - 2015-01-01 11:22 - 00001121 _____ () C:\Users\Utilisateur\Desktop\JRT.exe - Raccourci.lnk
2015-01-01 11:21 - 2015-01-01 11:21 - 01707939 _____ (Thisisu) C:\Users\Utilisateur\Downloads\JRT.exe
2014-12-31 07:22 - 2014-12-31 07:22 - 00004616 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-31 07:22 - 2014-12-31 07:22 - 00002448 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-31 07:22 - 2014-12-31 07:22 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-31 07:22 - 2014-12-31 07:22 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\LavasoftStatistics
2014-12-31 07:22 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-31 07:22 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-28 08:50 - 2014-12-28 08:50 - 00000639 _____ () C:\Users\Utilisateur\Desktop\DCIM.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 19:24 - 2014-07-10 19:43 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 19:11 - 2014-03-26 18:32 - 02087697 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 19:06 - 2014-12-10 21:55 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000UA.job
2015-01-27 19:05 - 2012-02-24 03:29 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 17:47 - 2014-03-26 18:28 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-01-27 08:05 - 2012-02-24 03:29 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 07:01 - 2014-05-19 23:47 - 00000000 ____D () C:\Users\Utilisateur\Desktop\Captvty
2015-01-27 06:36 - 2014-11-27 22:15 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\Sy7ws4c
2015-01-27 06:35 - 2014-04-28 10:06 - 00001031 _____ () C:\Users\Utilisateur\Desktop\Internet Explorer.lnk
2015-01-27 06:30 - 2014-03-26 09:57 - 00000387 _____ () C:\Users\Utilisateur\AppData\Roaming\sp_data.sys
2015-01-27 06:29 - 2014-03-26 18:28 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-01-26 22:06 - 2014-12-10 21:55 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000Core.job
2015-01-26 21:41 - 2014-12-11 06:44 - 00000387 _____ () C:\Users\Kemal\AppData\Roaming\sp_data.sys
2015-01-26 07:20 - 2014-08-12 00:02 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\vlc
2015-01-25 22:58 - 2014-11-27 22:58 - 00000041 _____ () C:\Users\Utilisateur\AppData\Local\recently-fix.db
2015-01-25 21:55 - 2014-07-23 18:32 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\XBMC
2015-01-24 21:27 - 2014-03-26 09:55 - 00001241 _____ () C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 20:33 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 20:33 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 20:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 20:25 - 2014-08-16 18:42 - 00000000 ____D () C:\AdwCleaner
2015-01-24 20:24 - 2012-02-24 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-24 09:47 - 2014-07-08 06:50 - 00001843 _____ () C:\Users\Utilisateur\Desktop\MySyncFolder.lnk
2015-01-24 09:47 - 2014-03-26 11:03 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\ASUS WebStorage
2015-01-23 21:12 - 2014-06-23 22:58 - 00000387 _____ () C:\Users\Invité\AppData\Roaming\sp_data.sys
2015-01-21 06:46 - 2014-07-10 19:43 - 00003940 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 06:46 - 2014-05-19 23:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-21 06:46 - 2014-05-19 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 14:09 - 2014-08-24 17:21 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\HandBrake
2015-01-18 10:46 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-18 08:40 - 2014-10-30 19:51 - 00000000 ____D () C:\ProgramData\Skype
2015-01-18 08:36 - 2014-09-27 07:48 - 00000000 ____D () C:\Windows\pss
2015-01-18 08:30 - 2014-10-30 19:52 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\Skype
2015-01-18 08:30 - 2014-05-24 22:26 - 00000000 ___RD () C:\Users\Utilisateur\Dropbox
2015-01-18 08:29 - 2014-05-24 22:19 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\Dropbox
2015-01-18 02:56 - 2014-12-11 21:14 - 00000000 ____D () C:\Users\Kemal\AppData\Roaming\Skype
2015-01-17 22:03 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-17 21:52 - 2014-12-11 06:47 - 00000000 ____D () C:\Users\Kemal\AppData\Roaming\vlc
2015-01-16 03:05 - 2012-02-24 03:28 - 01644652 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-16 03:05 - 2011-02-19 05:29 - 00747894 _____ () C:\Windows\system32\perfh00C.dat
2015-01-16 03:05 - 2011-02-19 05:29 - 00150386 _____ () C:\Windows\system32\perfc00C.dat
2015-01-16 03:05 - 2009-07-14 06:13 - 01644652 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 03:06 - 2014-04-25 11:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2014-04-25 11:34 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 17:22 - 2009-07-14 03:34 - 00450918 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2015-01-09 22:34 - 2014-10-06 22:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-09 17:21 - 2014-11-16 11:22 - 00000000 ____D () C:\Program Files\WWE
2015-01-09 14:07 - 2014-10-06 22:26 - 00001389 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-09 14:07 - 2014-10-06 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-09 14:07 - 2014-10-06 22:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 22:35 - 2014-10-30 07:33 - 00000000 ____D () C:\Users\Utilisateur\Tracing
2015-01-01 22:35 - 2014-05-25 15:25 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-01-01 22:33 - 2014-09-09 19:13 - 00000000 ____D () C:\Windows\Minidump
2015-01-01 22:33 - 2009-07-29 07:03 - 00000000 ____D () C:\Windows\Panther
2015-01-01 22:32 - 2014-10-30 07:33 - 00000000 ____D () C:\Users\Utilisateur\AppData\Local\Windows Live
2015-01-01 21:35 - 2014-08-16 00:24 - 00000000 ____D () C:\Users\Utilisateur\Documents\Téléchargements
2015-01-01 21:33 - 2014-05-30 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-01 21:33 - 2014-05-30 22:42 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-01-01 12:23 - 2014-03-26 09:54 - 00000000 ____D () C:\Users\Utilisateur
2014-12-31 12:14 - 2014-05-09 19:46 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 07:45 - 2014-11-01 13:40 - 00000000 ____D () C:\Users\Invité\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2014-03-26 09:57 - 2015-01-27 06:30 - 0000387 _____ () C:\Users\Utilisateur\AppData\Roaming\sp_data.sys
2014-11-16 11:23 - 2014-11-16 11:23 - 0613012 _____ (CMI Limited) C:\Users\Utilisateur\AppData\Local\nsgFC82.tmp
2014-11-27 22:58 - 2015-01-25 22:58 - 0000041 _____ () C:\Users\Utilisateur\AppData\Local\recently-fix.db
2014-08-18 11:57 - 2014-08-29 22:43 - 0007632 _____ () C:\Users\Utilisateur\AppData\Local\Resmon.ResmonCfg
2012-02-24 03:42 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2014-03-26 18:39 - 2014-03-26 18:39 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2014-03-26 18:38 - 2014-03-26 18:39 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-03-26 18:37 - 2014-03-26 18:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Invité\AppData\Local\Temp\jna1178497602362581442.dll
C:\Users\Invité\AppData\Local\Temp\jna1211039624642059220.dll
C:\Users\Invité\AppData\Local\Temp\jna1383442829726740788.dll
C:\Users\Invité\AppData\Local\Temp\jna1977359801693000870.dll
C:\Users\Invité\AppData\Local\Temp\jna2197120439133527894.dll
C:\Users\Invité\AppData\Local\Temp\jna2277595375658369167.dll
C:\Users\Invité\AppData\Local\Temp\jna243862197797001572.dll
C:\Users\Invité\AppData\Local\Temp\jna2775391479744641694.dll
C:\Users\Invité\AppData\Local\Temp\jna2986045107858454976.dll
C:\Users\Invité\AppData\Local\Temp\jna302632306526068263.dll
C:\Users\Invité\AppData\Local\Temp\jna3088985297609842968.dll
C:\Users\Invité\AppData\Local\Temp\jna3101714189133288450.dll
C:\Users\Invité\AppData\Local\Temp\jna3383510205279284931.dll
C:\Users\Invité\AppData\Local\Temp\jna3535304441280280684.dll
C:\Users\Invité\AppData\Local\Temp\jna3555880895728052267.dll
C:\Users\Invité\AppData\Local\Temp\jna3593623382484289948.dll
C:\Users\Invité\AppData\Local\Temp\jna3733126913726148884.dll
C:\Users\Invité\AppData\Local\Temp\jna3853132973065267832.dll
C:\Users\Invité\AppData\Local\Temp\jna4526913718526732086.dll
C:\Users\Invité\AppData\Local\Temp\jna4690766740122746062.dll
C:\Users\Invité\AppData\Local\Temp\jna4796243522659313016.dll
C:\Users\Invité\AppData\Local\Temp\jna4803330618200862042.dll
C:\Users\Invité\AppData\Local\Temp\jna487407568030564490.dll
C:\Users\Invité\AppData\Local\Temp\jna4972326363337868779.dll
C:\Users\Invité\AppData\Local\Temp\jna5173885497718265923.dll
C:\Users\Invité\AppData\Local\Temp\jna5312012197818223513.dll
C:\Users\Invité\AppData\Local\Temp\jna5443123851323268851.dll
C:\Users\Invité\AppData\Local\Temp\jna6030299832101186190.dll
C:\Users\Invité\AppData\Local\Temp\jna6039079445236765401.dll
C:\Users\Invité\AppData\Local\Temp\jna6144228763771653434.dll
C:\Users\Invité\AppData\Local\Temp\jna6507612878039814646.dll
C:\Users\Invité\AppData\Local\Temp\jna6512892731503540.dll
C:\Users\Invité\AppData\Local\Temp\jna6668123378812702523.dll
C:\Users\Invité\AppData\Local\Temp\jna6669292597080258531.dll
C:\Users\Invité\AppData\Local\Temp\jna675133829078794009.dll
C:\Users\Invité\AppData\Local\Temp\jna6909855156836057465.dll
C:\Users\Invité\AppData\Local\Temp\jna7141054312516992879.dll
C:\Users\Invité\AppData\Local\Temp\jna7276416725892100693.dll
C:\Users\Invité\AppData\Local\Temp\jna7380423035214835602.dll
C:\Users\Invité\AppData\Local\Temp\jna7505086486602767800.dll
C:\Users\Invité\AppData\Local\Temp\jna7904470647474757403.dll
C:\Users\Invité\AppData\Local\Temp\jna8152853060589444938.dll
C:\Users\Invité\AppData\Local\Temp\jna8154091721333926500.dll
C:\Users\Invité\AppData\Local\Temp\jna8300068673721323701.dll
C:\Users\Invité\AppData\Local\Temp\jna850836996284371671.dll
C:\Users\Invité\AppData\Local\Temp\jna856273129658999747.dll
C:\Users\Invité\AppData\Local\Temp\jna8646522272473181557.dll
C:\Users\Invité\AppData\Local\Temp\jna8678423693128416101.dll
C:\Users\Invité\AppData\Local\Temp\jna8763584822064213522.dll
C:\Users\Invité\AppData\Local\Temp\jna9188169647812234069.dll
C:\Users\Utilisateur\AppData\Local\Temp\Quarantine.exe
C:\Users\Utilisateur\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-24 00:19

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Utilisateur at 2015-01-27 19:46:41
Running from C:\Users\Utilisateur\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.36 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0936-000001000000}) (Version: 9.36.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
adsl TV (HKLM-x32\...\{3AFDD2C6-8663-46B5-B195-6CEB00D44768}) (Version: 2013.1 - adsl TV / FM)
Akamai NetSession Interface (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.25 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.11 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.143.296 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CD Catalog Expert 9.30.807.11 (HKLM-x32\...\CD Catalog Expert_is1) (Version: - eTeSoft)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version: - Oberon Media)
Dropbox (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
eMule0.60 (HKLM-x32\...\eMule0.60) (Version: 1.0.0.4 - eMule.com)
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Repair (HKLM-x32\...\File Repair_is1) (Version: - File Repair)
FileZilla Client 3.9.0.3 (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
fix version 1.0.0.0 (HKLM-x32\...\{ACA88935-7188-47AD-B220-B50106DC0D9C}_is1) (Version: 1.0.0.0 - )
Free AVI MPEG WMV MP4 FLV Video Joiner 5.5.2 (HKLM-x32\...\Free AVI MPEG WMV MP4 FLV Video Joiner_is1) (Version: - MediaRightSoft, Inc.)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin City Navigator Europe NTU 2015.10 (HKLM-x32\...\{FB96D8EF-1EC6-4548-A65C-9485261262CC}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NTU 2015.30 (HKLM-x32\...\{63F1BF21-7435-4055-AA71-7ED2B7948C8C}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 15.0.874.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.1 - ASUS)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.6.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
Microsoft .NET Framework 4.5.1 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MP4Joiner v2.1.2 (HKLM-x32\...\MP4Joiner_is1) (Version: - )
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM-x32\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - Nom de votre société)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (x32 Version: 1.01.10 - Nom de votre société) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version: - omiga-plus) <==== ATTENTION
OpenOffice 4.1.1 (HKLM-x32\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation)
Package de pilotes Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Package de pilotes Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
Samsung i-Launcher 1.1.0.24 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.1.0.24 - Samsung Electronics Co., Ltd.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.12 - ASUS)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{DCFEC8D0-BF9F-4113-90E4-E242E7B2F628}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{977F4EA1-2AF5-4DB3-875F-4AC87D210408}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{9116D574-CB51-485F-B2A0-4A0B5C8945A2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{532352DA-521D-496D-9FB0-1F8B2580D6DA}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
XBMC (HKU\S-1-5-21-826106567-84020505-3709442446-1000\...\XBMC) (Version: - Team XBMC)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Utilisateur\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Utilisateur\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-826106567-84020505-3709442446-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Utilisateur\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-01-2015 21:06:37 Windows Update
25-01-2015 18:04:02 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {013D9984-227B-4F96-A968-1F1BA7572EE1} - System32\Tasks\WIN-statsSystem => C:\Users\Utilisateur\AppData\Local\Microsoft\WinU\~aphyajp.exe
Task: {0614440E-7C5A-4DD0-8D0E-5EDA16CD11BB} - System32\Tasks\TaskUserUpdate_wp => C:\Users\Utilisateur\AppData\Roaming\~jzpahob.exe
Task: {0870D014-1102-49E6-9A08-56EA278E0A23} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000UA => C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {0A0D4383-4422-4142-96AC-74D1E439ADE6} - System32\Tasks\z2w4HN4zlt5lYuc => C:\Users\Utilisateur\AppData\Roaming\Sy7ws4c\9p6YvRm.exe [2014-11-27] ( )
Task: {0B3022E3-1822-42D2-853B-060D9B16FE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {0B7DD0A4-4FA8-430F-96D2-82B8F1BCB955} - System32\Tasks\WIN-statsAdmin => C:\Users\Utilisateur\AppData\Local\Microsoft\WinU\~zhtqkih.exe <==== ATTENTION
Task: {29D15C94-666B-4628-8423-DD8C2DC54FA3} - System32\Tasks\{DAB7ECE1-2FEC-49B1-BF01-54FCCA886AAB} => pcalua.exe -a C:\Users\Utilisateur\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=ill <==== ATTENTION
Task: {332777D5-43B1-4EBA-BC4D-AAFEE865987A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {507389C1-465C-4FCE-AF65-501C64A64D6C} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {5B6E5C25-A56E-4440-AB10-86BABEF30FDE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {62A5424B-4DC6-456F-A9CB-7A51F5181553} - System32\Tasks\{EDBF4801-BE88-432D-B9BB-68756DBECE25} => pcalua.exe -a C:\Users\Utilisateur\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=ill <==== ATTENTION
Task: {6F656A8F-FAD3-46A1-8AF9-12BE2BFEFBCF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {7B48E641-7E98-4B28-A45D-FE40D559249D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {8BDDB50A-894A-44C8-8F18-AC996B599520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {91D9D04C-F0C9-4B0F-B9CD-393240C6E616} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {980B3EED-638E-4414-860E-0918AE14EF19} - System32\Tasks\cfcNQFd7UjNAaAx => C:\Users\Utilisateur\AppData\Roaming\KLeHUMA\yXPZePX.exe [2015-01-27] ( )
Task: {9C98394E-C1E6-4308-AE0C-1ABE3C910FD8} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {B10DDA23-FBD5-4058-B1FF-1A9B3E97EC2A} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2012-04-11] (ASUSTeK Computer Inc.)
Task: {B5C3875C-B02C-448C-910C-BA8E552D38AF} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\Utilisateur\AppData\Roaming\~zmyewko.exe
Task: {B5F3D250-D766-4DA9-BB9E-9106424A609F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
Task: {CFB67D04-ED40-4AD9-B17D-0AE42EA07ACB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {D0A49612-8ACB-4576-B0F4-3CB40B2A7AAD} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\Utilisateur\AppData\Roaming\~lbojkhu.exe
Task: {D2D81AB0-0BAF-4F10-BC78-E1A939DC0C15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-21] (Adobe Systems Incorporated)
Task: {D42276B6-F2AF-44F1-B103-14304CA8DC45} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {DA8E6C4C-6637-46FA-AE0C-2F0E822478C3} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2012-04-11] (ASUSTeK Computer Inc.)
Task: {DB217CC5-D821-4B19-8354-0A1082FA5339} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E47EF15F-74EF-4FB3-965A-0AD62E6C034A} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {EBCF182A-9C4D-4431-8210-CED8453FFA95} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000Core => C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {F0B20AFD-324F-4955-BCD3-DB6DA5D6FDD8} - System32\Tasks\OmdNNmbo1Gk39YQ => C:\Users\Utilisateur\AppData\Roaming\JUtU2Bf\HM1ozPi.exe [2015-01-27] ( )
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000Core.job => C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826106567-84020505-3709442446-1000UA.job => C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2014-03-26 18:28 - 2012-02-21 20:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2011-06-30 21:23 - 2011-06-30 21:23 - 00167936 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2009-03-02 03:08 - 2009-03-02 03:08 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper_x64.dll
2011-09-05 08:19 - 2011-09-05 08:19 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\LogicNP.PropSheetExtensionHelper_x64.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-12-12 23:25 - 2014-12-12 23:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll
2014-10-06 22:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-06 22:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-06 22:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-06 22:26 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-06 22:26 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-26 18:28 - 2012-02-21 20:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-02-21 22:49 - 2012-02-21 22:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-09-05 08:19 - 2011-09-05 08:19 - 00028672 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AxInterop.ShockwaveFlashObjects.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website

ESTICON_jeux16x16-10451673zqvpe782856011
AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website

ESTICON_news16x16-10451674kaklj1915740143
AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website

ESTICON_programmes16x16-10451675ybadg-1557053037
AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website

ESTICON_tf116x16-10451676eqrds532773840
AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website

ESTICON_tf1etvous16x16-10451677uferw851922391
AlternateDataStreams: C:\Users\Utilisateur\Desktop\Poire rôtie à la sauce choco-caramel aux épices - Petits Plats en Equilibre - MYTF1.website

ESTICON_video16x16-10451678qaddr-535368628

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: PDF Architect 2 => 3
MSCONFIG\Services: pdfforge CrashHandler => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Utilisateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Utilisateur\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Utilisateur\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

========================= Accounts: ==========================

Administrateur (S-1-5-21-826106567-84020505-3709442446-500 - Administrator - Disabled)
Invité (S-1-5-21-826106567-84020505-3709442446-501 - Limited - Enabled) => C:\Users\Invité
Kemal (S-1-5-21-826106567-84020505-3709442446-1001 - Limited - Enabled) => C:\Users\Kemal
Utilisateur (S-1-5-21-826106567-84020505-3709442446-1000 - Administrator - Enabled) => C:\Users\Utilisateur

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2015 08:26:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante FreemakeUtilsService.exe, version : 1.0.0.0, horodatage : 0x53c4e946
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
Code d’exception : 0xe0434352
Décalage d’erreur : 0x0000c42d
ID du processus défaillant : 0x7a4
Heure de début de l’application défaillante : 0xFreemakeUtilsService.exe0
Chemin d’accès de l’application défaillante : FreemakeUtilsService.exe1
Chemin d’accès du module défaillant: FreemakeUtilsService.exe2
ID de rapport : FreemakeUtilsService.exe3

Error: (01/26/2015 08:26:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application*: FreemakeUtilsService.exe
Version du Framework*: v4.0.30319
Description : le processus a été arrêté en raison d'une exception non gérée.
Informations sur l'exception*: System.ArgumentException
Pile*:
à System.Security.Principal.SecurityIdentifier..ctor(System.String)
à FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
à FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
à FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
à FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
à FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
à System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
à System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
à System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
à System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
à System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
à System.Threading.ThreadPoolWorkQueue.Dispatch()
à System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/26/2015 07:20:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante vlc.exe, version : 2.1.5.0, horodatage : 0x00000000
Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521eaf24
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000018e5d
ID du processus défaillant : 0x4958
Heure de début de l’application défaillante : 0xvlc.exe0
Chemin d’accès de l’application défaillante : vlc.exe1
Chemin d’accès du module défaillant: vlc.exe2
ID de rapport : vlc.exe3

Error: (01/25/2015 03:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante vlc.exe, version : 2.1.5.0, horodatage : 0x00000000
Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521eaf24
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000018e5d
ID du processus défaillant : 0x34c4
Heure de début de l’application défaillante : 0xvlc.exe0
Chemin d’accès de l’application défaillante : vlc.exe1
Chemin d’accès du module défaillant: vlc.exe2
ID de rapport : vlc.exe3

Error: (01/24/2015 08:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0002eae4
ID du processus défaillant : 0xdb0
Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
Chemin d’accès du module défaillant: WDBackupEngine.exe2
ID de rapport : WDBackupEngine.exe3

Error: (01/24/2015 08:49:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000369b9
ID du processus défaillant : 0x6a4
Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
Chemin d’accès du module défaillant: WDBackupEngine.exe2
ID de rapport : WDBackupEngine.exe3

Error: (01/24/2015 08:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000361b0
ID du processus défaillant : 0x86c
Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
Chemin d’accès du module défaillant: WDBackupEngine.exe2
ID de rapport : WDBackupEngine.exe3

Error: (01/24/2015 08:42:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000361b0
ID du processus défaillant : 0x4ec
Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
Chemin d’accès du module défaillant: WDBackupEngine.exe2
ID de rapport : WDBackupEngine.exe3

Error: (01/24/2015 08:39:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00022e8f
ID du processus défaillant : 0x610
Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
Chemin d’accès du module défaillant: WDBackupEngine.exe2
ID de rapport : WDBackupEngine.exe3

Error: (01/24/2015 08:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante WDBackupEngine.exe, version : 2.0.0.15, horodatage : 0x547e4bc4
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x53159a86
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000369b9
ID du processus défaillant : 0xe44
Heure de début de l’application défaillante : 0xWDBackupEngine.exe0
Chemin d’accès de l’application défaillante : WDBackupEngine.exe1
Chemin d’accès du module défaillant: WDBackupEngine.exe2
ID de rapport : WDBackupEngine.exe3

System errors:
=============
Error: (01/27/2015 07:36:23 PM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

Error: (01/27/2015 07:36:23 PM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

Error: (01/27/2015 07:36:23 PM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

Error: (01/27/2015 05:55:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error: (01/27/2015 11:53:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORITE NT)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

Error: (01/27/2015 06:36:27 AM) (Source: Schannel) (EventID: 4120) (User: AUTORITE NT)
Description: L’alerte fatale suivante a été générée*: 10. L’état d’erreur interne est 10.

Microsoft Office Sessions:
=========================
Error: (01/26/2015 08:26:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FreemakeUtilsService.exe1.0.0.053c4e946KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d7a401d0380b9a6a1822C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\Windows\syswow64\KERNELBASE.dllb15edd05-a52c-11e4-a2b1-bcb17045ba4e

Error: (01/26/2015 08:26:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application*: FreemakeUtilsService.exe
Version du Framework*: v4.0.30319
Description : le processus a été arrêté en raison d'une exception non gérée.
Informations sur l'exception*: System.ArgumentException
Pile*:
à System.Security.Principal.SecurityIdentifier..ctor(System.String)
à FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
à FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
à FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
à FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
à FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
à System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
à System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
à System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
à System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
à System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
à System.Threading.ThreadPoolWorkQueue.Dispatch()
à System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/26/2015 07:20:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d495801d0392d80594744C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll6b3d3bda-a523-11e4-a2b1-bcb17045ba4e

Error: (01/25/2015 03:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d34c401d0387c8ff0d669C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dllb652696c-a49e-11e4-a2b1-bcb17045ba4e

Error: (01/24/2015 08:53:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c00000050002eae4db001d0380ed0cf6476C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll99f7f1c5-a402-11e4-a2b1-bcb17045ba4e

Error: (01/24/2015 08:49:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c0000005000369b96a401d0380e531fdc1eC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll0de39745-a402-11e4-a2b1-bcb17045ba4e

Error: (01/24/2015 08:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c0000005000361b086c01d0380de98d1437C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll902a896c-a401-11e4-a2b1-bcb17045ba4e

Error: (01/24/2015 08:42:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c0000005000361b04ec01d0380d828da97cC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll269ee5a6-a401-11e4-a2b1-bcb17045ba4e

Error: (01/24/2015 08:39:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c000000500022e8f61001d0380d20a91238C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dllbd28ae42-a400-11e4-a2b1-bcb17045ba4e

Error: (01/24/2015 08:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe2.0.0.15547e4bc4KERNELBASE.dll6.1.7601.1840953159a86c0000005000369b9e4401d0380cc0ecba33C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dll5dc207c7-a400-11e4-a2b1-bcb17045ba4e

CodeIntegrity Errors:
===================================
Date: 2015-01-27 19:39:23.432
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2015-01-27 07:01:53.083
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2015-01-27 06:29:55.551
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2015-01-26 21:36:48.221
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2015-01-26 11:01:29.239
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2015-01-26 10:55:58.501
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2015-01-26 10:30:04.102
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2015-01-26 06:55:28.747
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2015-01-25 21:55:25.302
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

Date: 2015-01-25 21:24:52.040
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 49%
Total physical RAM: 3979.66 MB
Available physical RAM: 1992.21 MB
Total Pagefile: 7957.51 MB
Available Pagefile: 4591.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:194.44 GB) (Free:47.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:478.87 GB) (Free:189.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: C3664E96)

Partition: GPT Partition Type.

==================== End Of Log ============================

Juliet · Jan 27, 2015

Running from C:\Users\Utilisateur\Downloads

We will have to move FRST to your desktop
Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Please go to an open spot your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type...HitachiXHTS547575A9E384_J2190059G863DCG863DCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about_:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type...HitachiXHTS547575A9E384_J2190059G863DCG863DCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type...HitachiXHTS547575A9E384_J2190059G863DCG863DCX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422131263&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-826106567-84020505-3709442446-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=ill&utm_campaign=install_ie&utm_content=ds&from=ill&uid=HitachiXHTS547575A9E384_J2190059G863DCG863DCX&ts=1422131322&type=default&q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Toolbar: HKU\S-1-5-21-826106567-84020505-3709442446-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type...HitachiXHTS547575A9E384_J2190059G863DCG863DCX
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
C:\Program Files (x86)\XTab\ProtectService.exe
2015-01-27 06:36 - 2015-01-27 06:36 - 00003292 _____ () C:\Windows\System32\Tasks\cfcNQFd7UjNAaAx
2015-01-27 06:35 - 2015-01-27 06:36 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\KLeHUMA
2015-01-27 06:35 - 2015-01-27 06:35 - 00003252 _____ () C:\Windows\System32\Tasks\OmdNNmbo1Gk39YQ
2015-01-27 06:35 - 2015-01-27 06:35 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\JUtU2Bf
2015-01-24 21:29 - 2015-01-24 21:29 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-24 21:28 - 2015-01-24 21:29 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-24 21:27 - 2015-01-24 21:27 - 00000000 ____D () C:\Users\Utilisateur\AppData\Roaming\omiga-plus
C:\Users\Invité\AppData\Local\Temp\jna1178497602362581442.dll
C:\Users\Invité\AppData\Local\Temp\jna1211039624642059220.dll
C:\Users\Invité\AppData\Local\Temp\jna1383442829726740788.dll
C:\Users\Invité\AppData\Local\Temp\jna1977359801693000870.dll
C:\Users\Invité\AppData\Local\Temp\jna2197120439133527894.dll
C:\Users\Invité\AppData\Local\Temp\jna2277595375658369167.dll
C:\Users\Invité\AppData\Local\Temp\jna243862197797001572.dll
C:\Users\Invité\AppData\Local\Temp\jna2775391479744641694.dll
C:\Users\Invité\AppData\Local\Temp\jna2986045107858454976.dll
C:\Users\Invité\AppData\Local\Temp\jna302632306526068263.dll
C:\Users\Invité\AppData\Local\Temp\jna3088985297609842968.dll
C:\Users\Invité\AppData\Local\Temp\jna3101714189133288450.dll
C:\Users\Invité\AppData\Local\Temp\jna3383510205279284931.dll
C:\Users\Invité\AppData\Local\Temp\jna3535304441280280684.dll
C:\Users\Invité\AppData\Local\Temp\jna3555880895728052267.dll
C:\Users\Invité\AppData\Local\Temp\jna3593623382484289948.dll
C:\Users\Invité\AppData\Local\Temp\jna3733126913726148884.dll
C:\Users\Invité\AppData\Local\Temp\jna3853132973065267832.dll
C:\Users\Invité\AppData\Local\Temp\jna4526913718526732086.dll
C:\Users\Invité\AppData\Local\Temp\jna4690766740122746062.dll
C:\Users\Invité\AppData\Local\Temp\jna4796243522659313016.dll
C:\Users\Invité\AppData\Local\Temp\jna4803330618200862042.dll
C:\Users\Invité\AppData\Local\Temp\jna487407568030564490.dll
C:\Users\Invité\AppData\Local\Temp\jna4972326363337868779.dll
C:\Users\Invité\AppData\Local\Temp\jna5173885497718265923.dll
C:\Users\Invité\AppData\Local\Temp\jna5312012197818223513.dll
C:\Users\Invité\AppData\Local\Temp\jna5443123851323268851.dll
C:\Users\Invité\AppData\Local\Temp\jna6030299832101186190.dll
C:\Users\Invité\AppData\Local\Temp\jna6039079445236765401.dll
C:\Users\Invité\AppData\Local\Temp\jna6144228763771653434.dll
C:\Users\Invité\AppData\Local\Temp\jna6507612878039814646.dll
C:\Users\Invité\AppData\Local\Temp\jna6512892731503540.dll
C:\Users\Invité\AppData\Local\Temp\jna6668123378812702523.dll
C:\Users\Invité\AppData\Local\Temp\jna6669292597080258531.dll
C:\Users\Invité\AppData\Local\Temp\jna675133829078794009.dll
C:\Users\Invité\AppData\Local\Temp\jna6909855156836057465.dll
C:\Users\Invité\AppData\Local\Temp\jna7141054312516992879.dll
C:\Users\Invité\AppData\Local\Temp\jna7276416725892100693.dll
C:\Users\Invité\AppData\Local\Temp\jna7380423035214835602.dll
C:\Users\Invité\AppData\Local\Temp\jna7505086486602767800.dll
C:\Users\Invité\AppData\Local\Temp\jna7904470647474757403.dll
C:\Users\Invité\AppData\Local\Temp\jna8152853060589444938.dll
C:\Users\Invité\AppData\Local\Temp\jna8154091721333926500.dll
C:\Users\Invité\AppData\Local\Temp\jna8300068673721323701.dll
C:\Users\Invité\AppData\Local\Temp\jna850836996284371671.dll
C:\Users\Invité\AppData\Local\Temp\jna856273129658999747.dll
C:\Users\Invité\AppData\Local\Temp\jna8646522272473181557.dll
C:\Users\Invité\AppData\Local\Temp\jna8678423693128416101.dll
C:\Users\Invité\AppData\Local\Temp\jna8763584822064213522.dll
C:\Users\Invité\AppData\Local\Temp\jna9188169647812234069.dll
C:\Users\Utilisateur\AppData\Local\Temp\Quarantine.exe
C:\Users\Utilisateur\AppData\Local\Temp\sqlite3.dll
omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version: - omiga-plus) <==== ATTENTION
Task: {0614440E-7C5A-4DD0-8D0E-5EDA16CD11BB} - System32\Tasks\TaskUserUpdate_wp => C:\Users\Utilisateur\AppData\Roaming\~jzpahob.exe
Task: {0A0D4383-4422-4142-96AC-74D1E439ADE6} - System32\Tasks\z2w4HN4zlt5lYuc => C:\Users\Utilisateur\AppData\Roaming\Sy7ws4c\9p6YvRm.exe [2014-11-27] ( )
Task: {0B7DD0A4-4FA8-430F-96D2-82B8F1BCB955} - System32\Tasks\WIN-statsAdmin => C:\Users\Utilisateur\AppData\Local\Microsoft\WinU\~zhtqkih.exe <==== ATTENTION
Task: {29D15C94-666B-4628-8423-DD8C2DC54FA3} - System32\Tasks\{DAB7ECE1-2FEC-49B1-BF01-54FCCA886AAB} => pcalua.exe -a C:\Users\Utilisateur\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=ill <==== ATTENTION
Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {62A5424B-4DC6-456F-A9CB-7A51F5181553} - System32\Tasks\{EDBF4801-BE88-432D-B9BB-68756DBECE25} => pcalua.exe -a C:\Users\Utilisateur\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=ill <==== ATTENTION
Task: {980B3EED-638E-4414-860E-0918AE14EF19} - System32\Tasks\cfcNQFd7UjNAaAx => C:\Users\Utilisateur\AppData\Roaming\KLeHUMA\yXPZePX.exe [2015-01-27] ( )
Task: {B5C3875C-B02C-448C-910C-BA8E552D38AF} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\Utilisateur\AppData\Roaming\~zmyewko.exe
Task: {D0A49612-8ACB-4576-B0F4-3CB40B2A7AAD} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\Utilisateur\AppData\Roaming\~lbojkhu.exe
Task: {F0B20AFD-324F-4955-BCD3-DB6DA5D6FDD8} - System32\Tasks\OmdNNmbo1Gk39YQ => C:\Users\Utilisateur\AppData\Roaming\JUtU2Bf\HM1ozPi.exe [2015-01-27] ( )
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~

The next set of tools you may have already used, if yes, please delete them and download updated versions.

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select
Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

djtarek · Jan 28, 2015

Juliet said:
...
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Hi Juliet. Thank you for your help.
For unknown reason, JRT has been launched for more than 6 hours and is still in progress (11th step - checking shortcuts).
So, this morning, I can only give you 2 files out of 3. Please see attached zip file. I will send you jrt.txt as soon as the scan will
be finished and when I shall have ended the work. Sorry.

Juliet · Jan 28, 2015

Stop JRT, if running correctly it doesn't take that long.

OK, those tools took quite a bit out.

Tell me how the computer is now.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

djtarek · Jan 28, 2015

Juliet said:
Stop JRT, if running correctly it doesn't take that long.
OK, those tools took quite a bit out.
Tell me how the computer is now.
Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now...

Hi Juliet. I will revert to you tonight after the job. I live in Paris.
I need details about Malwarebytes :
> Can you suggest me a direct link to download it (free version or pro version with subscription) ?
> Should I uninstalled Spybot from my computer before using Malwarebytes
Thank you for the advice.

Juliet · Jan 28, 2015

djtarek said:
Hi Juliet. I will revert to you tonight after the job. I live in Paris.
I need details about Malwarebytes :
> Can you suggest me a direct link to download it (free version or pro version with subscription) ?
> Should I uninstalled Spybot from my computer before using Malwarebytes
Thank you for the advice.

Download Malwarebytes' Anti-Malware to your desktop.

During the install you can select Free version, and if it still installs the Premium version thats not a problem. It will revert to Free after the the trial period is over.

You can disable SpyBot if you wish, then when we are finished set the settings back to what you like

djtarek · Jan 28, 2015

Juliet said:
...then when we are finished set the settings back to what you like

Please find attached Malwarebytes Log and a popup screenshot (an alert has been raised after the first reboot).
Of course, I have deleted all detected malwares.
I gonna use my computer tonight to see if OMIGA-PLUS is definetly removed.
I will give you my feedback tomorrow.

Juliet · Jan 28, 2015

Thank you
Many items were detected and deleted.

Use your computer as normal without extra activities. Then please give me an update on how it is acting.

djtarek · Jan 29, 2015

Juliet said:
Thank you
Many items were detected and deleted.
Use your computer as normal without extra activities. Then please give me an update on how it is acting.

Hi Juliet.
I used normaly my computer with Internet Explorer only. No problem.
This morning, without having restarted the computer, I have a "Microsoft Guenine Warning" displayed.
I use an ASUS X501A Laptop with preinstalled Windows 7 also available on a hidden partition with valid licence.
For information, I was always able to make automatically the window updates.
But this time, I guess my sytem will be blocked (by Microsoft) at the next restart.
I guess important system files have been altered/blocked with last scan (as suggest Microsoft online help).
I don't know how to restore them from Malwarebytes (and which ones).
Of course, I can recovery OS by pressing "F9" to access the hidden partition.
To avoid this final solution (that's why I'm disturbing you on this forum), you may find a trick to solve this issue.
Find attached all Malwarebytes Logs and screeshots for the Guenine warning.
Kind Regards,
DJ. Tarek, France.

Juliet · Jan 29, 2015

Also please download Windows Repair (all in one) from here

Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

NEXT
On the the Start Repairs tab => Click the Start

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.

djtarek · Jan 29, 2015

Juliet said:
Also please download Windows Repair (all in one) from here

You save my laptop !
I will follow your last advise to restore corrupted system files.
I just hope my computer will not be restarted at home.
I would like to say I've noticed these lines on Malwarebytes Log

Protection, 28/01/2015 20:27:55, SYSTEM, UTILISATEUR-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/01/2015 20:28:30, SYSTEM, UTILISATEUR-PC, Protection, Malicious Website Protection, Started,
Detection, 28/01/2015 20:58:50, SYSTEM, UTILISATEUR-PC, Protection, Malicious Website Protection, IP, 176.103.48.36, 49684, Outbound, C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe,
Detection, 28/01/2015 20:58:51, SYSTEM, UTILISATEUR-PC, Protection, Malicious Website Protection, IP, 176.103.48.36, 49684, Outbound, C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe,
...

176.103.48.36 > UKRAINE (??)
rassstp.exe > supposed to be a Microsoft Process
C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe > not to seem an official Microsot path

Question : Should we remove all this folder ?

DJ. Tarek, France

Juliet · Jan 29, 2015

At this time please allow MBAM to continue to block it.

VPN connections?

http://www.bleepingcomputer.com/forums/t/272302/wan-miniport-sstp/
"Just disable the miniport if you want, do not try to uninstall it."
It is part of the network drivers and you can't properly uninstall it. You can just
ignore it.

Or go into MBAM settings
Notifications and set to disabled

djtarek · Jan 31, 2015

Juliet said:
At this time please allow MBAM to continue to block it.

VPN connections?

http://www.bleepingcomputer.com/forums/t/272302/wan-miniport-sstp/
"Just disable the miniport if you want, do not try to uninstall it."
...

Hi Juliet
Sorry for the late of my feedback.
I don't use vpn on my computer.
All issues on my computer seem to be solved.
After 2 restarts, there is neither malwares detection nor guenine warning.
I did not uninstall wan-miniport.
Please to see the last Log of MBAM.
adwcleaner does not detect any threat from now on.
Of course, I'm wondering what is the best antimalwares of the world,
as I had to use many of them with your advices to get rid omiga-plus (what a bitch!).
Undoubtedly, you are the best!
Thank you a lot.
DJ. Tarek, France

Juliet · Jan 31, 2015

Thank you for all the kind words, C'était mon plaisir merci

As for the best antimalwares in the world....what we recommend is layered protection.

I'll get to that. First, let's remove tools and quarantine folders then I will give recommendations.

DelFix

Please download DelFix
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~`

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP

The following programmes come highly recommended in the security community.

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Juliet · Feb 5, 2015

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

No way to get rid OMIGA-Plus malware

djtarek

New member

Attachments

Juliet

Security Expert-emeritus

djtarek

New member

Juliet

Security Expert-emeritus

djtarek

New member

Attachments

Juliet

Security Expert-emeritus

djtarek

New member

Juliet

Security Expert-emeritus

djtarek

New member

Attachments

Juliet

Security Expert-emeritus

djtarek

New member

Attachments

Juliet

Security Expert-emeritus

djtarek

New member

Juliet

Security Expert-emeritus

djtarek

New member

Attachments

Juliet

Security Expert-emeritus

Juliet

Security Expert-emeritus