Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

too confident then stupid dont know the same


  • Please log in to reply
10 replies to this topic

#1 camillle

camillle

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 27 September 2014 - 07:07 AM

I' ve got a call from "microsoft" telling me i had been hyjacked and they have to help me to cure my pc

They showed me a screen "microsoft" to prove what they said

I accept to share my PC to enable them to cure it!!!

and they say my Windows 7 would be impaired in one hour (with a sreen to prove it) unless i pay 1 euro..

 

Fianally (to be short) i paid much more because they succeeded in confusing me

 

And i face another probleme:

 

-how to be sure that my pc insent y anymore joined to them?

 

-would i succeed in clearing all the bad things they shoul have send to my PC?

 

I'm sending you my Hyjackthis report as suggested, unless i would have to erase all my hard disk??

 

Thanks for your help if it is not too late!!

 

More, most of my Hyjack report are named 23, that is services which seem to be hard to delete

Then i would need a help on this point too

 

I m not given  enough place to join the rest of my Hyjack' report.How could i manage?

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,555 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 01 October 2014 - 07:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 camillle

camillle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 01 October 2014 - 12:19 PM

Thank you very much for helping me! Ihave beeb so stupid lo open my PC!!

 

I did what you'advised:

After working Adwcleaner nothing appeared in the list, but when I click on "CLEAN" something was found

The trouble is that after a while when I did a new scan+clean the same was found and clean

Has it been reinstalled in a while?

Another thing is about the adresse I got when I open a new window:it is showed at the top of my WORD report: could it be a re-direction??

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-09-2014
Ran by Luc (administrator) on LUC-PC on 01-10-2014 17:34:51
Running from D:\Downloads
Loaded Profiles: Luc & _ocster_1clk_backup_ (Available profiles: Luc & UpdatusUser & _ocster_1clk_backup_ & Administrateur)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL64.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe
() C:\Program Files\Ocster 1-Click Backup\bin\oxHelper.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\program\fsdfwd.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
 
I didnt succeed in attaching Addition.txt, then I'l try to copy it. Sorry
 
Pour vous assurer que le service est configuré correctement, utilisez le composant logiciel enfichable Services dans Microsoft Management Console (MMC).
 
Error: (10/01/2014 05:18:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service MBAMService s’est terminé de façon inattendue pour la 1ème fois.
 
Error: (10/01/2014 05:18:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : 
FSES
 
Error: (10/01/2014 05:05:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service NVIDIA Update Service Daemon n’a pas pu démarrer en raison de l’erreur : 
%%1069
 
Error: (10/01/2014 05:05:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Le service nvUpdatusService n’a pas pu ouvrir de session en tant que .\UpdatusUser avec le mot de passe actuellement configuré en raison de l’erreur suivante : 
%%1330
 
Pour vous assurer que le service est configuré correctement, utilisez le composant logiciel enfichable Services dans Microsoft Management Console (MMC).
 
Error: (10/01/2014 05:03:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service MBAMService s’est terminé de façon inattendue pour la 1ème fois.
 
Error: (10/01/2014 05:03:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.
 
Error: (10/01/2014 05:03:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Le service Windows Search s’est arrêté avec l’erreur service particulière %%-1073473535.
 
Error: (10/01/2014 05:03:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : 
FSES
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-01 17:18:10.758
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 17:18:10.696
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 17:03:11.165
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 17:03:11.118
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:43:50.604
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:43:50.557
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:33:02.633
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:33:02.586
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:15:33.115
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:15:33.053
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 41%
Total physical RAM: 4087.49 MB
Available physical RAM: 2371.84 MB
Total Pagefile: 8173.16 MB
Available Pagefile: 5990.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:349.51 GB) (Free:305.6 GB) NTFS
Drive d: (Mes Documents) (Fixed) (Total:581.9 GB) (Free:577.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EF5CC518)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=349.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
I hope this will help.I dont understand why i failed in attaching files
See you soon.Yours sincerely

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,555 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 01 October 2014 - 12:38 PM

Your FRST.txt log is not complete.

Please copy the content of the file and paste in your next reply.

#5 camillle

camillle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 02 October 2014 - 05:19 AM

I'll try again to attach the file! dont allowed: probably too fat?

 

ional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2014
Ran by Luc at 2014-10-01 17:35:22
Running from D:\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Anti-virus firewall 9.12 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Anti-virus firewall 9.12 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Anti-virus firewall 9.12 (Enabled) {2D7AC0A6-6241-D774-E168-461178D9686C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Anti-virus firewall (HKLM-x32\...\F-Secure Product 440) (Version:  - )
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 2012 v.8.1.4 (HKLM-x32\...\Ashampoo WinOptimizer 2012_is1) (Version: 8.1.4 - Ashampoo GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Driver Magician 4.0 (HKLM-x32\...\Driver Magician_is1) (Version:  - GoldSolution Software, Inc.)
Drivers Manager v3.0 (HKLM-x32\...\Drivers Manager_is1) (Version: 3.0 - Avanquest Software)
FLV-Media Player 1.8 (HKLM-x32\...\FLV-Media Player) (Version: 1.8 - HYBRIDWEB)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
Glary Utilities PRO 4.7 (HKLM-x32\...\Glary Utilities 4) (Version: 4.7.0.96 - Glarysoft Ltd)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
IZArc 4.1.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.2 - Ivan Zahariev)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Arabic) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version:  - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
Mises à jour NVIDIA 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Namosofts Data Recovery 2 (HKLM-x32\...\{D9C57555-4F3C-416A-9BF7-6AD11621E318}) (Version: 1.0.0.0 - Namosofts)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Logiciel système PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA Pilote 3D Vision 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Pilote graphique 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Ocster 1-Click Backup (HKLM\...\Ocster 1-Click Backup) (Version: 1.10 - Ocster GmbH & Co. KG)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Orange update (HKLM-x32\...\OrangeUpdateManager) (Version: 2.2.1.0 - Orange)
Panneau de configuration NVIDIA 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.192.0 - Tracker Software Products Ltd)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Registry Washer (HKLM\...\RegistryWasher_is1) (Version:  - Giant Matrix)
ScanMyReg 2.0 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-A9D60D18D757}_is1) (Version:  - YL Computing, Inc)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SysResources Manager (HKLM-x32\...\SysResources Manager11.2) (Version: 11.2 - Fotis)
SysResources Manager (HKLM-x32\...\SysResources Manager12.0) (Version: 12.0 - Fotis)
SysResources Manager (HKLM-x32\...\SysResources Manager12.2) (Version: 12.2 - OptWin Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{B83A8864-A85D-437E-9D4C-27350765BF46}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1607153074-427997833-5872278-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1607153074-427997833-5872278-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
27-09-2014 01:55:19 Windows Update
27-09-2014 07:41:47 Uniblue SpeedUpMyPC installation
27-09-2014 07:50:43 27092014 avantspeedmysysteme
27-09-2014 08:36:18 Installed HiJackThis
27-09-2014 13:00:00 Uniblue SpeedUpMyPC installation
27-09-2014 13:20:16 Programme d’installation pour les modules Windows
28-09-2014 16:36:13 Point de contrôle créé par HitmanPro
28-09-2014 16:37:21 Point de contrôle créé par HitmanPro
29-09-2014 06:38:34 Point de contrôle créé par HitmanPro
29-09-2014 07:09:30 Removed Java 7 Update 67
29-09-2014 07:11:47 Removed HiJackThis
29-09-2014 07:18:38 Installed HiJackThis
29-09-2014 16:23:46 Removed HiJackThis
29-09-2014 16:38:50 Installed HiJackThis
29-09-2014 16:43:05 Removed HiJackThis
29-09-2014 16:46:57 Installed HiJackThis
29-09-2014 16:59:00 Removed HiJackThis
29-09-2014 17:08:50 Installed HiJackThis
30-09-2014 06:47:22 Windows Update
30-09-2014 18:28:47 Point de contrôle créé par HitmanPro
01-10-2014 06:44:09 Point de contrôle créé par HitmanPro
01-10-2014 10:18:46 Removed HiJackThis
01-10-2014 10:42:20 Windows Update
01-10-2014 11:03:40 Point de contrôle créé par HitmanPro
01-10-2014 11:11:45 Installed HiJackThis
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {045AC17F-3BF0-4B62-B192-798D500281F5} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {0DA7DE02-8108-457B-A149-C1C4CC878F8D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1607153074-427997833-5872278-1000UA => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {116BC099-2E1E-41E4-9F6C-C5F3FA563CD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {3E6B7BFD-1281-4D5D-8C81-3C0AB8E6394E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {5C67A49B-9F22-4AA9-8157-8B5645B22F9E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1607153074-427997833-5872278-1000Core => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {9047F23E-FB75-4ED1-B20F-9057B30DA6BD} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {9E88E200-0899-4AFD-8831-EAC47E249ECF} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-02-28] (Glarysoft Ltd)
Task: {A40A0F19-EDC2-49FD-82EF-B0C36C3677B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {C2AAAADB-FA49-44BD-9364-63321F546400} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {D1274FFD-7038-4D32-82BB-26C306BA57A9} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-02-27] (Glarysoft Ltd)
Task: {FFEC174B-9103-47B7-B9D0-A24D15B2605D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1607153074-427997833-5872278-1000Core.job => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1607153074-427997833-5872278-1000UA.job => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-18 04:03 - 2013-02-10 03:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-01-27 14:47 - 2010-01-19 04:31 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2014-09-25 20:44 - 2014-09-25 20:44 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 00022480 _____ () c:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe
2012-11-28 18:19 - 2012-11-28 18:19 - 00103888 _____ () c:\Program Files\Ocster 1-Click Backup\bin\backupServiceLib.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 10032592 _____ () c:\Program Files\Ocster 1-Click Backup\bin\backupCore.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 00051152 _____ () c:\Program Files\Ocster 1-Click Backup\bin\lzmaUtil.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 03951568 _____ () c:\Program Files\Ocster 1-Click Backup\bin\ox.dll
2012-06-12 17:15 - 2012-06-12 17:15 - 00049664 _____ () c:\Program Files\Ocster 1-Click Backup\bin\lzma.dll
2012-06-12 17:15 - 2012-06-12 17:15 - 00285184 _____ () c:\Program Files\Ocster 1-Click Backup\bin\party.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 00111568 _____ () c:\Program Files\Ocster 1-Click Backup\bin\scoolite.dll
2012-06-12 17:14 - 2012-06-12 17:14 - 00626688 _____ () c:\Program Files\Ocster 1-Click Backup\bin\sqlite.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 00486864 _____ () c:\Program Files\Ocster 1-Click Backup\bin\veem.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 00058832 _____ () c:\Program Files\Ocster 1-Click Backup\bin\minizutil.dll
2012-06-12 17:14 - 2012-06-12 17:14 - 00020992 _____ () c:\Program Files\Ocster 1-Click Backup\bin\zlibutil.dll
2012-06-11 21:41 - 2012-06-11 21:41 - 00076288 _____ () c:\Program Files\Ocster 1-Click Backup\bin\zdll.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 00155088 _____ () c:\Program Files\Ocster 1-Click Backup\bin\deemon.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 00203728 _____ () c:\Program Files\Ocster 1-Click Backup\bin\netutil.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 00467408 _____ () c:\Program Files\Ocster 1-Click Backup\bin\twirl.dll
2012-06-11 22:17 - 2012-06-11 22:17 - 01266688 _____ () c:\Program Files\Ocster 1-Click Backup\bin\LIBEAY32.dll
2012-06-11 22:17 - 2012-06-11 22:17 - 00236032 _____ () c:\Program Files\Ocster 1-Click Backup\bin\SSLEAY32.dll
2012-11-28 18:19 - 2012-11-28 18:19 - 00335312 _____ () c:\Program Files\Ocster 1-Click Backup\bin\tomb.dll
2012-06-12 18:04 - 2012-06-12 18:04 - 00045056 _____ () c:\Program Files\Ocster 1-Click Backup\bin\oxHelper.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Drivers Manager => C:\Program Files (x86)\Drivers Manager\DMLauncher.exe
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Ocster 1-Click Backup => "C:\Program Files\Ocster 1-Click Backup\bin\backupClient-ox1c.exe" --hidden
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-1607153074-427997833-5872278-500 - Administrator - Disabled) => C:\Users\Administrateur
HomeGroupUser$ (S-1-5-21-1607153074-427997833-5872278-1002 - Limited - Enabled)
Invité (S-1-5-21-1607153074-427997833-5872278-501 - Limited - Disabled)
Luc (S-1-5-21-1607153074-427997833-5872278-1000 - Administrator - Enabled) => C:\Users\Luc
UpdatusUser (S-1-5-21-1607153074-427997833-5872278-1003 - Limited - Enabled) => C:\Users\UpdatusUser
_ocster_1clk_backup_ (S-1-5-21-1607153074-427997833-5872278-1004 - Administrator - Enabled) => C:\Users\_ocster_1clk_backup_
 
==================== Faulty Device Manager Devices =============
 
Name: F-Secure Email Scanning Driver
Description: F-Secure Email Scanning Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: FSES
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/01/2014 05:35:25 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2014-10-01  17:35:25+02:00  LUC-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4
 
Error: (10/01/2014 05:18:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamservice.exe, version : 3.0.2.0, horodatage : 0x5318d363
Nom du module défaillant : mbamservice.exe, version : 3.0.2.0, horodatage : 0x5318d363
Code d’exception : 0x40000015
Décalage d’erreur : 0x0007da8a
ID du processus défaillant : 0xb48
Heure de début de l’application défaillante : 0xmbamservice.exe0
Chemin d’accès de l’application défaillante : mbamservice.exe1
Chemin d’accès du module défaillant: mbamservice.exe2
ID de rapport : mbamservice.exe3
 
Error: (10/01/2014 05:03:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamservice.exe, version : 3.0.2.0, horodatage : 0x5318d363
Nom du module défaillant : mbamservice.exe, version : 3.0.2.0, horodatage : 0x5318d363
Code d’exception : 0x40000015
Décalage d’erreur : 0x0007da8a
ID du processus défaillant : 0xab4
Heure de début de l’application défaillante : 0xmbamservice.exe0
Chemin d’accès de l’application défaillante : mbamservice.exe1
Chemin d’accès du module défaillant: mbamservice.exe2
ID de rapport : mbamservice.exe3
 
Error: (10/01/2014 05:03:37 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Impossible d’initialiser l’index.
 
Détails :
Le catalogue d’index des contenus est endommagé.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/01/2014 05:03:37 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Impossible d’initialiser l’application.
 
Contexte : Application Windows
 
Détails :
Le catalogue d’index des contenus est endommagé.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/01/2014 05:03:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Impossible d’initialiser l’objet rassembleur.
 
Contexte : Application Windows, Catalogue SystemIndex
 
Détails :
Le catalogue d’index des contenus est endommagé.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/01/2014 05:03:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Impossible d’initialiser le plug-in dans <Search.TripoliIndexer>.
 
Contexte : Application Windows, Catalogue SystemIndex
 
Détails :
Élément introuvable.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (10/01/2014 05:03:36 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Impossible d’initialiser le plug-in dans <Search.JetPropStore>.
 
Contexte : Application Windows, Catalogue SystemIndex
 
Détails :
Le catalogue d’index des contenus est endommagé.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/01/2014 05:03:36 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Le service Windows Search ne peut pas charger les informations de la banque de propriétés.
 
Contexte : Application Windows, Catalogue SystemIndex
 
Détails :
La base de données d’index des contenus est endommagée.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (10/01/2014 05:03:36 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Le service de recherche Windows a été arrêté à cause d’un problème avec l’indexeur : The catalog is corrupt.
 
Détails :
Le catalogue d’index des contenus est endommagé.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (10/01/2014 05:20:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service NVIDIA Update Service Daemon n’a pas pu démarrer en raison de l’erreur : 
%%1069
 
Error: (10/01/2014 05:20:31 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Le service nvUpdatusService n’a pas pu ouvrir de session en tant que .\UpdatusUser avec le mot de passe actuellement configuré en raison de l’erreur suivante : 
%%1330
 
Pour vous assurer que le service est configuré correctement, utilisez le composant logiciel enfichable Services dans Microsoft Management Console (MMC).
 
Error: (10/01/2014 05:18:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service MBAMService s’est terminé de façon inattendue pour la 1ème fois.
 
Error: (10/01/2014 05:18:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : 
FSES
 
Error: (10/01/2014 05:05:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service NVIDIA Update Service Daemon n’a pas pu démarrer en raison de l’erreur : 
%%1069
 
Error: (10/01/2014 05:05:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Le service nvUpdatusService n’a pas pu ouvrir de session en tant que .\UpdatusUser avec le mot de passe actuellement configuré en raison de l’erreur suivante : 
%%1330
 
Pour vous assurer que le service est configuré correctement, utilisez le composant logiciel enfichable Services dans Microsoft Management Console (MMC).
 
Error: (10/01/2014 05:03:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service MBAMService s’est terminé de façon inattendue pour la 1ème fois.
 
Error: (10/01/2014 05:03:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.
 
Error: (10/01/2014 05:03:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Le service Windows Search s’est arrêté avec l’erreur service particulière %%-1073473535.
 
Error: (10/01/2014 05:03:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : 
FSES
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-01 17:18:10.758
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 17:18:10.696
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 17:03:11.165
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 17:03:11.118
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:43:50.604
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:43:50.557
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:33:02.633
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:33:02.586
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:15:33.115
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-10-01 13:15:33.053
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\fses.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 41%
Total physical RAM: 4087.49 MB
Available physical RAM: 2371.84 MB
Total Pagefile: 8173.16 MB
Available Pagefile: 5990.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:349.51 GB) (Free:305.6 GB) NTFS
Drive d: (Mes Documents) (Fixed) (Total:581.9 GB) (Free:577.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EF5CC518)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=349.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
I hope this is what was incomplete
Thanks very much!!!


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,555 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 02 October 2014 - 07:52 AM


No I'm looking for the FRST.TXT log

[b]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-09-2014[/quote]

You have posted the Additional.txt log.

#7 camillle

camillle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 02 October 2014 - 09:04 AM

Sorry, I'm a little stressed by this incident!!

 

4
Ran by Luc (administrator) on LUC-PC on 01-10-2014 17:34:51
Running from D:\Downloads
Loaded Profiles: Luc & _ocster_1clk_backup_ (Available profiles: Luc & UpdatusUser & _ocster_1clk_backup_ & Administrateur)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL64.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe
() C:\Program Files\Ocster 1-Click Backup\bin\oxHelper.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\program\fsdfwd.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
(F-Secure Corporation) C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE [201128 2009-11-18] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure TNB] => C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe [1655464 2011-09-01] (F-Secure Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1607153074-427997833-5872278-1000\...\Run: [Google Update] => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-02] (Google Inc.)
HKU\S-1-5-21-1607153074-427997833-5872278-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-02-02] (Google Inc.)
HKU\S-1-5-21-1607153074-427997833-5872278-1000\...\Run: [SysResources Manager] => C:\Program Files (x86)\SysResources Manager\SysResManager.exe [2101248 2013-06-02] (OptWin Software)
HKU\S-1-5-21-1607153074-427997833-5872278-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\system32\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\system32\ntshrui.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
BootExecute: autocheck autochk *  bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4264E691EB73CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Browsing Protection Class -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} -> C:\Program Files (x86)\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files (x86)\Orange\Antivirus Firewall\NRS\litmus-ff@f-secure.com
FF Extension: Browsing Protection - C:\Program Files (x86)\Orange\Antivirus Firewall\NRS\litmus-ff@f-secure.com [2011-02-02]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Luc\AppData\Local\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Luc\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Luc\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Luc\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (Google Update) - C:\Users\Luc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-26]
CHR Extension: (Google Docs) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-26]
CHR Extension: (Google Drive) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (YouTube) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Chromebleed) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-17]
CHR Extension: (Google Sheets) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-26]
CHR Extension: (Google Wallet) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe [221608 2009-11-18] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe [846248 2009-11-18] (F-Secure Corporation)
R2 FSMA; C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.EXE [188840 2009-11-18] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [60352 2013-06-06] (F-Secure Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-27] (SurfRight B.V.)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 ocster_1clk_backup; c:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe [22480 2012-11-28] ()
S2 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [729608 2014-09-15] (Orange SA)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2014-02-26] (Glarysoft Ltd)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [202176 2013-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [59784 2009-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2012-08-15] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2011-08-17] ()
S1 FSES; C:\Windows\System32\drivers\fses.sys [50384 2011-09-01] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94024 2009-11-18] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [16768 2009-11-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U3 DfSdkS; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-01 17:34 - 2014-10-01 17:34 - 00000000 ____D () C:\FRST
2014-10-01 17:03 - 2014-10-01 17:18 - 00000624 _____ () C:\Windows\PFRO.log
2014-10-01 17:03 - 2014-10-01 17:18 - 00000112 _____ () C:\Windows\setupact.log
2014-10-01 17:03 - 2014-10-01 17:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 13:12 - 2014-10-01 13:12 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-01 13:12 - 2014-10-01 13:12 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-10-01 08:26 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:26 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 20:31 - 2014-10-01 17:21 - 00193181 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 18:37 - 2014-09-28 18:37 - 00026548 _____ () C:\Windows\system32\.crusader
2014-09-27 16:34 - 2014-09-27 16:34 - 00001421 _____ () C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-27 16:34 - 2014-09-27 16:34 - 00000000 ____D () C:\Users\Administrateur\AppData\Roaming\Adobe
2014-09-27 16:33 - 2014-09-27 16:34 - 00000000 ____D () C:\Users\Administrateur
2014-09-27 16:33 - 2014-09-27 16:33 - 00000020 ___SH () C:\Users\Administrateur\ntuser.ini
2014-09-27 16:33 - 2014-09-27 16:33 - 00000000 _SHDL () C:\Users\Administrateur\Voisinage réseau
2014-09-27 16:33 - 2014-09-27 16:33 - 00000000 _SHDL () C:\Users\Administrateur\Voisinage d'impression
2014-09-27 16:33 - 2014-09-27 16:33 - 00000000 _SHDL () C:\Users\Administrateur\Modèles
2014-09-27 16:33 - 2014-09-27 16:33 - 00000000 _SHDL () C:\Users\Administrateur\Menu Démarrer
2014-09-27 16:33 - 2014-09-27 16:33 - 00000000 _SHDL () C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2014-09-27 16:33 - 2014-09-27 16:33 - 00000000 _SHDL () C:\Users\Administrateur\AppData\Local\Historique
2014-09-27 16:33 - 2012-12-14 18:48 - 00000000 ____D () C:\Users\Administrateur\AppData\Roaming\Macromedia
2014-09-27 16:33 - 2011-02-08 01:12 - 00000000 ____D () C:\Users\Administrateur\AppData\Local\Microsoft Help
2014-09-27 16:33 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-27 16:33 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-27 16:30 - 2014-09-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-27 16:30 - 2014-09-27 16:30 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-27 16:28 - 2014-09-28 18:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-27 09:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-27 09:57 - 2014-10-01 17:17 - 00000000 ____D () C:\AdwCleaner
2014-09-26 08:17 - 2014-09-26 08:17 - 00000000 ____D () C:\Users\FMDK7412
2014-09-25 16:41 - 2014-09-25 16:41 - 00000000 ____D () C:\ProgramData\AMMYY
2014-09-23 20:47 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:47 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-14 11:15 - 2014-09-14 11:15 - 00000000 ____D () C:\ProgramData\Sun
2014-09-13 12:23 - 2014-09-13 12:23 - 00003100 _____ () C:\Windows\System32\Tasks\{FF6F0FA0-9B1B-43DD-A6A8-D00B95B9B8C9}
2014-09-10 03:14 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 03:14 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:14 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:14 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:14 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:14 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:14 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:14 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:14 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:14 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:14 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:14 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:14 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:14 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:14 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:14 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:14 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:14 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 03:14 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:14 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:14 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 03:14 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:14 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:14 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:14 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:14 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:14 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:14 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 03:14 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:14 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 03:00 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 03:00 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 02:49 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 02:49 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 02:49 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 02:49 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 02:48 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 02:48 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 02:48 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 02:48 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 02:48 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 02:48 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 02:48 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-08 19:43 - 2014-02-26 07:17 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-01 17:25 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 17:25 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 17:19 - 2014-03-02 21:26 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-10-01 17:18 - 2014-03-02 21:26 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-10-01 17:18 - 2011-02-02 16:13 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-01 17:18 - 2011-01-27 14:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-01 17:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 17:17 - 2011-02-02 15:47 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1607153074-427997833-5872278-1000UA.job
2014-10-01 17:16 - 2011-02-02 16:13 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 17:08 - 2012-05-29 14:55 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-01 13:45 - 2014-04-14 21:11 - 00000000 ____D () C:\Program Files (x86)\Free Window Registry Repair
2014-10-01 13:34 - 2011-11-28 15:19 - 00000000 ____D () C:\Program Files (x86)\SysResources Manager
2014-10-01 12:46 - 2014-04-14 10:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 18:29 - 2011-02-02 16:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-29 12:33 - 2012-03-28 23:32 - 00000128 _____ () C:\Windows\SysWOW64\91207717.sys
2014-09-28 18:37 - 2014-04-24 15:37 - 00000000 ___RD () C:\Users\Luc\Startup
2014-09-28 12:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-27 16:34 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-27 15:20 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-27 14:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-27 10:00 - 2012-11-01 20:36 - 00000000 ____D () C:\Users\Luc\AppData\Local\CRE
2014-09-27 09:22 - 2011-02-04 00:19 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\vlc
2014-09-27 04:05 - 2011-02-02 15:47 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1607153074-427997833-5872278-1000Core.job
2014-09-26 08:17 - 2012-12-14 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange
2014-09-24 00:08 - 2012-05-29 14:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 00:08 - 2012-05-29 14:55 - 00003940 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 00:08 - 2011-08-04 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 09:06 - 2011-02-02 12:07 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 12:25 - 2009-07-14 07:08 - 00032482 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-10 03:18 - 2011-02-07 16:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 03:13 - 2011-02-02 12:16 - 01665600 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:13 - 2009-07-14 17:24 - 00754788 _____ () C:\Windows\system32\perfh00C.dat
2014-09-10 03:13 - 2009-07-14 17:24 - 00153428 _____ () C:\Windows\system32\perfc00C.dat
2014-09-10 03:13 - 2009-07-14 07:13 - 01665600 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 03:12 - 2013-08-14 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:01 - 2011-02-03 00:03 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 03:00 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\Luc\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 00:26
 
==================== End Of Log ============================
REsult of Farbar recovery Scan Tool 30/09/14
 
I do hope this will be correct
 
Thanks++++


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,555 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 02 October 2014 - 10:35 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 DfSdkS; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

===

How is the computer running now?

#9 camillle

camillle
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 07 October 2014 - 06:17 AM

Dears friends,
thank you very much for all the help
 
But I think I had better to formate and reinstal my OS to be secure
 
That I will do tomorrow
 
I'll change my mail at the same time:: the new will be: guyot.luc[AT]orange.fr
 
I always get a spy called "searchconduit " wich is included in the usersdata as "Default\Webdata" and come again and again every time I delete it
 
I would be very pleased if we could do a new scan to find malware after the new set up of my OS and changing my  connection password
 
Thanks very much  
What's your opinion about that??

Edited by nasdaq, 07 October 2014 - 08:50 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,555 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 07 October 2014 - 08:57 AM

I think it's an over kill.
Conduit is only a nuisance and can be removed.

For your peace of mind you can Re-install the operating system but I would wait until we can get your computer to run normally.

P.S.
Never post your e-mail address in a Forum.
Tools can be used to capture it and you may be getting a lot of SPAMs.

I have obfuscated the e-mail address. I suggest you use an other one that what you were proposing.

For now run my fix and post the log.

Let me know if the problem persists.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,555 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 13 October 2014 - 07:50 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users