Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost running 100% makes everything very slow


  • This topic is locked This topic is locked
17 replies to this topic

#1 julienrz

julienrz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 24 June 2015 - 06:35 AM

hello everybody,

 

I've a recent problem on my PC.

It started with some Avast alert about blocking suspicious url,

but there was no way to fix this problem trought the program.

some days latter i saw the svchost process going up to 100% for a long time nearly blocking all commands.

i did an Avast scan and a Malwarebytes Anti-Malware scan, some files where found and delete but not solving the problem so far.

then i did a Hijackthis scan. i put it here if it can help.

(i read recently hijack was a bit outdate ? is it true ?)

 

thanks very much for the work you're doing on this forum.

 

 

********

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:04:54, on 24/06/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)

FIREFOX: 37.0.2 (x86 fr)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Launch Manager\LManager.EXE
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe
C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\anne lazarevitch\Desktop\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HP LaserJet 400 MFP M425 Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet 400 MFP M425 Series Fax"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Packard Bell\Registration\GREGsvc.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PDF Architect 3 - pdfforge GmbH - C:\Program Files\PDF Architect 3\ws.exe
O23 - Service: PDF Architect 3 CrashHandler - pdfforge GmbH - C:\Program Files\PDF Architect 3\crash-handler-ws.exe
O23 - Service: PDF Architect 3 Creator - pdfforge GmbH - C:\Program Files\PDF Architect 3\creator-ws.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Programme d’installation pour les modules Windows (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 19404 bytes
 



BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:32 PM

Posted 28 June 2015 - 04:31 AM

Hi julienrz, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • Farbar Logs--
      • FRST.txt
      • Addition.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 julienrz

julienrz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 30 June 2015 - 03:50 AM

Hi Valinorum,

thanks a lot for helping me

here is the log as asked

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by anne lazarevitch (administrator) on ANNELAZAREVITCH on 30-06-2015 10:33:45
Running from C:\Users\anne lazarevitch\Desktop
Loaded Profiles: anne lazarevitch (Available Profiles: anne lazarevitch)
Platform: Microsoft Windows 7 Édition Familiale Premium  Service Pack 1 (X86) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\PVSW\Bin\WGE_SRV.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
() C:\PVSW\Bin\w3dbsmgr.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Registration\GREGsvc.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 3\creator-ws.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.EXE
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard Company) C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [698912 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-28] (Avast Software s.r.o.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49904 2014-08-14] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP LaserJet 400 MFP M425 Series Fax] => C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2459888 2014-08-14] (Hewlett-Packard Company)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-28] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-417580712-670514143-2692560524-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1428074191&from=corfr&uid=WDCXWD1600BEVT-22ZCT0_WD-WX90EC9DRC38DRC38&q={searchTerms}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D042915-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}
SearchScopes: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D042915-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}
SearchScopes: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1428074191&from=corfr&uid=WDCXWD1600BEVT-22ZCT0_WD-WX90EC9DRC38DRC38&q={searchTerms}
SearchScopes: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_frFR405FR405
SearchScopes: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-28] (Avast Software s.r.o.)
Toolbar: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [326288 2015-04-29] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [326288 2015-04-29] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [326288 2015-04-29] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [326288 2015-04-29] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll [326288 2015-04-29] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B8A5DA5B-5F60-4E7A-BCDE-B11373D9E74D}: [DhcpNameServer] 192.168.4.100
Tcpip\..\Interfaces\{E010E48F-067B-4AF8-A327-39CAC2BDFC6A}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\anne lazarevitch\AppData\Roaming\Mozilla\Firefox\Profiles\5jgiynsd.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-04-14] (pdfforge GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-11] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\anne lazarevitch\AppData\Roaming\Mozilla\Firefox\Profiles\5jgiynsd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-11]
FF HKLM\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - No Path Or update_url value

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-28] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-28] (Avast Software)
R2 EBP Pervasive.SQL; C:\PVSW\Bin\WGE_SRV.exe [32768 2006-12-07] () [File not signed]
R2 GREGService; C:\Program Files\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2243288 2015-04-14] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-14] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files\PDF Architect 3\creator-ws.exe [740568 2015-04-14] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-30] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-28] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-28] (Avast Software)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VHidMinidrv; system32\drivers\VHIDMini.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys 81F97D8F8B3FB94A451CC6F7CF8B2965
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys EFDEF61C488A193986D4672658E91532
C:\Windows\system32\drivers\aswMonFlt.sys 91AAF4792987B43C0653D74516F092C8
C:\Windows\system32\drivers\aswRdr2.sys 8C8FEC9F50898BB814BDFB5F5B2D566C
C:\Windows\system32\Drivers\aswRvrt.sys 2DB91CE80C367ACDD1331DE9B1E3EAEF
C:\Windows\system32\drivers\aswSnx.sys 83DF5B3DE1C6527972946CDB328446F7
C:\Windows\system32\drivers\aswSP.sys 16D269F0EF94DB61FAB6934DEED19C91
C:\Windows\system32\drivers\aswStm.sys A5F0A2EB182C8A137E2C43CB4109EC1E
C:\Windows\system32\Drivers\aswVmm.sys D45875D018F9FB9BF19B976AD8791DE9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys AC4ADAC154563AB41CC79B0257BC685A
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3051724F223EA48968B19567DE2A81F4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\DKbFltr.sys C701324C9E0C25DD9D60311BD87FBC84
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys DA7DCB6565E68E3F95F043C4B01B8960
C:\Windows\System32\drivers\IntcHdmi.sys 264632ADE8127B7BAA2190CF6FAD435B
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys A5B076011C853B4CAFD6296217A6E345
C:\Windows\System32\Drivers\ksecpkg.sys FD6A70D5D5B5BDF36AD265A232DAFB9A
C:\Windows\System32\DRIVERS\L1C62x86.sys 6C32BFEAB708915D6BBF4B20D4F3EF7B
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 644905A19D0F37F2233DFCE53BC4BC19
C:\Windows\System32\DRIVERS\MpFilter.sys F112DA773EC3E9D3CDE9221ED300E033
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s32.sys EF51B405AD8ACAAE6F0231290D20F516
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 780FF28BCD8470C5FDDEEF69982AA295
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RootMdm.sys 564297827D213F52C7A3A2FF749568CA
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys ACC8107C8CA822972D3E70550DCBF07B
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 553F6CCD7C58EB98D4A8FBDAF283D7A9
C:\Windows\System32\DRIVERS\WSDScan.sys 7DC0270CFD4A05B4112E3EBBF083B595
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\system32\drivers\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 10:33 - 2015-06-30 10:37 - 00030605 _____ C:\Users\anne lazarevitch\Desktop\FRST.txt
2015-06-30 10:32 - 2015-06-30 10:34 - 00000000 ____D C:\FRST
2015-06-30 10:31 - 2015-06-30 10:32 - 01636352 _____ (Farbar) C:\Users\anne lazarevitch\Desktop\FRST.exe
2015-06-24 13:11 - 2015-06-24 13:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-24 13:04 - 2015-06-24 13:04 - 00019406 _____ C:\Users\anne lazarevitch\Desktop\hijackthis.log
2015-06-24 12:39 - 2015-06-24 12:49 - 00000000 ____D C:\Users\anne lazarevitch\Desktop\backups
2015-06-24 10:56 - 2015-06-24 10:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\anne lazarevitch\Desktop\HijackThis.exe
2015-06-23 16:05 - 2015-06-23 16:05 - 00019064 _____ C:\Users\anne lazarevitch\Desktop\EC-FOLIE-20150623.txt
2015-06-22 09:41 - 2015-06-22 09:41 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Local\GWX
2015-05-28 12:08 - 2015-05-28 12:08 - 00000000 ____D C:\Windows\system32\vbox
2015-05-28 11:47 - 2015-05-28 11:22 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-28 11:22 - 2015-05-28 11:22 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-28 11:00 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-28 11:00 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-28 11:00 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-28 11:00 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-28 11:00 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-28 11:00 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-28 11:00 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-28 11:00 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-28 11:00 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-28 11:00 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-28 11:00 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-28 11:00 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-28 11:00 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-28 11:00 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-28 11:00 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-28 11:00 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-28 11:00 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-28 11:00 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-28 11:00 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-28 10:59 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-28 10:59 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-28 10:59 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-28 10:59 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-28 10:59 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-28 10:59 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-28 10:59 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-28 10:59 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-28 10:59 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-28 10:59 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-28 10:59 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-28 10:59 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-28 10:59 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-28 10:59 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-28 10:57 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-28 10:57 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-28 10:57 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-28 10:57 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-28 10:57 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-28 10:57 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-28 10:57 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-28 10:57 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-28 10:57 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-28 10:57 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-28 10:57 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-28 10:57 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-28 10:57 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-28 10:57 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-28 10:57 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-28 10:57 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-28 10:57 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-28 10:56 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 14:52 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 14:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-15 14:33 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-29 17:09 - 2015-04-29 17:09 - 00001441 _____ C:\Users\anne lazarevitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-29 16:03 - 2015-04-29 16:03 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Local\PDFCreator
2015-04-29 15:19 - 2015-04-29 16:06 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Roaming\PDF Architect 3
2015-04-29 15:19 - 2015-04-29 15:19 - 00000965 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2015-04-29 15:17 - 2015-04-29 15:19 - 00000000 ____D C:\Program Files\PDF Architect 3
2015-04-29 15:17 - 2015-04-29 15:17 - 00000000 ____D C:\Users\anne lazarevitch\Documents\PDF Architect
2015-04-29 15:17 - 2015-04-29 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3
2015-04-29 15:15 - 2015-04-29 15:15 - 00000000 ____D C:\ProgramData\PDF Architect 3
2015-04-29 15:14 - 2015-04-29 16:02 - 00000000 ____D C:\Program Files\PDFCreator
2015-04-29 15:14 - 2015-04-29 15:15 - 00099208 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-04-29 15:14 - 2015-04-29 15:14 - 00001001 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2015-04-29 15:14 - 2015-04-29 15:14 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Roaming\pdfforge
2015-04-29 15:14 - 2015-04-29 15:14 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Local\Lavasoft
2015-04-29 15:14 - 2015-04-29 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-04-29 15:14 - 2015-04-27 21:39 - 00326288 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-04-29 15:13 - 2015-04-29 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-04-29 15:13 - 2015-04-29 15:13 - 00000000 ____D C:\Program Files\Lavasoft
2015-04-29 15:12 - 2015-04-29 15:12 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Roaming\Lavasoft
2015-04-29 15:12 - 2015-04-29 15:12 - 00000000 ____D C:\ProgramData\Lavasoft
2015-04-29 13:30 - 2015-06-30 10:26 - 00000000 ____D C:\ProgramData\a1ff43c800000b81
2015-04-29 13:05 - 2015-04-29 14:22 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-04-29 13:00 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-29 13:00 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-29 13:00 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-29 13:00 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-29 13:00 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-29 13:00 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-29 13:00 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-29 13:00 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-29 13:00 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-29 13:00 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-29 12:59 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-29 12:59 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-29 12:59 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-29 12:59 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-29 12:54 - 2015-04-29 14:36 - 00030602 _____ C:\Windows\IE11_main.log
2015-04-29 12:54 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-29 12:54 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-29 12:54 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-29 12:53 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-29 12:53 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-29 12:53 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-04 16:49 - 2015-05-28 17:51 - 00000000 ___SD C:\Windows\system32\GWX
2015-04-03 17:02 - 2015-04-03 17:02 - 00001237 _____ C:\Users\anne lazarevitch\Desktop\##ECHANGE.lnk
2015-04-03 15:59 - 2015-04-03 16:00 - 00000000 ____D C:\Users\anne lazarevitch\Documents\EBP Compta
2015-04-01 23:44 - 2015-04-01 23:44 - 00006148 ____H C:\Users\Public\.DS_Store

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 10:39 - 2010-05-24 06:15 - 01669584 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-30 10:38 - 2009-07-14 06:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 10:38 - 2009-07-14 06:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 10:33 - 2015-01-11 21:18 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-30 10:33 - 2008-01-03 03:08 - 01880790 _____ C:\Windows\WindowsUpdate.log
2015-06-30 10:32 - 2015-03-26 15:21 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Roaming\HpUpdate
2015-06-30 10:27 - 2012-05-06 16:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-30 10:26 - 2015-01-13 23:47 - 00109608 _____ C:\Windows\pvsw.log
2015-06-30 10:26 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 10:25 - 2015-01-13 23:34 - 00004514 _____ C:\Windows\setupact.log
2015-06-24 14:34 - 2015-01-13 23:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-24 12:31 - 2009-07-14 06:53 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-24 12:02 - 2009-07-14 04:04 - 00000410 _____ C:\Windows\win.ini
2015-06-24 12:01 - 2015-02-27 10:15 - 00000000 ____D C:\Users\anne lazarevitch\Documents\sPAIEctacle
2015-06-24 11:32 - 2015-01-13 23:46 - 00044802 _____ C:\Windows\PFRO.log
2015-06-24 11:20 - 2015-01-14 11:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-24 11:20 - 2011-05-29 16:27 - 00002156 _____ C:\Windows\wininit.ini
2015-06-23 10:10 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2015-06-22 16:28 - 2015-01-13 23:34 - 00001072 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-22 16:28 - 2015-01-13 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-22 16:28 - 2015-01-13 23:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2014-08-01 09:14 - 2014-08-01 09:14 - 6010880 _____ () C:\Program Files\GUT9914.tmp
2014-11-24 12:47 - 2014-11-24 12:47 - 6000640 _____ () C:\Program Files\GUTA5D0.tmp
2015-02-16 18:59 - 2015-02-16 18:59 - 0160058 _____ () C:\Program Files\uninstalv551.log
2010-05-24 06:37 - 2008-06-11 17:12 - 0776614 _____ () C:\Program Files\Common Files\packardbell.ico
2010-11-13 18:17 - 2012-12-12 08:22 - 0001262 _____ () C:\Users\anne lazarevitch\AppData\Roaming\wklnhst.dat
2011-11-17 15:09 - 2011-11-17 15:09 - 0000017 _____ () C:\Users\anne lazarevitch\AppData\Local\resmon.resmoncfg
2011-03-05 22:47 - 2011-03-05 22:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-05-24 06:38 - 2009-08-24 14:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\anne lazarevitch\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Gestionnaire de d‚marrage Windows
---------------------------------
identificateur          {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  fr-FR
inherit                 {globalsettings}
default                 {current}
resumeobject            {7c6a6dd6-b9e0-11dc-aab3-c80aa9a849e7}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Chargeur de d‚marrage Windows
-----------------------------
identificateur          {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  fr-FR
inherit                 {bootloadersettings}
recoverysequence        {7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7c6a6dd6-b9e0-11dc-aab3-c80aa9a849e7}
nx                      OptIn

Chargeur de d‚marrage Windows
-----------------------------
identificateur          {7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7}
device                  ramdisk=[C:]\Recovery\7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7\Winre.wim,{7c6a6dd9-b9e0-11dc-aab3-c80aa9a849e7}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7\Winre.wim,{7c6a6dd9-b9e0-11dc-aab3-c80aa9a849e7}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Reprendre … partir de la mise en veille prolong‚e
-------------------------------------------------
identificateur          {7c6a6dd6-b9e0-11dc-aab3-c80aa9a849e7}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  fr-FR
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Testeur de m‚moire Windows
--------------------------
identificateur          {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  fr-FR
inherit                 {globalsettings}
badmemoryaccess         Yes

ParamŠtres EMS
--------------
identificateur          {emssettings}
bootems                 Yes

ParamŠtres du d‚bogueur
-----------------------
identificateur          {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Erreurs de m‚moire RAM
----------------------
identificateur          {badmemory}

ParamŠtres globaux
------------------
identificateur          {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

ParamŠtres du chargeur de d‚marrage
-----------------------------------
identificateur          {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

ParamŠtres de l'hyperviseur
-------------------
identificateur          {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

ParamŠtres du chargeur de reprise
---------------------------------
identificateur          {resumeloadersettings}
inherit                 {globalsettings}

Options de p‚riph‚rique
-----------------------
identificateur          {7c6a6dd9-b9e0-11dc-aab3-c80aa9a849e7}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7\boot.sdi



LastRegBack: 2015-06-22 10:23

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by anne lazarevitch at 2015-06-30 10:45:01
Running from C:\Users\anne lazarevitch\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrateur (S-1-5-21-417580712-670514143-2692560524-500 - Administrator - Disabled)
anne lazarevitch (S-1-5-21-417580712-670514143-2692560524-1000 - Administrator - Enabled) => C:\Users\anne lazarevitch
HomeGroupUser$ (S-1-5-21-417580712-670514143-2692560524-1006 - Limited - Enabled)
Invité (S-1-5-21-417580712-670514143-2692560524-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
Ad-Aware Web Companion (Version: 1.1.980.2014 - Lavasoft) Hidden
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Ciel Compta 15.0 (HKLM\...\{AEB75FCD-59A7-4B71-89D5-293CA630A6C0}) (Version: 230.00.0000 - Ciel)
coolpaie 3.4.0.176 BETA (HKLM\...\coolpaie_is1) (Version:  - )
EBP Btrieve 8.6 (HKLM\...\EBP Btrieve 8.6) (Version:  - EBP)
EBP Btrieve 8.6 (Version: 1.0 - EBP) Hidden
EBP Compta 13.1 (HKLM\...\EBP Compta 13.1) (Version:  - EBP)
EBP Compta 13.1 (Version:  - EBP) Hidden
HP LaserJet 400 MFP M425 (HKLM\...\{568705AA-DD8A-4134-B8B9-9609721FBBCE}) (Version: 5.0.12200.1138 - Hewlett-Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM425DSService (Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (Version: 3.0.26.11 - HP) Hidden
HPLaserJet400MFP-M425_HelpLearnCenter_SI (HKLM\...\{55D8D1AB-94C2-498F-A165-608B834A30EA}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (Version: 020.021.004 - HP) Hidden
HPLJUTCore (Version: 004.005.0001 - HP) Hidden
HPLJUTM425 (Version: 3.00.0003 - HP) Hidden
hppFaxDrvM425 (Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM425LaserJetService (Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM425 (Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM425 (Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version: 3.0.04 - Packard Bell)
LavasoftTcpService (Version: 2.3.3.0 - Lavasoft) Hidden
LibreOffice 4.1 Help Pack (French) (HKLM\...\{9196FBFB-ACAA-4A0B-8591-EB94FB311429}) (Version: 4.1.1.2 - The Document Foundation)
LibreOffice 4.1.5.3 (HKLM\...\{E77773E5-944A-453F-97F3-46767AE0A253}) (Version: 4.1.5.3 - The Document Foundation)
LJDXPHelperUI (Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 fr) (HKLM\...\Mozilla Firefox 38.0.5 (x86 fr)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Packard Bell InfoCentre (HKLM\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell Power Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3007 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Packard Bell)
Packard Bell Registration (HKLM\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM\...\Packard Bell Screensaver) (Version: 1.2.2009.1217 - Packard Bell )
Packard Bell Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
Packard Bell XSync (HKLM\...\InstallShield_{9EB6EAE1-5CFC-46F1-9FB9-5FDA335DDE3D}) (Version: 1.0.677.62 - Packard Bell)
Packard Bell XSync (Version: 1.0.677.62 - Packard Bell) Hidden
PDF Architect 3 (HKLM\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5901 - Realtek Semiconductor Corp.)
sPAIEctacle 5.5.1 (HKLM\...\sPAIEctacle 5.5.1) (Version:  - )
Welcome Center (HKLM\...\Packard Bell Welcome Center) (Version: 1.01.3002 - Packard Bell)
Wise Registry Cleaner 8.31 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\ANNELA~1\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath

==================== Restore Points =========================

28-05-2015 17:51:13 Windows Update
01-06-2015 17:20:09 Windows Update
22-06-2015 09:49:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04942341-0C77-44F3-862F-3D63C23B5619} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {13F5D7B7-40A3-4DAA-A0C2-F4247907DB79} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2012-06-15] (Hewlett Packard)
Task: {1D7A2DB1-C839-4542-A291-63B9E007230E} - System32\Tasks\avastBCLRestartS-1-5-21-417580712-670514143-2692560524-1000 => Firefox.exe
Task: {218D149D-8E3F-4E51-A2D4-88794FF0CB19} - System32\Tasks\{77E59C24-C9A0-4377-BA68-8A72B9A23A7E} => pcalua.exe -a C:\Windows\system32\TVWizudlg.exe -c -uninstall
Task: {34F5B8E7-C8AD-4DD6-ACA8-F1545C6C97DA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-417580712-670514143-2692560524-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {535179B9-C2B4-41FF-A35E-43834693A052} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-417580712-670514143-2692560524-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {64A88242-1274-4150-B70B-FD72BF36C196} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6E354B9C-27E9-4C84-BB76-7F5875734AF7} - System32\Tasks\{C0A6F979-47A0-4A67-A649-4A755B236854} => C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
Task: {92A93FF0-E51B-4728-BB4B-66473ECABD1D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-22] (Avast Software s.r.o.)
Task: {BBAE2F4B-346C-482E-90B1-D5B9B4F14027} - System32\Tasks\{4DF8824A-568F-411F-B3C5-7F8B80E0E786} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {D0DAC53A-D7E5-4C4D-926F-00576337F7A5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {DEB9B471-4A72-49C3-BF7D-269BF116DDE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-05-28 11:22 - 2015-05-28 11:22 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-28 11:21 - 2015-05-28 11:21 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-24 11:34 - 2015-06-24 11:34 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062401\algo.dll
2015-06-30 10:29 - 2015-06-30 10:29 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062901\algo.dll
2006-12-07 17:08 - 2006-12-07 17:08 - 00032768 _____ () C:\PVSW\Bin\WGE_SRV.exe
2004-07-22 14:40 - 2004-07-22 14:40 - 00106546 _____ () C:\PVSW\BIN\W3dbsmgr.EXE
2004-07-22 14:19 - 2004-07-22 14:19 - 00700464 _____ () C:\PVSW\BIN\W3MKDE.DLL
2004-07-22 14:25 - 2004-07-22 14:25 - 00127026 _____ () C:\PVSW\BIN\W3COMSRV.DLL
2015-05-28 11:23 - 2015-05-28 11:26 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:E3C56885
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-417580712-670514143-2692560524-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-417580712-670514143-2692560524-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: OMEA => "C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3B33713F-B751-473E-9E1E-7335CE42259F}] => (Allow) svchost.exe
FirewallRules: [{D75EDD78-8307-40AE-A1D9-C7F5E0637837}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{02AF4ACF-259D-496E-A4EC-F4C18D84B983}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{D4A0EDD1-5E56-4D0A-9A52-0587FFC58E66}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{B34DE550-0356-4D42-8060-F19A347365FE}C:\program files\libreoffice 4\program\soffice.bin] => (Block) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{7A2B6F4F-7430-4E90-9EFF-B7970FFFBF56}C:\program files\libreoffice 4\program\soffice.bin] => (Block) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [{ABB2E9BF-2C3F-423C-B9EC-52478F0FCC8C}] => (Allow) C:\PVSW\Bin\w3dbsmgr.exe
FirewallRules: [{5625E5F5-719D-463B-AD5D-995147581F19}] => (Allow) C:\PVSW\Bin\w3dbsmgr.exe
FirewallRules: [{3EEF2192-9B36-4DEB-9BBD-A4712008515A}] => (Allow) C:\PVSW\Bin\w3dbsmgr.exe
FirewallRules: [{A8952DB9-D0A4-4ADA-A261-B6348A0F1905}] => (Allow) C:\PVSW\Bin\w3dbsmgr.exe
FirewallRules: [{B53E2B17-6479-44F9-B268-4E08ABCA2EBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{44D4944A-2E77-427A-8401-C7D39267101C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F44EF040-FCE7-4676-9823-DB9C08F5C206}] => (Allow) C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe
FirewallRules: [{8DF96532-6012-433F-BCCE-DE2F7E9560D7}] => (Allow) C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\DigitalWizards.exe
FirewallRules: [{19DAE8DA-9E36-46AB-9E2A-15C638F7121E}] => (Allow) C:\Program Files\HP\HP LaserJet 400 MFP M425\Bin\HPNetworkCommunicator.exe
FirewallRules: [{752E4297-35EE-4DE6-8891-2BAAE2893FC1}] => (Allow) C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\EWSProxy.exe
FirewallRules: [{274229D2-2AE7-4F0A-8612-986775B78FC0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A68D9313-23C2-4845-8AE8-F903568F807C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{577159F0-0228-48B8-9A20-B96403614363}C:\pvsw\bin\w3dbsmgr.exe] => (Block) C:\pvsw\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{010EB84B-1DF3-4B89-AE69-098F7A873AAA}C:\pvsw\bin\w3dbsmgr.exe] => (Block) C:\pvsw\bin\w3dbsmgr.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2015 01:37:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante HPLaserJetService.exe, version : 9.27.856.0, horodatage : 0x4fa1f537
Nom du module défaillant : hpzjcd01.dll, version : 7.0.13.0, horodatage : 0x48081c3a
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000131ae
ID du processus défaillant : 0x%9
Heure de début de l’application défaillante : 0xHPLaserJetService.exe0
Chemin d’accès de l’application défaillante : HPLaserJetService.exe1
Chemin d’accès du module défaillant: HPLaserJetService.exe2
ID de rapport : HPLaserJetService.exe3

Error: (06/24/2015 00:33:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme HijackThis.exe version 2.0.0.5 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : bd4

Heure de début : 01d0ae68ecf594ad

Heure de fin : 31

Chemin d’accès de l’application : C:\Users\anne lazarevitch\Desktop\HijackThis.exe

ID de rapport : 5027fa75-1a5c-11e5-aceb-c80aa9a849e7

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:23:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.


System errors:
=============
Error: (06/30/2015 10:27:13 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORITE NTSystèmeS-1-5-18LocalHost (utilisation de LRPC)

Error: (06/30/2015 10:27:13 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORITE NTSERVICE LOCALS-1-5-19LocalHost (utilisation de LRPC)

Error: (06/30/2015 10:26:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
BTHidMgr
cdrom

Error: (06/24/2015 01:37:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service HP LaserJet Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/24/2015 00:33:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Planificateur de classes multimédias, mais cette action a échoué en raison de l’erreur suivante :
%%1056

Error: (06/24/2015 00:33:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Service de profil utilisateur, mais cette action a échoué en raison de l’erreur suivante :
%%1056

Error: (06/24/2015 00:33:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Infrastructure de gestion Windows, mais cette action a échoué en raison de l’erreur suivante :
%%1056

Error: (06/24/2015 00:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Update s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.

Error: (06/24/2015 00:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Infrastructure de gestion Windows s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 120000 millisecondes : Redémarrer le service.

Error: (06/24/2015 00:31:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Thèmes s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.


Microsoft Office:
=========================
Error: (06/24/2015 01:37:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPLaserJetService.exe9.27.856.04fa1f537hpzjcd01.dll7.0.13.048081c3ac0000005000131ae

Error: (06/24/2015 00:33:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HijackThis.exe2.0.0.5bd401d0ae68ecf594ad31C:\Users\anne lazarevitch\Desktop\HijackThis.exe5027fa75-1a5c-11e5-aceb-c80aa9a849e7

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\GoTip.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\FileSync.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\OutlookSyncM.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\GoTip.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GoTip.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GO!Bridge.exe

Error: (06/22/2015 10:25:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\Digital Imaging\Fax\Fax Printer Drivers 0.6 Setup\hppfaxprinteremail_x64.exe

Error: (06/22/2015 10:23:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\GoTip.exe


CodeIntegrity Errors:
===================================
  Date: 2013-10-19 00:29:16.753
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2013-10-19 00:29:16.142
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2012-12-07 23:36:11.784
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2012-12-07 23:36:11.565
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-13 22:14:30.566
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-13 22:14:30.451
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-04 23:18:35.098
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-04 23:18:34.998
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-04 22:30:08.173
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-04 22:30:08.016
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 743 @ 1.30GHz
Percentage of memory in use: 41%
Total physical RAM: 2974.92 MB
Available physical RAM: 1742.53 MB
Total Pagefile: 5948.14 MB
Available Pagefile: 4236.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.6 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:135.95 GB) (Free:103.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 14107798)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=136 GB) - (Type=07 NTFS)

==================== End of log ============================



#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:32 PM

Posted 01 July 2015 - 02:58 AM

Hi,
Uninstall Wise Registry Cleaner 8.31
Uninstall the remnants of Lavasoft by reading this


 
  • Step #2 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      Closeprocesses:
      EmptyTemp:
      HKLM\...\Run: [] => [X]
      HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
      SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1428074191&from=corfr&uid=WDCXWD1600BEVT-22ZCT0_WD-WX90EC9DRC38DRC38&q={searchTerms}
      SearchScopes: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1428074191&from=corfr&uid=WDCXWD1600BEVT-22ZCT0_WD-WX90EC9DRC38DRC38&q={searchTerms}
      CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
      CHR HKLM\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - No Path Or update_url value
      Ad-Aware Web Companion (Version: 1.1.980.2014 - Lavasoft) Hidden
      LavasoftTcpService (Version: 2.3.3.0 - Lavasoft) Hidden
      CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\ANNELA~1\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
      AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
      AlternateDataStreams: C:\ProgramData\TEMP:E3C56885
      HKU\S-1-5-21-417580712-670514143-2692560524-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
      CMD:bitsadmin /reset /allusers
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #2 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Required Log(s):
    • FRST Fix Log
    • AdwCleaner Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 julienrz

julienrz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 01 July 2015 - 07:15 AM

Hi Valinorum,

 

For the remnants of Lavasoft i did not find any of the uninstall files that where describe in the topic

I just deleted C:\Documents and Settings\[User Name]\Application Data\Lavasoft and reboot but don't know if it is enouth.

 

For the rest here are the logs you asked

 

Regards

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by anne lazarevitch at 2015-07-01 13:46:53 Run:1
Running from C:\Users\anne lazarevitch\Desktop
Loaded Profiles: anne lazarevitch (Available Profiles: anne lazarevitch)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
EmptyTemp:
HKLM\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1428074191&from=corfr&uid=WDCXWD1600BEVT-22ZCT0_WD-WX90EC9DRC38DRC38&q={searchTerms}
SearchScopes: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1428074191&from=corfr&uid=WDCXWD1600BEVT-22ZCT0_WD-WX90EC9DRC38DRC38&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - No Path Or update_url value
Ad-Aware Web Companion (Version: 1.1.980.2014 - Lavasoft) Hidden
LavasoftTcpService (Version: 2.3.3.0 - Lavasoft) Hidden
CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\ANNELA~1\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:E3C56885
HKU\S-1-5-21-417580712-670514143-2692560524-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
CMD:bitsadmin /reset /allusers
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKU\S-1-5-21-417580712-670514143-2692560524-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65972064-0C2B-4710-A3F8-825F26636993}\\SystemComponent => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90CF05DE-735F-42AB-A52A-F447FDFBE207}\\SystemComponent => value removed successfully.
"HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}" => key removed successfully.
C:\ProgramData\TEMP => ":93DE1838" ADS removed successfully..
C:\ProgramData\TEMP => ":E3C56885" ADS removed successfully..
"HKU\S-1-5-21-417580712-670514143-2692560524-1000\Software\Classes\.exe" => key removed successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {5E61AA5B-142B-48E2-875A-47B7A7565DC9}.
{9979382C-64FD-4383-83D1-37A59F72D291} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 903.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:50:52 ====

 

 

 

 

 

 

 

# AdwCleaner v4.207 - Rapport crÈÈ le 01/07/2015 ‡ 14:05:16
# Mis ‡ jour le 21/06/2015 par Xplode
# Base de donnÈes : 2015-06-29.1 [Serveur]
# SystËme d'exploitation : Windows 7 Home Premium Service Pack 1 (x86)
# Nom d'utilisateur : anne lazarevitch - ANNELAZAREVITCH
# ExÈcutÈ depuis : C:\Users\anne lazarevitch\Desktop\AdwCleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier SupprimÈ : C:\ProgramData\Partner
Dossier SupprimÈ : C:\ProgramData\a1ff43c800000b81
Dossier SupprimÈ : C:\Users\anne lazarevitch\AppData\Roaming\pdfforge
Fichier SupprimÈ : C:\Users\anne lazarevitch\AppData\Roaming\Mozilla\Firefox\Profiles\5jgiynsd.default\invalidprefs.js

***** [ T‚ches planifiÈes ] *****


***** [ Raccourcis ] *****

Raccourci DÈsinfectÈ : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support\Contact.lnk
Raccourci DÈsinfectÈ : C:\Users\anne lazarevitch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registre ] *****

ClÈ SupprimÈe : HKLM\SOFTWARE\e433c26b-1b5a-b5a3-81c0-80909e5bc3e7
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
ClÈ SupprimÈe : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
ClÈ SupprimÈe : HKCU\Software\Conduit
ClÈ SupprimÈe : HKCU\Software\YahooPartnerToolbar
ClÈ SupprimÈe : HKCU\Software\Super Optimizer
ClÈ SupprimÈe : HKCU\Software\PRODUCTSETUP
ClÈ SupprimÈe : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
ClÈ SupprimÈe : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
ClÈ SupprimÈe : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
ClÈ SupprimÈe : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
ClÈ SupprimÈe : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 fr)


*************************

AdwCleaner[R0].txt - [2916 octets] - [01/07/2015 13:59:52]
AdwCleaner[S0].txt - [2893 octets] - [01/07/2015 14:05:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2953  octets] ##########
 



#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:32 PM

Posted 01 July 2015 - 03:27 PM

Are you still facing your initial issue?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 julienrz

julienrz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 02 July 2015 - 12:25 PM

Hi Valinorum

 

Yes the svchost process is still using all the processor capacity in my task manager. and also a lot of RAM.

It starts 5 minutes after the computer is on

 

I also notice the process Trustedinstaller.exe runs almost 100% for a short time just before the svchost starts. Don't know if it can help.

 

Tell me if there is others things i can try.

And thanks again for helping me.

 

Regards



#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:32 PM

Posted 02 July 2015 - 12:44 PM

Trustedinstaller.exe is an important process and its periodical high CPU usage is normal, not an aberration or a flaw. Part of the “Windows Module Installer”, trustedinstaller.exe main purpose is to check for new Windows updates.

Please post a fresh FRST scan log for my perusal.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 julienrz

julienrz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 02 July 2015 - 01:59 PM

here it is

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by anne lazarevitch (administrator) on ANNELAZAREVITCH on 02-07-2015 20:26:57
Running from C:\Users\anne lazarevitch\Desktop
Loaded Profiles: anne lazarevitch (Available Profiles: anne lazarevitch)
Platform: Microsoft Windows 7 Édition Familiale Premium  Service Pack 1 (X86) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\PVSW\Bin\WGE_SRV.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
() C:\PVSW\Bin\w3dbsmgr.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Registration\GREGsvc.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 3\creator-ws.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.EXE
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard Company) C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [698912 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-28] (Avast Software s.r.o.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49904 2014-08-14] (Hewlett-Packard)
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP LaserJet 400 MFP M425 Series Fax] => C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2459888 2014-08-14] (Hewlett-Packard Company)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-28] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-417580712-670514143-2692560524-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_frFR405FR405
SearchScopes: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-28] (Avast Software s.r.o.)
Toolbar: HKU\S-1-5-21-417580712-670514143-2692560524-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B8A5DA5B-5F60-4E7A-BCDE-B11373D9E74D}: [DhcpNameServer] 192.168.4.100
Tcpip\..\Interfaces\{E010E48F-067B-4AF8-A327-39CAC2BDFC6A}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\anne lazarevitch\AppData\Roaming\Mozilla\Firefox\Profiles\5jgiynsd.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-04-14] (pdfforge GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-11] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\anne lazarevitch\AppData\Roaming\Mozilla\Firefox\Profiles\5jgiynsd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-11]
FF HKLM\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-28] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-28] (Avast Software)
R2 EBP Pervasive.SQL; C:\PVSW\Bin\WGE_SRV.exe [32768 2006-12-07] () [File not signed]
R2 GREGService; C:\Program Files\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2243288 2015-04-14] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-14] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files\PDF Architect 3\creator-ws.exe [740568 2015-04-14] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-30] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-28] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-28] (Avast Software)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VHidMinidrv; system32\drivers\VHIDMini.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys 81F97D8F8B3FB94A451CC6F7CF8B2965
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys EFDEF61C488A193986D4672658E91532
C:\Windows\system32\drivers\aswMonFlt.sys 91AAF4792987B43C0653D74516F092C8
C:\Windows\system32\drivers\aswRdr2.sys 8C8FEC9F50898BB814BDFB5F5B2D566C
C:\Windows\system32\Drivers\aswRvrt.sys 2DB91CE80C367ACDD1331DE9B1E3EAEF
C:\Windows\system32\drivers\aswSnx.sys 83DF5B3DE1C6527972946CDB328446F7
C:\Windows\system32\drivers\aswSP.sys 16D269F0EF94DB61FAB6934DEED19C91
C:\Windows\system32\drivers\aswStm.sys A5F0A2EB182C8A137E2C43CB4109EC1E
C:\Windows\system32\Drivers\aswVmm.sys D45875D018F9FB9BF19B976AD8791DE9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys AC4ADAC154563AB41CC79B0257BC685A
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3051724F223EA48968B19567DE2A81F4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\DKbFltr.sys C701324C9E0C25DD9D60311BD87FBC84
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys DA7DCB6565E68E3F95F043C4B01B8960
C:\Windows\System32\drivers\IntcHdmi.sys 264632ADE8127B7BAA2190CF6FAD435B
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys A5B076011C853B4CAFD6296217A6E345
C:\Windows\System32\Drivers\ksecpkg.sys FD6A70D5D5B5BDF36AD265A232DAFB9A
C:\Windows\System32\DRIVERS\L1C62x86.sys 6C32BFEAB708915D6BBF4B20D4F3EF7B
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 644905A19D0F37F2233DFCE53BC4BC19
C:\Windows\System32\DRIVERS\MpFilter.sys F112DA773EC3E9D3CDE9221ED300E033
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5s32.sys EF51B405AD8ACAAE6F0231290D20F516
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 780FF28BCD8470C5FDDEEF69982AA295
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RootMdm.sys 564297827D213F52C7A3A2FF749568CA
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys ACC8107C8CA822972D3E70550DCBF07B
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 553F6CCD7C58EB98D4A8FBDAF283D7A9
C:\Windows\System32\DRIVERS\WSDScan.sys 7DC0270CFD4A05B4112E3EBBF083B595
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\system32\drivers\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 20:26 - 2015-07-02 20:28 - 00028598 _____ C:\Users\anne lazarevitch\Desktop\FRST.txt
2015-07-01 13:59 - 2015-07-01 14:05 - 00000000 ____D C:\AdwCleaner
2015-07-01 13:49 - 2015-07-01 13:49 - 02244096 _____ C:\Users\anne lazarevitch\Desktop\AdwCleaner.exe
2015-06-30 10:46 - 2015-07-02 20:23 - 00025538 _____ C:\Users\anne lazarevitch\Desktop\Shortcut.txt
2015-06-30 10:32 - 2015-07-02 20:27 - 00000000 ____D C:\FRST
2015-06-30 10:31 - 2015-06-30 10:32 - 01636352 _____ (Farbar) C:\Users\anne lazarevitch\Desktop\FRST.exe
2015-06-24 13:11 - 2015-06-24 13:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-24 13:04 - 2015-06-24 13:04 - 00019406 _____ C:\Users\anne lazarevitch\Desktop\hijackthis.log
2015-06-24 12:39 - 2015-06-24 12:49 - 00000000 ____D C:\Users\anne lazarevitch\Desktop\backups
2015-06-24 10:56 - 2015-06-24 10:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\anne lazarevitch\Desktop\HijackThis.exe
2015-06-22 09:41 - 2015-06-22 09:41 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Local\GWX
2015-05-28 12:08 - 2015-05-28 12:08 - 00000000 ____D C:\Windows\system32\vbox
2015-05-28 11:47 - 2015-05-28 11:22 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-28 11:22 - 2015-05-28 11:22 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-28 11:00 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-28 11:00 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-28 11:00 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-28 11:00 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-28 11:00 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-28 11:00 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-28 11:00 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-28 11:00 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-28 11:00 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-28 11:00 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-28 11:00 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-28 11:00 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-28 11:00 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-28 11:00 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-28 11:00 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-28 11:00 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-28 11:00 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-28 11:00 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-28 11:00 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-28 10:59 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-28 10:59 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-28 10:59 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-28 10:59 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-28 10:59 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-28 10:59 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-28 10:59 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-28 10:59 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-28 10:59 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-28 10:59 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-28 10:59 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-28 10:59 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-28 10:59 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-28 10:59 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-28 10:57 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-28 10:57 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-28 10:57 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-28 10:57 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-28 10:57 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-28 10:57 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-28 10:57 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-28 10:57 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-28 10:57 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-28 10:57 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-28 10:57 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-28 10:57 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-28 10:57 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-28 10:57 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-28 10:57 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-28 10:57 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-28 10:57 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-28 10:57 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-28 10:56 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 14:52 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 14:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-15 14:33 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-29 17:09 - 2015-04-29 17:09 - 00001441 _____ C:\Users\anne lazarevitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-29 16:03 - 2015-04-29 16:03 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Local\PDFCreator
2015-04-29 15:19 - 2015-04-29 16:06 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Roaming\PDF Architect 3
2015-04-29 15:19 - 2015-04-29 15:19 - 00000965 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2015-04-29 15:17 - 2015-04-29 15:19 - 00000000 ____D C:\Program Files\PDF Architect 3
2015-04-29 15:17 - 2015-04-29 15:17 - 00000000 ____D C:\Users\anne lazarevitch\Documents\PDF Architect
2015-04-29 15:17 - 2015-04-29 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3
2015-04-29 15:15 - 2015-04-29 15:15 - 00000000 ____D C:\ProgramData\PDF Architect 3
2015-04-29 15:14 - 2015-04-29 16:02 - 00000000 ____D C:\Program Files\PDFCreator
2015-04-29 15:14 - 2015-04-29 15:15 - 00099208 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-04-29 15:14 - 2015-04-29 15:14 - 00001001 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2015-04-29 15:14 - 2015-04-29 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-04-29 15:14 - 2015-04-27 21:39 - 00326288 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-04-29 13:05 - 2015-04-29 14:22 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-04-29 13:00 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-29 13:00 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-29 13:00 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-29 13:00 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-29 13:00 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-29 13:00 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-29 13:00 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-29 13:00 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-29 13:00 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-29 13:00 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-29 13:00 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-29 12:59 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-29 12:59 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-29 12:59 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-29 12:59 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-29 12:54 - 2015-04-29 14:36 - 00030602 _____ C:\Windows\IE11_main.log
2015-04-29 12:54 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-29 12:54 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-29 12:54 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-29 12:54 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-29 12:53 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-29 12:53 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-29 12:53 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-04 16:49 - 2015-05-28 17:51 - 00000000 ___SD C:\Windows\system32\GWX
2015-04-03 17:02 - 2015-04-03 17:02 - 00001237 _____ C:\Users\anne lazarevitch\Desktop\##ECHANGE.lnk
2015-04-03 15:59 - 2015-04-03 16:00 - 00000000 ____D C:\Users\anne lazarevitch\Documents\EBP Compta

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 20:26 - 2009-07-14 06:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-02 20:26 - 2009-07-14 06:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-02 20:23 - 2015-03-26 14:00 - 00000000 ____D C:\Users\Public\##ECHANGE
2015-07-02 20:23 - 2008-01-03 03:08 - 02057149 _____ C:\Windows\WindowsUpdate.log
2015-07-02 20:18 - 2015-01-13 23:47 - 00124863 _____ C:\Windows\pvsw.log
2015-07-02 20:18 - 2015-01-13 23:34 - 00004850 _____ C:\Windows\setupact.log
2015-07-02 20:18 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-01 14:16 - 2015-02-27 10:15 - 00000000 ____D C:\Users\anne lazarevitch\Documents\sPAIEctacle
2015-07-01 14:05 - 2010-05-24 06:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support
2015-07-01 13:18 - 2010-05-24 06:15 - 01669584 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 13:08 - 2009-07-14 06:53 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-01 12:13 - 2012-05-06 16:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-30 10:33 - 2015-01-11 21:18 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-30 10:32 - 2015-03-26 15:21 - 00000000 ____D C:\Users\anne lazarevitch\AppData\Roaming\HpUpdate
2015-06-24 14:34 - 2015-01-13 23:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-24 12:02 - 2009-07-14 04:04 - 00000410 _____ C:\Windows\win.ini
2015-06-24 11:32 - 2015-01-13 23:46 - 00044802 _____ C:\Windows\PFRO.log
2015-06-24 11:20 - 2015-01-14 11:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-24 11:20 - 2011-05-29 16:27 - 00002156 _____ C:\Windows\wininit.ini
2015-06-23 10:10 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2015-06-22 16:28 - 2015-01-13 23:34 - 00001072 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-22 16:28 - 2015-01-13 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-22 16:28 - 2015-01-13 23:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

==================== Files in the root of some directories =======

2014-08-01 09:14 - 2014-08-01 09:14 - 6010880 _____ () C:\Program Files\GUT9914.tmp
2014-11-24 12:47 - 2014-11-24 12:47 - 6000640 _____ () C:\Program Files\GUTA5D0.tmp
2015-02-16 18:59 - 2015-02-16 18:59 - 0160058 _____ () C:\Program Files\uninstalv551.log
2010-05-24 06:37 - 2008-06-11 17:12 - 0776614 _____ () C:\Program Files\Common Files\packardbell.ico
2010-11-13 18:17 - 2012-12-12 08:22 - 0001262 _____ () C:\Users\anne lazarevitch\AppData\Roaming\wklnhst.dat
2011-11-17 15:09 - 2011-11-17 15:09 - 0000017 _____ () C:\Users\anne lazarevitch\AppData\Local\resmon.resmoncfg
2011-03-05 22:47 - 2011-03-05 22:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-05-24 06:38 - 2009-08-24 14:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\anne lazarevitch\AppData\Local\Temp\Quarantine.exe
C:\Users\anne lazarevitch\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Gestionnaire de d‚marrage Windows
---------------------------------
identificateur          {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  fr-FR
inherit                 {globalsettings}
default                 {current}
resumeobject            {7c6a6dd6-b9e0-11dc-aab3-c80aa9a849e7}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Chargeur de d‚marrage Windows
-----------------------------
identificateur          {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  fr-FR
inherit                 {bootloadersettings}
recoverysequence        {7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7c6a6dd6-b9e0-11dc-aab3-c80aa9a849e7}
nx                      OptIn

Chargeur de d‚marrage Windows
-----------------------------
identificateur          {7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7}
device                  ramdisk=[C:]\Recovery\7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7\Winre.wim,{7c6a6dd9-b9e0-11dc-aab3-c80aa9a849e7}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7\Winre.wim,{7c6a6dd9-b9e0-11dc-aab3-c80aa9a849e7}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Reprendre … partir de la mise en veille prolong‚e
-------------------------------------------------
identificateur          {7c6a6dd6-b9e0-11dc-aab3-c80aa9a849e7}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  fr-FR
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Testeur de m‚moire Windows
--------------------------
identificateur          {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  fr-FR
inherit                 {globalsettings}
badmemoryaccess         Yes

ParamŠtres EMS
--------------
identificateur          {emssettings}
bootems                 Yes

ParamŠtres du d‚bogueur
-----------------------
identificateur          {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Erreurs de m‚moire RAM
----------------------
identificateur          {badmemory}

ParamŠtres globaux
------------------
identificateur          {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

ParamŠtres du chargeur de d‚marrage
-----------------------------------
identificateur          {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

ParamŠtres de l'hyperviseur
-------------------
identificateur          {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

ParamŠtres du chargeur de reprise
---------------------------------
identificateur          {resumeloadersettings}
inherit                 {globalsettings}

Options de p‚riph‚rique
-----------------------
identificateur          {7c6a6dd9-b9e0-11dc-aab3-c80aa9a849e7}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\7c6a6dd8-b9e0-11dc-aab3-c80aa9a849e7\boot.sdi



LastRegBack: 2015-06-22 10:23

==================== End of log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by anne lazarevitch at 2015-07-02 20:38:46
Running from C:\Users\anne lazarevitch\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrateur (S-1-5-21-417580712-670514143-2692560524-500 - Administrator - Disabled)
anne lazarevitch (S-1-5-21-417580712-670514143-2692560524-1000 - Administrator - Enabled) => C:\Users\anne lazarevitch
HomeGroupUser$ (S-1-5-21-417580712-670514143-2692560524-1006 - Limited - Enabled)
Invité (S-1-5-21-417580712-670514143-2692560524-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
Ad-Aware Web Companion (HKLM\...\{65972064-0C2B-4710-A3F8-825F26636993}) (Version: 1.1.980.2014 - Lavasoft)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Ciel Compta 15.0 (HKLM\...\{AEB75FCD-59A7-4B71-89D5-293CA630A6C0}) (Version: 230.00.0000 - Ciel)
coolpaie 3.4.0.176 BETA (HKLM\...\coolpaie_is1) (Version:  - )
EBP Btrieve 8.6 (HKLM\...\EBP Btrieve 8.6) (Version:  - EBP)
EBP Btrieve 8.6 (Version: 1.0 - EBP) Hidden
EBP Compta 13.1 (HKLM\...\EBP Compta 13.1) (Version:  - EBP)
EBP Compta 13.1 (Version:  - EBP) Hidden
HP LaserJet 400 MFP M425 (HKLM\...\{568705AA-DD8A-4134-B8B9-9609721FBBCE}) (Version: 5.0.12200.1138 - Hewlett-Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM425DSService (Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (Version: 3.0.26.11 - HP) Hidden
HPLaserJet400MFP-M425_HelpLearnCenter_SI (HKLM\...\{55D8D1AB-94C2-498F-A165-608B834A30EA}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (Version: 020.021.004 - HP) Hidden
HPLJUTCore (Version: 004.005.0001 - HP) Hidden
HPLJUTM425 (Version: 3.00.0003 - HP) Hidden
hppFaxDrvM425 (Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM425LaserJetService (Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM425 (Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM425 (Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version: 3.0.04 - Packard Bell)
LavasoftTcpService (HKLM\...\{90CF05DE-735F-42AB-A52A-F447FDFBE207}) (Version: 2.3.3.0 - Lavasoft)
LibreOffice 4.1 Help Pack (French) (HKLM\...\{9196FBFB-ACAA-4A0B-8591-EB94FB311429}) (Version: 4.1.1.2 - The Document Foundation)
LibreOffice 4.1.5.3 (HKLM\...\{E77773E5-944A-453F-97F3-46767AE0A253}) (Version: 4.1.5.3 - The Document Foundation)
LJDXPHelperUI (Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 fr) (HKLM\...\Mozilla Firefox 38.0.5 (x86 fr)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Packard Bell InfoCentre (HKLM\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell Power Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3007 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Packard Bell)
Packard Bell Registration (HKLM\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM\...\Packard Bell Screensaver) (Version: 1.2.2009.1217 - Packard Bell )
Packard Bell XSync (HKLM\...\InstallShield_{9EB6EAE1-5CFC-46F1-9FB9-5FDA335DDE3D}) (Version: 1.0.677.62 - Packard Bell)
Packard Bell XSync (Version: 1.0.677.62 - Packard Bell) Hidden
PDF Architect 3 (HKLM\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5901 - Realtek Semiconductor Corp.)
sPAIEctacle 5.5.1 (HKLM\...\sPAIEctacle 5.5.1) (Version:  - )
Welcome Center (HKLM\...\Packard Bell Welcome Center) (Version: 1.01.3002 - Packard Bell)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-417580712-670514143-2692560524-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No Filepath

==================== Restore Points =========================

28-05-2015 17:51:13 Windows Update
01-06-2015 17:20:09 Windows Update
22-06-2015 09:49:41 Windows Update
30-06-2015 10:47:01 Windows Update
01-07-2015 13:47:07 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04942341-0C77-44F3-862F-3D63C23B5619} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {13F5D7B7-40A3-4DAA-A0C2-F4247907DB79} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2012-06-15] (Hewlett Packard)
Task: {1D7A2DB1-C839-4542-A291-63B9E007230E} - System32\Tasks\avastBCLRestartS-1-5-21-417580712-670514143-2692560524-1000 => Firefox.exe
Task: {218D149D-8E3F-4E51-A2D4-88794FF0CB19} - System32\Tasks\{77E59C24-C9A0-4377-BA68-8A72B9A23A7E} => pcalua.exe -a C:\Windows\system32\TVWizudlg.exe -c -uninstall
Task: {34F5B8E7-C8AD-4DD6-ACA8-F1545C6C97DA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-417580712-670514143-2692560524-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {535179B9-C2B4-41FF-A35E-43834693A052} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-417580712-670514143-2692560524-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {64A88242-1274-4150-B70B-FD72BF36C196} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6E354B9C-27E9-4C84-BB76-7F5875734AF7} - System32\Tasks\{C0A6F979-47A0-4A67-A649-4A755B236854} => C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
Task: {92A93FF0-E51B-4728-BB4B-66473ECABD1D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-22] (Avast Software s.r.o.)
Task: {A954937C-BE98-4F98-9236-076B2E2D929C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {BBAE2F4B-346C-482E-90B1-D5B9B4F14027} - System32\Tasks\{4DF8824A-568F-411F-B3C5-7F8B80E0E786} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {DEB9B471-4A72-49C3-BF7D-269BF116DDE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-05-28 11:22 - 2015-05-28 11:22 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-28 11:21 - 2015-05-28 11:21 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-02 19:13 - 2015-07-02 19:13 - 02955264 _____ () C:\Program Files\AVAST Software\Avast\defs\15070202\algo.dll
2006-12-07 17:08 - 2006-12-07 17:08 - 00032768 _____ () C:\PVSW\Bin\WGE_SRV.exe
2004-07-22 14:40 - 2004-07-22 14:40 - 00106546 _____ () C:\PVSW\BIN\W3dbsmgr.EXE
2004-07-22 14:19 - 2004-07-22 14:19 - 00700464 _____ () C:\PVSW\BIN\W3MKDE.DLL
2004-07-22 14:25 - 2004-07-22 14:25 - 00127026 _____ () C:\PVSW\BIN\W3COMSRV.DLL
2015-05-28 11:23 - 2015-05-28 11:26 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\anne lazarevitch\Desktop\AdwCleaner.exe:com.apple.quarantine
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-417580712-670514143-2692560524-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: OMEA => "C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3B33713F-B751-473E-9E1E-7335CE42259F}] => (Allow) svchost.exe
FirewallRules: [{D75EDD78-8307-40AE-A1D9-C7F5E0637837}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{02AF4ACF-259D-496E-A4EC-F4C18D84B983}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{D4A0EDD1-5E56-4D0A-9A52-0587FFC58E66}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{B34DE550-0356-4D42-8060-F19A347365FE}C:\program files\libreoffice 4\program\soffice.bin] => (Block) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{7A2B6F4F-7430-4E90-9EFF-B7970FFFBF56}C:\program files\libreoffice 4\program\soffice.bin] => (Block) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [{ABB2E9BF-2C3F-423C-B9EC-52478F0FCC8C}] => (Allow) C:\PVSW\Bin\w3dbsmgr.exe
FirewallRules: [{5625E5F5-719D-463B-AD5D-995147581F19}] => (Allow) C:\PVSW\Bin\w3dbsmgr.exe
FirewallRules: [{3EEF2192-9B36-4DEB-9BBD-A4712008515A}] => (Allow) C:\PVSW\Bin\w3dbsmgr.exe
FirewallRules: [{A8952DB9-D0A4-4ADA-A261-B6348A0F1905}] => (Allow) C:\PVSW\Bin\w3dbsmgr.exe
FirewallRules: [{B53E2B17-6479-44F9-B268-4E08ABCA2EBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{44D4944A-2E77-427A-8401-C7D39267101C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F44EF040-FCE7-4676-9823-DB9C08F5C206}] => (Allow) C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe
FirewallRules: [{8DF96532-6012-433F-BCCE-DE2F7E9560D7}] => (Allow) C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\DigitalWizards.exe
FirewallRules: [{19DAE8DA-9E36-46AB-9E2A-15C638F7121E}] => (Allow) C:\Program Files\HP\HP LaserJet 400 MFP M425\Bin\HPNetworkCommunicator.exe
FirewallRules: [{752E4297-35EE-4DE6-8891-2BAAE2893FC1}] => (Allow) C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\EWSProxy.exe
FirewallRules: [{274229D2-2AE7-4F0A-8612-986775B78FC0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A68D9313-23C2-4845-8AE8-F903568F807C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{577159F0-0228-48B8-9A20-B96403614363}C:\pvsw\bin\w3dbsmgr.exe] => (Block) C:\pvsw\bin\w3dbsmgr.exe
FirewallRules: [UDP Query User{010EB84B-1DF3-4B89-AE69-098F7A873AAA}C:\pvsw\bin\w3dbsmgr.exe] => (Block) C:\pvsw\bin\w3dbsmgr.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 02:22:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme HijackThis.exe version 2.0.0.5 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : 6ac

Heure de début : 01d0b3f7dca9614f

Heure de fin : 359

Chemin d’accès de l’application : C:\Users\anne lazarevitch\Desktop\HijackThis.exe

ID de rapport : 60cf0d22-1feb-11e5-ac54-001e64613868

Error: (07/01/2015 01:47:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.


Opération :
   Données du rédacteur en cours de collecte

Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {d293be19-04ba-431b-96cb-df3dfa2f6a67}

Error: (06/24/2015 01:37:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante HPLaserJetService.exe, version : 9.27.856.0, horodatage : 0x4fa1f537
Nom du module défaillant : hpzjcd01.dll, version : 7.0.13.0, horodatage : 0x48081c3a
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000131ae
ID du processus défaillant : 0x%9
Heure de début de l’application défaillante : 0xHPLaserJetService.exe0
Chemin d’accès de l’application défaillante : HPLaserJetService.exe1
Chemin d’accès du module défaillant: HPLaserJetService.exe2
ID de rapport : HPLaserJetService.exe3

Error: (06/24/2015 00:33:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme HijackThis.exe version 2.0.0.5 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : bd4

Heure de début : 01d0ae68ecf594ad

Heure de fin : 31

Chemin d’accès de l’application : C:\Users\anne lazarevitch\Desktop\HijackThis.exe

ID de rapport : 5027fa75-1a5c-11e5-aceb-c80aa9a849e7

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1 ».
Assembly dépendant Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.


System errors:
=============
Error: (07/02/2015 08:19:22 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORITE NTSystèmeS-1-5-18LocalHost (utilisation de LRPC)

Error: (07/02/2015 08:19:19 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORITE NTSERVICE LOCALS-1-5-19LocalHost (utilisation de LRPC)

Error: (07/02/2015 08:18:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
BTHidMgr
cdrom

Error: (07/02/2015 07:25:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %AUTORITE NT60 a rencontré une erreur lors de la tentative de mise à jour des signatures.

    Nouvelle version des signatures :

    Version précédente des signatures : 1.201.595.0

    Source de la mise à jour : %AUTORITE NT59

    Étape de la mise à jour : 4.8.0204.00

    Chemin d'accès source : 4.8.0204.01

    Type de signature : %AUTORITE NT602

    Type de la mise à jour : %AUTORITE NT604

    Utilisateur : AUTORITE NT\Système

    Version actuelle du moteur : %AUTORITE NT605

    Version précédente du moteur : %AUTORITE NT606

    Code d'erreur : %AUTORITE NT607

    Description de l'erreur : %AUTORITE NT608

Error: (07/02/2015 07:13:38 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORITE NTSystèmeS-1-5-18LocalHost (utilisation de LRPC)

Error: (07/02/2015 07:13:37 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORITE NTSERVICE LOCALS-1-5-19LocalHost (utilisation de LRPC)

Error: (07/02/2015 07:12:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
BTHidMgr
cdrom

Error: (07/01/2015 02:08:21 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORITE NTSystèmeS-1-5-18LocalHost (utilisation de LRPC)

Error: (07/01/2015 02:08:20 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}AUTORITE NTSERVICE LOCALS-1-5-19LocalHost (utilisation de LRPC)

Error: (07/01/2015 02:07:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
BTHidMgr
cdrom


Microsoft Office:
=========================
Error: (07/01/2015 02:22:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HijackThis.exe2.0.0.56ac01d0b3f7dca9614f359C:\Users\anne lazarevitch\Desktop\HijackThis.exe60cf0d22-1feb-11e5-ac54-001e64613868

Error: (07/01/2015 01:47:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Accès refusé.


Opération :
   Données du rédacteur en cours de collecte

Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {d293be19-04ba-431b-96cb-df3dfa2f6a67}

Error: (06/24/2015 01:37:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPLaserJetService.exe9.27.856.04fa1f537hpzjcd01.dll7.0.13.048081c3ac0000005000131ae

Error: (06/24/2015 00:33:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HijackThis.exe2.0.0.5bd401d0ae68ecf594ad31C:\Users\anne lazarevitch\Desktop\HijackThis.exe5027fa75-1a5c-11e5-aceb-c80aa9a849e7

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\GoTip.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{3736403A-A3EB-477f-AA96-00EEA43C76E6}\FileSync.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\OutlookSyncM.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{5E24AB31-F734-48ec-879E-C4B8C30F9ACD}\GoTip.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GoTip.exe

Error: (06/22/2015 10:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\GO!Bridge.exe


CodeIntegrity Errors:
===================================
  Date: 2013-10-19 00:29:16.753
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2013-10-19 00:29:16.142
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2012-12-07 23:36:11.784
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2012-12-07 23:36:11.565
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-13 22:14:30.566
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-13 22:14:30.451
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-04 23:18:35.098
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-04 23:18:34.998
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-04 22:30:08.173
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2011-12-04 22:30:08.016
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 743 @ 1.30GHz
Percentage of memory in use: 43%
Total physical RAM: 2974.92 MB
Available physical RAM: 1677.84 MB
Total Pagefile: 5948.14 MB
Available Pagefile: 4149.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.91 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:135.95 GB) (Free:103.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 14107798)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=136 GB) - (Type=07 NTFS)

==================== End of log ============================



#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:32 PM

Posted 04 July 2015 - 04:18 AM

  • Step #3 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #4 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 julienrz

julienrz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 05 July 2015 - 11:18 AM

Hi

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 05/07/2015
Heure de l'analyse: 16:05
Fichier journal: log MAM.txt
Administrateur: Oui

Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.07.05.03
Base de données de rootkits: v2015.07.05.03
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x86
Système de fichiers: NTFS
Utilisateur: anne lazarevitch

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 335660
Temps écoulé: 34 min, 58 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du registre: 1
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{22134214}, En quarantaine, [87a0726cbbcf4ceab28fa5f39d68e719],

Valeurs du registre: 0
(Aucun élément malveillant détecté)

Données du registre: 0
(Aucun élément malveillant détecté)

Dossiers: 0
(Aucun élément malveillant détecté)

Fichiers: 1
PUP.Optional.WinYahoo, C:\Users\anne lazarevitch\AppData\LocalLow\Microsoft\Internet Explorer\Services\WinYahoo.ico, En quarantaine, [cc5baf2fabdfad89914de1b54eb7728e],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

 

 

 

 

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0d7da363b85f894e857d95203b22d65d
# end=init
# utc_time=2015-07-05 02:57:35
# local_time=2015-07-05 04:57:35 )
# country="France"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24650
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0d7da363b85f894e857d95203b22d65d
# end=updated
# utc_time=2015-07-05 03:03:13
# local_time=2015-07-05 05:03:13 )
# country="France"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0d7da363b85f894e857d95203b22d65d
# engine=24650
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-05 04:07:57
# local_time=2015-07-05 06:07:57 )
# country="France"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3305671 77425792 0 0
# scanned=122673
# found=3
# cleaned=3
# scan_time=3882
sh=45179B52EEF64928E6674002EF493A8344A26BB8 ft=1 fh=34d4c3cc0e4c9d0a vn="Win32/Packed.ASProtect.AAB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\EBP\Compta13.1\etools.dll"
sh=ECFB99D1CFCC2310A267AB8FA2AE5FB40955D926 ft=0 fh=0000000000000000 vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\2dca77.msi"
sh=6AFB303638FCA3EE14457548C983789493C1B961 ft=1 fh=2815b10465bbf0ba vn="a variant of Win32/Komodia.A potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\LavasoftTcpService.dll"
 



#12 julienrz

julienrz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 05 July 2015 - 11:21 AM

Hi again,

 

One problem happening

 

this file was needed to start EBP Compta (an accounting software) :

 

sh=45179B52EEF64928E6674002EF493A8344A26BB8 ft=1 fh=34d4c3cc0e4c9d0a vn="Win32/Packed.ASProtect.AAB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\EBP\Compta13.1\etools.dll"

 

Regards



#13 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:32 PM

Posted 05 July 2015 - 03:48 PM

Please follow this article to restore your file quarantined by ESET.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#14 julienrz

julienrz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 08 July 2015 - 02:23 AM

File restored.

the software works fine now.

 

is it still possible that this etools.dll is infected ? or is it a mistake from the ESET ?

 

The svchost process still working at 97%…

 

And it is always the same way :

The computer starts and everything is fine when i look at the task manager, CPU around 10 to 20%, svchost between 0 and 10 %,

Then suddently the TrustedInstaller process takes around 90% of the CPU for a short time (but you say it is normal) and directly after the svchost process runs around 90 to 100% of the CPU...

 

Don't know what can i do more...



#15 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:32 PM

Posted 09 July 2015 - 05:39 AM

It could be related to the games you are playing.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users