Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log - any help would be appreciated


  • Please log in to reply
6 replies to this topic

#1 pierrepierre1

pierrepierre1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 23 August 2015 - 03:56 PM

Hello,

 

we tried a lot of things, antivirus (spybot, antivirus) but our computer is still infected and antimalwaresytesb doesn't want to start !

 

Here are the logs about HijackThis.

 

Thank for any help.

 

Pierrepierre1

windows 7 sp1 64 bits

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:47:53, on 23/08/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)

FIREFOX: 40.0.2 (x86 fr)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\marina\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe
C:\Program Files (x86)\LibreOffice 4.0\program\soffice.bin
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Users\marina\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Screenpresso] "C:\Users\marina\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe" -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\marina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Syncovery Background Scheduler] "C:\Program Files\Syncovery\SyncoveryService.exe" /TIMERASAPP /STARTUP
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'Système')
O4 - HKUS\S-1-5-18\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'Default user')
O4 - Startup: LibreOffice 4.0.lnk = C:\Program Files (x86)\LibreOffice 4.0\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Envoyer à Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{996D2D4A-789A-4FC3-A409-F9FAD853C3F6}: NameServer = 82.163.143.169,82.163.142.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB4E96BB-2B8E-4310-A94D-B1E923084011}: NameServer = 82.163.143.169,82.163.142.171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll,c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\UtcResources.dll,-3001 (DiagTrack) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Technologie de stockage Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: SyncoveryVSSService - Super Flexible Software Ltd. & Co. KG - C:\Program Files\Syncovery\SyncoveryVSS.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 28769 bytes
 

 



BC AdBot (Login to Remove)

 


#2 pierrepierre1

pierrepierre1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 23 August 2015 - 04:04 PM

and the FarBar log + addition

 

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015
Exécuté par marina (administrateur) sur MARINA-PC (23-08-2015 23:01:13)
Exécuté depuis C:\Users\marina\Downloads
Profils chargés: marina (Profils disponibles: marina)
Platform: Windows 7 Professional Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Super Flexible Software Ltd. & Co. KG) C:\Program Files\Syncovery\SyncoveryVSS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Learnpulse) C:\Users\marina\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.bin
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Nokia.) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Trend Micro Inc.) C:\Users\marina\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1257184 2012-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-12-04] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [Screenpresso] => C:\Users\marina\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [11928080 2015-08-14] (Learnpulse)
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [Google Update] => C:\Users\marina\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-04] (Google Inc.)
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1414144 2009-06-25] (Nokia)
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [Syncovery Background Scheduler] => C:\Program Files\Syncovery\SyncoveryService.exe [27389104 2015-05-30] ()
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: ,c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
Startup: C:\Users\marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.0.lnk [2013-02-13]
ShortcutTarget: LibreOffice 4.0.lnk -> C:\Program Files (x86)\LibreOffice 4.0\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2787220691-3469147375-97340357-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
Toolbar: HKU\S-1-5-21-2787220691-3469147375-97340357-1000 -> Pas de nom - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  Pas de fichier
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.71.0.33 212.71.8.10
Tcpip\..\Interfaces\{7E0F8103-88B7-4BE2-904B-2BA3AF5E6770}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{996D2D4A-789A-4FC3-A409-F9FAD853C3F6}: [NameServer] 82.163.143.169,82.163.142.171
Tcpip\..\Interfaces\{996D2D4A-789A-4FC3-A409-F9FAD853C3F6}: [DhcpNameServer] 212.71.0.33 212.71.8.10
Tcpip\..\Interfaces\{EB4E96BB-2B8E-4310-A94D-B1E923084011}: [NameServer] 82.163.143.169,82.163.142.171

FireFox:
========
FF ProfilePath: C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\9ju69sia.default
FF Homepage: hxxp://google.fr
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin HKU\S-1-5-21-2787220691-3469147375-97340357-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\marina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2787220691-3469147375-97340357-1000: @talk.google.com/O1DPlugin -> C:\Users\marina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2787220691-3469147375-97340357-1000: @tools.google.com/Google Update;version=3 -> C:\Users\marina\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2787220691-3469147375-97340357-1000: @tools.google.com/Google Update;version=9 -> C:\Users\marina\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2787220691-3469147375-97340357-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\marina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\marina\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Adblock Edge - C:\Users\marina\AppData\Roaming\Mozilla\Firefox\Profiles\9ju69sia.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-08-14]
FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2015-08-13]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-11-17]
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync [2014-09-17]

Chrome:
=======
CHR dev: Chrome dev build détecté(e)! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll Pas de fichier
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll Pas de fichier
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll Pas de fichier
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll Pas de fichier
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll Pas de fichier
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll Pas de fichier
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll Pas de fichier
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll Pas de fichier
CHR Profile: C:\Users\marina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-16]
CHR Extension: (Google Wallet) - C:\Users\marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR HKU\S-1-5-21-2787220691-3469147375-97340357-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\marina\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-25]
CHR HKU\S-1-5-21-2787220691-3469147375-97340357-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

==================== Services (Avec liste blanche) ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129824 2012-08-23] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165664 2012-08-23] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [637952 2009-06-02] (Nokia.) [Fichier non signé]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Fichier non signé]
R2 SyncoveryVSSService; C:\Program Files\Syncovery\SyncoveryVSS.exe [3258056 2013-02-15] (Super Flexible Software Ltd. & Co. KG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Pilotes (Avec liste blanche) ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S3 ACSSCR; C:\Windows\System32\DRIVERS\a38usb.sys [44672 2012-12-17] (Advanced Card Systems Ltd)
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-08] (DT Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [14992 2012-08-02] ( )
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-02-09] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-02-09] (Nokia)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299848 2015-02-05] (NVIDIA Corporation)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8192 2009-02-09] (Nokia)
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2015-08-23 23:01 - 2015-08-23 23:01 - 00029417 _____ C:\Users\marina\Downloads\FRST.txt
2015-08-23 23:00 - 2015-08-23 23:01 - 00000000 ____D C:\FRST
2015-08-23 23:00 - 2015-08-23 23:00 - 02173952 _____ (Farbar) C:\Users\marina\Downloads\FRST64.exe
2015-08-23 22:47 - 2015-08-23 22:47 - 00028771 _____ C:\Users\marina\Desktop\hijackthis.log
2015-08-23 22:35 - 2015-08-23 22:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\marina\Downloads\HijackThis.exe
2015-08-23 22:35 - 2015-08-23 22:35 - 00028833 _____ C:\Users\marina\Downloads\hijackthis.log
2015-08-23 22:09 - 2015-08-23 22:09 - 01402880 _____ C:\Users\marina\Downloads\hijackthis_hijackthis_2.0.4_anglais_17891.msi
2015-08-23 21:58 - 2015-08-23 22:02 - 00000000 ____D C:\ProgramData\F-Secure
2015-08-23 21:58 - 2015-08-23 21:58 - 00000000 ____D C:\Users\marina\AppData\Local\F-Secure
2015-08-23 21:24 - 2015-08-23 21:25 - 01605632 _____ C:\Users\marina\Downloads\adwcleaner_5.003.exe
2015-08-23 20:58 - 2015-08-23 20:58 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-23 20:58 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-23 20:58 - 2015-06-20 11:24 - 00453926 _____ C:\Windows\system32\Drivers\etc\hosts.20150823-205859.backup
2015-08-23 17:49 - 2015-08-23 17:49 - 00022184 _____ C:\Windows\System32\Tasks\DNSWETHERSFIELD
2015-08-19 14:17 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 14:17 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 14:17 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 14:17 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-14 21:44 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 21:44 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 23:45 - 2015-08-13 23:45 - 00000000 ____D C:\Program Files (x86)\Tab Snooze
2015-08-13 23:35 - 2015-08-13 23:43 - 00000000 ____D C:\Program Files (x86)\mozilla firefox
2015-08-13 23:23 - 2015-08-13 23:23 - 00000000 ____D C:\Program Files (x86)\LibrarySystem
2015-08-13 22:47 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 22:47 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 22:47 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 22:47 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 22:47 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 22:47 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-13 22:47 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 22:47 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 22:44 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 22:44 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-13 22:44 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-13 22:44 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 22:44 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 22:44 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 22:44 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 22:44 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 22:44 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 22:44 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 22:44 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 22:44 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-13 22:44 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-13 22:44 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-13 22:44 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 22:44 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 22:44 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 22:44 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 22:44 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-13 22:44 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 22:44 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-13 22:44 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 22:44 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 22:44 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-13 22:44 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-13 22:44 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 22:44 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-13 22:44 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-13 22:44 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-13 22:44 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-13 22:44 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-13 22:44 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-13 22:44 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-13 22:44 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-13 22:44 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-13 22:44 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-13 22:44 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-13 22:44 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-13 22:44 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-13 22:44 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-13 22:44 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-13 22:44 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-13 22:44 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-13 22:44 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-13 22:44 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-13 22:44 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 22:44 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 22:44 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 22:44 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-13 22:44 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-13 22:44 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-13 22:44 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 22:44 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 22:43 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 22:43 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-13 22:43 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 22:43 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 22:43 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 22:43 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 22:43 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 22:43 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 22:43 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 22:43 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 22:43 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 22:43 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 22:43 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 22:43 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 22:43 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 22:43 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 22:43 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 22:43 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 22:43 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 22:43 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 22:43 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 22:43 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 22:43 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 22:43 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 22:43 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-13 22:43 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 22:43 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-13 22:43 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-13 22:43 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 22:43 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-13 22:43 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-13 22:43 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 22:43 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 22:43 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-13 22:43 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-13 22:43 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 22:43 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 22:43 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 22:43 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 22:43 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 22:43 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-13 22:43 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-13 22:43 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-13 22:43 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-13 22:43 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-13 22:43 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 22:43 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 22:43 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 22:43 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-13 22:43 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 22:43 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-13 22:43 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 22:43 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 22:43 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 22:43 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 22:43 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-13 22:42 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 22:42 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 22:42 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 22:42 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 22:42 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 22:42 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 22:42 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 22:42 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-13 22:42 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 22:42 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-13 22:42 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 22:42 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-13 22:42 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-13 22:42 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 22:42 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 22:42 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 22:42 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-13 22:42 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 22:42 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 22:42 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-13 22:42 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-13 22:42 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-13 22:42 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-13 22:42 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-13 22:42 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-13 22:42 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-13 22:42 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-13 22:42 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-13 22:42 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-13 22:42 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-13 22:42 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-13 22:42 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-13 22:42 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 22:42 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 22:42 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 22:42 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-13 22:42 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 22:42 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 22:42 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-13 22:42 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-13 22:42 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 22:42 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-13 22:42 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 22:42 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 22:42 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 22:42 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 22:42 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 22:42 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 22:42 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-13 22:41 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2015-08-23 22:55 - 2012-11-09 21:49 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-23 22:45 - 2014-01-23 21:45 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787220691-3469147375-97340357-1000UA.job
2015-08-23 22:39 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-23 22:39 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-23 22:35 - 2012-11-09 22:17 - 00000000 ____D C:\Users\marina\AppData\Local\VirtualStore
2015-08-23 22:33 - 2015-05-31 11:25 - 00000000 ____D C:\ProgramData\Syncovery
2015-08-23 22:33 - 2012-11-10 14:02 - 00000000 ___RD C:\Users\marina\Google Drive
2015-08-23 22:16 - 2012-11-09 22:18 - 01473002 _____ C:\Windows\WindowsUpdate.log
2015-08-23 22:11 - 2015-06-20 12:53 - 00004144 _____ C:\Windows\setupact.log
2015-08-23 22:11 - 2012-11-10 01:22 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-23 22:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-23 22:08 - 2015-07-01 21:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 21:53 - 2012-11-10 09:34 - 00000000 ____D C:\Users\marina\AppData\Local\Google
2015-08-23 21:45 - 2014-01-23 21:45 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787220691-3469147375-97340357-1000Core.job
2015-08-23 21:25 - 2015-07-01 20:32 - 00000000 ____D C:\AdwCleaner
2015-08-23 21:10 - 2012-11-10 21:56 - 00000000 ____D C:\Users\marina\AppData\Roaming\Skype
2015-08-23 20:58 - 2015-06-20 10:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-23 17:30 - 2012-11-09 21:55 - 00000000 ____D C:\Users\marina\AppData\Local\Adobe
2015-08-21 21:58 - 2009-07-14 07:08 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-20 14:41 - 2012-11-21 11:03 - 00001456 _____ C:\Users\marina\AppData\Local\Adobe Enregistrer pour le Web 13.0 Prefs
2015-08-20 14:33 - 2012-11-09 22:50 - 00000000 ____D C:\Users\marina\Documents\site 2012
2015-08-14 22:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-08-14 22:05 - 2009-07-14 06:45 - 05337312 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 22:04 - 2012-11-10 00:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 22:04 - 2012-11-10 00:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 22:02 - 2015-04-15 21:14 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 22:02 - 2014-05-07 23:37 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-14 21:45 - 2012-11-09 21:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-14 21:44 - 2012-11-10 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 21:34 - 2013-07-31 23:19 - 00000000 ____D C:\Windows\system32\MRT
2015-08-14 21:28 - 2012-11-09 23:17 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-14 13:43 - 2012-11-10 21:56 - 00000000 ____D C:\ProgramData\Skype
2015-08-14 13:40 - 2015-06-20 12:53 - 00002036 _____ C:\Windows\PFRO.log
2015-08-14 13:40 - 2012-11-09 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-13 22:56 - 2012-11-09 21:49 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 22:56 - 2012-11-09 21:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-13 22:56 - 2012-11-09 21:49 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-13 22:29 - 2015-04-04 16:03 - 00000000 ___SD C:\Windows\system32\GWX

==================== Fichiers à la racine de certains dossiers =======

2015-06-05 22:32 - 2015-06-05 22:33 - 0000132 _____ () C:\Users\marina\AppData\Roaming\Préfs Format PNG Adobe CS6
2012-11-21 11:03 - 2015-08-20 14:41 - 0001456 _____ () C:\Users\marina\AppData\Local\Adobe Enregistrer pour le Web 13.0 Prefs
2015-07-01 15:06 - 2015-07-01 15:06 - 0000000 _____ () C:\Users\marina\AppData\Local\Temp.dat

Certains fichiers dans TEMP:
====================
C:\Users\marina\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


LastRegBack: 2015-08-14 22:35

==================== Fin de journal ============================

 

 

+ adition

 

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version:23-08-2015
Exécuté par marina (2015-08-23 23:01:54)
Exécuté depuis C:\Users\marina\Downloads
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-2787220691-3469147375-97340357-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2787220691-3469147375-97340357-1003 - Limited - Enabled)
Invité (S-1-5-21-2787220691-3469147375-97340357-501 - Limited - Disabled)
marina (S-1-5-21-2787220691-3469147375-97340357-1000 - Administrator - Enabled) => C:\Users\marina

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

µTorrent (HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\uTorrent) (Version: 3.3.2.30260 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.15 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.2.0 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.0.5 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.32 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Belgium e-ID middleware 4.0.7 (build 7466) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207466}) (Version: 4.0.7466 - Belgian Government)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon iP4200 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200) (Version:  - )
Canon iP4300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LibreOffice 4.0.0.3 (HKLM-x32\...\{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}) (Version: 4.0.0.3 - The Document Foundation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-040C-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version:  - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
Mozilla Firefox 40.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 fr)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{52D02A2B-03D2-4E34-A358-DC5D951FD296}) (Version: 7.1.17.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.30.9 - Nokia)
Nokia PC Suite (x32 Version: 7.1.30.9 - Nokia) Hidden
NVIDIA Logiciel système PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Pilote 3D Vision 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Pilote graphique 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
Package de pilotes Windows - ASUS (ATP) Mouse  (08/27/2012 1.0.0.125) (HKLM\...\2BD897DEE9289F769D9176245811D5330A360B0B) (Version: 08/27/2012 1.0.0.125 - ASUS)
Package de pilotes Windows - Fedict SmartCard  (04/30/2014 4.0.7.5) (HKLM\...\C5357B4AD7C02B3F6EF45765A07E5B725E50BBF7) (Version: 04/30/2014 4.0.7.5 - Fedict)
Package de pilotes Windows - Nokia Modem  (06/01/2009 4.1) (HKLM\...\E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84) (Version: 06/01/2009 4.1 - Nokia)
Package de pilotes Windows - Nokia Modem  (06/01/2009 7.01.0.3) (HKLM\...\F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7) (Version: 06/01/2009 7.01.0.3 - Nokia)
Package de pilotes Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Panneau de configuration NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{0C973594-7DDF-4BD0-84ED-3517F7622037}) (Version: 9.23.3.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6809 - Realtek Semiconductor Corp.)
Screenpresso (HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Screenpresso) (Version: 1.5.6.0 - Learnpulse)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Syncovery 7.17a (HKLM\...\Syncovery x64_is1) (Version: 7.17a - Super Flexible Software)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

CustomCLSID: HKU\S-1-5-21-2787220691-3469147375-97340357-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-2787220691-3469147375-97340357-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\marina\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll Pas de fichier
CustomCLSID: HKU\S-1-5-21-2787220691-3469147375-97340357-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\marina\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2787220691-3469147375-97340357-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\marina\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Points de restauration =========================

16-07-2015 22:47:00 Windows Update
13-08-2015 22:46:59 Windows Update
14-08-2015 21:27:05 Windows Update
18-08-2015 16:38:44 Windows Update
19-08-2015 14:17:28 Windows Update
23-08-2015 17:40:01 Windows Update

==================== Hosts contenu: ==========================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2009-07-14 04:34 - 2015-08-23 20:58 - 00453926 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    lm.licenses.adobe.com
127.0.0.1    lmlicenses.wip4.adobe.com
127.0.0.1    activate.adobe.com
127.0.0.1    practivate.adobe.com
127.0.0.1    ereg.adobe.com
127.0.0.1    activate.wip3.adobe.com
127.0.0.1    wip3.adobe.com
127.0.0.1    3dns-3.adobe.com
127.0.0.1    3dns-2.adobe.com
127.0.0.1    adobe-dns.adobe.com
127.0.0.1    adobe-dns-2.adobe.com
127.0.0.1    adobe-dns-3.adobe.com
127.0.0.1    ereg.wip3.adobe.com
127.0.0.1    activate-sea.adobe.com
127.0.0.1    wwis-dubc1-vip60.adobe.com
127.0.0.1    activate-sjc0.adobe.com
127.0.0.1    wwis-dubc1-vip60.adobe.com
127.0.0.1    hl2rcv.adobe.com
127.0.0.1    192.150.14.69
127.0.0.1    192.150.18.101
127.0.0.1    192.150.18.108
127.0.0.1    192.150.22.40
127.0.0.1    192.150.8.100
127.0.0.1    192.150.8.118
127.0.0.1    209-34-83-73.ood.opsource.net
127.0.0.1    3dns-1.adobe.com
127.0.0.1    3dns-2.adobe.com
127.0.0.1    3dns-2.adobe.com
127.0.0.1    3dns-3.adobe.com

Il y a 1000 plus de lignes.


==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {17BA48D8-6581-406C-A8BF-D62AE53FD711} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {18256C4A-2220-42FA-BE5A-D6EC9491015E} - System32\Tasks\{CACC1E57-F7B4-420A-B92E-ECE6876D309E} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/fr/abandoninstall?page=tsBing
Task: {2C7006AE-D364-4527-A342-67CBD8FD152F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2CEC3E73-166A-49D3-9A96-4034A17269D0} - System32\Tasks\{8A7CE706-C5A4-4CA2-B9AC-E98E59C34128} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/fr/abandoninstall?page=tsMain
Task: {301E8FDF-8A32-417C-9AAF-4EF7F197490C} - System32\Tasks\DNSWETHERSFIELD => dnswethersfield.exe
Task: {4DDEE4E7-EDAE-4AF2-BEB8-B4903652BDC2} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {686DC868-9635-414D-A131-E687510204BB} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {6CD853DA-3B7A-4D7D-9ECE-6D309BA3413F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {78A504B2-4E74-4CA4-9126-705C4FF0BEEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2787220691-3469147375-97340357-1000Core => C:\Users\marina\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {79735695-756A-4C29-96FC-B68AEACCB6AB} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B702A9EF-E664-4FCF-8FBF-A9A511CEEA49} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D17DCB77-2C78-4913-85CE-3F58E6FFE917} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2787220691-3469147375-97340357-1000UA => C:\Users\marina\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {D9511C5B-8867-483A-8728-AF21FB36D815} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {E5CE7B1F-F76E-4F30-8493-E0BBB5048428} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F16C6ADA-872A-44FC-B698-228E2A725C03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {FFA01EE9-67F8-48BE-905C-90750E83A3C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787220691-3469147375-97340357-1000Core.job => C:\Users\marina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2787220691-3469147375-97340357-1000UA.job => C:\Users\marina\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Modules chargés (Avec liste blanche) ==============

2012-11-10 01:21 - 2015-02-05 23:01 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-10 01:22 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-31 21:43 - 2012-11-14 14:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-10-10 03:22 - 2012-10-10 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-20 10:58 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-20 10:58 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-20 10:58 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-20 10:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-20 10:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-10 19:30 - 2015-03-10 19:30 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\582f6038931a9b63060e663814d293d0\PSIClient.ni.dll
2013-02-16 00:39 - 2012-10-22 15:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-12-10 09:13 - 2015-02-05 23:01 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2008-08-12 11:16 - 2008-08-12 11:16 - 02023424 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
2008-07-29 14:01 - 2008-07-29 14:01 - 07331840 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
2008-07-29 13:50 - 2008-07-29 13:50 - 00364544 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
2008-07-29 14:47 - 2008-07-29 14:47 - 00135168 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2008-07-29 14:47 - 2008-07-29 14:47 - 00016384 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2008-07-29 14:11 - 2008-07-29 14:11 - 00253952 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
2013-01-31 14:38 - 2013-01-31 14:38 - 01005744 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\libxml2.dll
2013-01-31 14:38 - 2013-01-31 14:38 - 00175280 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\libxslt.dll
2015-06-27 00:44 - 2015-06-27 00:44 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\fr_fr\acrotray.fra
2015-08-23 22:33 - 2015-08-23 22:33 - 00098816 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32api.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00110080 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\pywintypes27.dll
2015-08-23 22:33 - 2015-08-23 22:33 - 00364544 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\pythoncom27.dll
2015-08-23 22:33 - 2015-08-23 22:33 - 00045568 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\_socket.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 01161216 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\_ssl.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00320512 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32com.shell.shell.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00713216 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\_hashlib.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 01175040 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\wx._core_.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00805888 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\wx._gdi_.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00811008 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\wx._windows_.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 01062400 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\wx._controls_.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00735232 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\wx._misc_.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00682496 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\pysqlite2._sqlite.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00087552 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\_ctypes.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00119808 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32file.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00108544 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32security.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00007168 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\hashobjs_ext.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00068096 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\usb_ext.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00167936 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32gui.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00018432 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32event.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00128512 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\_elementtree.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00127488 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\pyexpat.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00013824 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\common.time34.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00036864 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\_psutil_windows.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00038912 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32inet.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00011264 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32crypt.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00070656 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\wx._html2.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00027136 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\_multiprocessing.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00020480 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\_yappi.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00035840 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32process.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00686080 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\unicodedata.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00122368 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\wx._wizard.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00024064 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32pipe.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00010240 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\select.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00025600 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32pdh.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00525640 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\windows._lib_cacheinvalidation.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00017408 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32profile.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00022528 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\win32ts.pyd
2015-08-23 22:33 - 2015-08-23 22:33 - 00078336 _____ () C:\Users\marina\AppData\Local\Temp\_MEI44962\wx._animate.pyd
2015-08-13 22:56 - 2015-08-13 22:56 - 17482952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)

AlternateDataStreams: C:\Users\marina\AppData\Local\6PvLrmUMsDqX:JPH1kh3a3r4wqO3Coj

==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== EXE Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Il y a 7866 plus de sites sensibles.

==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\marina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.169 - 82.163.142.171
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==

(Actuellement, il n'y a pas de correction automatique pour cette section.)


==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C5B32CD9-9CAD-428C-AB48-65D59E3AE7EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3E3970BE-3438-4E69-94F6-72BF8A1FDFCB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{308432B2-C86D-4E85-8F39-9C2CEDE7A7B9}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{7B04599D-E6D7-4EBA-ACC0-65BCAA174018}] => (Allow) C:\Users\marina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D4563C9A-37DF-4E36-A95B-9E402DC64692}] => (Allow) C:\Users\marina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0AE24124-3A4F-4DE8-AB4C-18BDF13835FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D2A5DF7-60B3-458A-A345-8DF0A538D34B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{19228CBC-8E55-441A-8C90-0967F546B1D3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{20CC2832-5DF3-4476-9F54-EB54764E8268}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9FEDD46A-1EEB-40B0-BE2E-4353A3447A32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C01BAD1-2AAD-4C1C-8C15-20522990F8F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD20F587-0A12-4ECE-8426-DE7A1796805E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB2EC821-4283-4E2C-8EC9-4CE011FAB395}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ACE03FC4-244B-4295-8304-573038A063BC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1EBDC265-DAE1-4EBE-A6A1-3AB8B642CDC5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Éléments en erreur du Gestionnaire de périphériques =============

Name: Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Description: Qualcomm Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (08/23/2015 10:11:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 10:08:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbam.exe, version : 2.3.55.0, horodatage : 0x557a2a02
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0xb0
Heure de début de l’application défaillante : 0xmbam.exe0
Chemin d’accès de l’application défaillante : mbam.exe1
Chemin d’accès du module défaillant: mbam.exe2
ID de rapport : mbam.exe3

Error: (08/23/2015 10:07:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 09:27:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 09:22:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 09:19:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbam.exe, version : 2.3.55.0, horodatage : 0x557a2a02
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0x14d0
Heure de début de l’application défaillante : 0xmbam.exe0
Chemin d’accès de l’application défaillante : mbam.exe1
Chemin d’accès du module défaillant: mbam.exe2
ID de rapport : mbam.exe3

Error: (08/23/2015 08:59:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbam.exe, version : 2.3.55.0, horodatage : 0x557a2a02
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0x1188
Heure de début de l’application défaillante : 0xmbam.exe0
Chemin d’accès de l’application défaillante : mbam.exe1
Chemin d’accès du module défaillant: mbam.exe2
ID de rapport : mbam.exe3

Error: (08/23/2015 08:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbam.exe, version : 2.3.55.0, horodatage : 0x557a2a02
Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e
Code d’exception : 0x40000015
Décalage d’erreur : 0x0008d6fd
ID du processus défaillant : 0xe80
Heure de début de l’application défaillante : 0xmbam.exe0
Chemin d’accès de l’application défaillante : mbam.exe1
Chemin d’accès du module défaillant: mbam.exe2
ID de rapport : mbam.exe3

Error: (08/23/2015 08:47:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2015 05:29:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Erreurs système:
=============
Error: (08/23/2015 10:13:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Service Google Update (gupdate) n’a pas pu démarrer en raison de l’erreur :
%%2

Error: (08/23/2015 10:09:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (08/23/2015 10:09:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur :
%%1068

Error: (08/23/2015 10:09:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur :
%%1068

Error: (08/23/2015 10:09:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur :
%%1068

Error: (08/23/2015 10:09:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur :
%%1068

Error: (08/23/2015 10:09:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur :
%%1068

Error: (08/23/2015 10:09:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur :
%%1068

Error: (08/23/2015 10:08:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Fournisseur HomeGroup dépend du service Hôte du fournisseur de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur :
%%1068

Error: (08/23/2015 10:08:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office:
=========================
Error: (02/05/2014 10:53:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2021 seconds with 1260 seconds of active time.  This session ended with a crash.


==================== Infos Mémoire ===========================

Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Pourcentage de mémoire utilisée: 52%
Mémoire physique - RAM - totale: 6029.6 MB
Mémoire physique - RAM - disponible: 2844.56 MB
Mémoire virtuelle totale: 12057.41 MB
Mémoire virtuelle disponible: 8682.6 MB

==================== Lecteurs ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:543.23 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: D147CE48)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== Fin de journal ============================



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 PM

Posted 24 August 2015 - 12:50 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2787220691-3469147375-97340357-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
Toolbar: HKU\S-1-5-21-2787220691-3469147375-97340357-1000 -> Pas de nom - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  Pas de fichier
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll Pas de fichier
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll Pas de fichier
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll Pas de fichier
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll Pas de fichier
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll Pas de fichier
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll Pas de fichier
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll Pas de fichier
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll Pas de fichier
CHR HKU\S-1-5-21-2787220691-3469147375-97340357-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build détecté(e)! <======= ATTENTION


Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

How is the computer running now?

#4 pierrepierre1

pierrepierre1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 24 August 2015 - 01:57 PM

Hello,

thnak you so much for your help.

So I did exactly what you ask... but apparently it is not working. I still have some strange advice into my firefox browser.

 

Online virus scanner redirect here : http://fr.reimageplus.com/lp/mxy/index.php?tracking=ReimageNetworkSale&banner=Matrix&adgroup=Mxy&ads_name=&keyword=direct&CID=qNIbPC12oLGYpHzznP8rzG12OVJ4G8z6yKp637jmRLIcIpFLnrk03yOUHHbSLP4Wuu7SPAAJmtslUr7_QIgerpTCj4FO6x-an9qCKEyptTeus-et8im8JQkxnodlm8GHk3jQFFlSUBQVcTXD3buvdI6fzmNW93WTt9_4NIUagCGhruKo6xvODWFScvEs1mXEg7TSePsh8oKDH9yPto8ap7QqyYa5b6EilrDG6E7-CLhp8EanYDev28t0kqqZPeG8jvCrbID9zmmIuiAYZsXCYHUYeEuMyKOchzX-aoKbGMxzndF6BFCRFs84ovqVMQzip3JbaVtBucIt1SjO9FQdgZssFzGvgRwTeMFfWBUEwy48O2jRP26NwS2zim9DW2oAqFltDLEsNZ0UojdAgguTf2MVt79NvBcUSdfrX67tNDc&ClickID=wIOJI0S4KK9PFAKMG6SS3PTQ

 

And I can't open antimalwares bytes (I reinstalled it).

 

 

Here is the log asked (fixlog.txt) :

 

 

Résultats de correction de Farbar Recovery Scan Tool (x64) Version:24-08-2015
Exécuté par marina (2015-08-24 20:31:41) Run:1
Exécuté depuis C:\Users\marina\Downloads
Profils chargés: marina (Profils disponibles: marina)
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2787220691-3469147375-97340357-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
Toolbar: HKU\S-1-5-21-2787220691-3469147375-97340357-1000 -> Pas de nom - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  Pas de fichier
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll Pas de fichier
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll Pas de fichier
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll Pas de fichier
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll Pas de fichier
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll Pas de fichier
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll Pas de fichier
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll Pas de fichier
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll Pas de fichier
CHR HKU\S-1-5-21-2787220691-3469147375-97340357-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

End
*****************

Le Point de restauration a été créé avec succès.
Processus fermés avec succès.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => valeur supprimé(es) avec succès
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => clé supprimé(es) avec succès
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => valeur supprimé(es) avec succès
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => valeur supprimé(es) avec succès
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => clé supprimé(es) avec succès
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => clé non trouvé(e).
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => clé supprimé(es) avec succès
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => clé non trouvé(e).
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => clé supprimé(es) avec succès
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => clé non trouvé(e).
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => clé supprimé(es) avec succès
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => clé non trouvé(e).
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => valeur restauré(es) avec succès
"HKU\S-1-5-21-2787220691-3469147375-97340357-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => clé supprimé(es) avec succès
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => clé non trouvé(e).
HKU\S-1-5-21-2787220691-3469147375-97340357-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => valeur supprimé(es) avec succès
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => clé non trouvé(e).
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => clé supprimé(es) avec succès
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => clé supprimé(es) avec succès
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll non trouvé(e).
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll non trouvé(e).
C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll non trouvé(e).
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll non trouvé(e).
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll non trouvé(e).
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll non trouvé(e).
C:\Windows\SysWOW64\npDeployJava1.dll non trouvé(e).
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll non trouvé(e).
"HKU\S-1-5-21-2787220691-3469147375-97340357-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => clé supprimé(es) avec succès
gupdate => service supprimé(es) avec succès
gupdatem => service supprimé(es) avec succès
wacomvhid => service supprimé(es) avec succès
EmptyTemp: => 545.5 MB données temporaires supprimées.


Le système a dû redémarrer..

==== Fin de Fixlog 20:34:55 ====


Edited by pierrepierre1, 24 August 2015 - 01:59 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 PM

Posted 25 August 2015 - 07:18 AM

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Did you reinstall MBAM and still unable to run the application?

If this is the case download their uninstall tool from this link.
https://support.malwarebytes.org/customer/portal/articles/1835311?b_id=6438

Run the uninstaller.

Restart the computer normally.

Reinstall MBAM.

Keep me posted.

#6 pierrepierre1

pierrepierre1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 28 August 2015 - 04:50 PM

Hello,

 

so I uninstalled MBAM with this tools, reboot and reinstall last version. And... ok, now MBAM is working very well !

 

I immediatly made a scan, found malwares, fixed and scanned again.

 

But I still had strange behaviors and advertisings with Firefox (I reseted default browsing settings and cleaned the firefox cache).

So I completely uninstalled Firefox (backup password and bookmarks before).

Deleted Mozilla folder in

  • C:/Program Files
  • C:/Program Files (x86)
  • C:/user/AppData
  • C:/ProgramData/Local and Roaming

 

And installed Firefox ESR last version. After 1 hour of surfing, the result is ok. No more strange behavior, and no more strange advertising.

 

Just 2 words / Thank you

 

Thank you very very much for your help.

 

Have a nice day.

 

Regard.


Edited by pierrepierre1, 28 August 2015 - 04:53 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:33 PM

Posted 29 August 2015 - 06:57 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users