Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky detected HEUR:Trojan.Script.iframer or lframer, .dll whitelisted


  • Please log in to reply
22 replies to this topic

#1 wingardiumleviosa50

wingardiumleviosa50

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 28 December 2015 - 08:45 PM

Kaspersky detected HEUR:Trojan.Script.iframer or lframer, at the same time a .dll waswhitelisted, maybe related to a javascript on a webpage

Computer OS: Windows 10
Antivirus: Kaspersky 2016

I clicked this page yesteday through google.
abduzeedo.com/star-wars-concept-art-ralph-mcquarrie

-After the page loaded, what was probably a Kaspersky alert window soon appeared together with a sound.

-it said it detected HEUR:Trojan.Script.iframer or HEUR:Trojan.Script.lframer (I am not sure whether that was
a capitalized i or a l)

-I clicked the alert window several times, maybe 4-5 times,  probably out of reflex because I wanted to close it, which may have closed the window (alert window) each time,so I maybe got this window to appear several times in a short time span. (I'm sorry for my bad explanations)
I think the window may have been red.
I might have seen the word whitelist on one of these windows, and this wasn't on the first window that apppeared.
The problem is I am not used to Windows 10 and Kaspersky 2016 and I don't know what an alert window about a blocked object looks like and if there buttons inside the window that I ended up clicking.

But I've deduced is that if HEUR:Trojan.Script.iframer downloaded some object (trojanetc...), that it is possible that I may have unkowingly whitelisted it when I quickly cliked on the Kaspersky alert window(s) that flashed.

 

And I closed the web page after the thing with those alert windows.

I checked Kaspersky's log, and what I saw makes me think my earlier deduction is possibly correct.
.
-There are 5 entries logged at the time I opened that web page.
They say something like this
-Object blocked
-Download Prevented
-Added to whitelist  
-Object blocked
-Download Prevented

Here is the url logged into Kasperky:  
http://raw.abduzeedo.com/js?num=6&type=photo&width=500

As for the object added to the whitelist, it is a .dll called avpuiman.dll that is located
in Kaspersky's folder under Program Files, and thus appears at first glance to be part of Kaspersky, although I haven't found anything about it through Google,
The date listed for the creation of the file is the same as when Kaspersky 2016 was installed, so almost 1 week ago. But why would a Kaspersky component get whitelisted all of a sudden?

 

I am also curious to know if this looks bad or is it possibly just a false positive. I have started backing up my files just in case, are there other things i should do?

 

I thank you in advance. :)
 


Edited by wingardiumleviosa50, 28 December 2015 - 08:50 PM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:35 PM

Posted 29 December 2015 - 01:07 AM

:welcome:

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 wingardiumleviosa50

wingardiumleviosa50
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 29 December 2015 - 08:23 PM

Hello Jo. Thank you for answering me :) I will post the logs after this post. Here's a summary of what happened today Earlier during the day I tried launching Thunderbird but it wouldn't launch, but when I tried in the afternoon, it launched like normal.

Security Check -Done with no problem

Malwarebytes Anti-Rootkit -After I launched it and extracted the files, a window about a registry value AppInit_Dlls appeared. I took a screenshot,

 

 

 

 

94C3cx5.jpg

 

 

After I took the screenshot, I tried to create a folder to put it together with the logs,
but a blue wheel appeared several times. The same thing happened after I tried to transfer the screenshot
to the folder, and it looked like it would never end so I went back to MBAR's screen.

Since your instructions said no clean up, I clicked on no. Please let me no if I should have clicked  yes instead.
-I updated MBAR, then scanned the computer. No malware was found.

-I tried to launch AdwCleaner, I clicked on the icon once but the window froze or wouldnt respond for at least 20 minutes (I am not sure but I think it wasn't the entire computer,but just

the folder where AdwCleaner is with a blue wheel rotating). So I restarted the computer then ran AdwCleaner, then MiniToolbox with no problem.

However, when I connected to the Internet and opened Firefox, it told me the Kaspersky Protection add-on couldn't be launched because it wasn't verified. Earlier in the day, When I used the computer before rebooting, I think the Kaspersky Protection add-on was working normally.


Edited by wingardiumleviosa50, 29 December 2015 - 08:24 PM.


#4 wingardiumleviosa50

wingardiumleviosa50
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 29 December 2015 - 08:25 PM

Security Check log
 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] 
Windows Defender              
Kaspersky Internet Security   
 Antivirus up to date!   
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] 
 Java 8 Update 65  
 Java 8 Update 66  
 [color=red][b]Java version 32-bit out of Date![/b][/color] 
 Adobe Flash Player 	20.0.0.235  
 Mozilla Firefox (43.0.2) 
 Mozilla Thunderbird (38.4.0) 
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]  
 Kaspersky Lab Kaspersky Internet Security 16.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 16.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 16.0.0 avp.exe  
[b][u]`````````````````System Health check`````````````````[/b][/u] 
 Total Fragmentation on Drive C:  % 
[b][u]````````````````````End of Log``````````````````````[/b][/u] 

Edited by wingardiumleviosa50, 29 December 2015 - 08:26 PM.


#5 wingardiumleviosa50

wingardiumleviosa50
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 29 December 2015 - 08:27 PM

Malwarebytes Anti-Rootkit log
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.12.29.06
  rootkit: v2015.12.26.01

Windows 10 x64 NTFS
Internet Explorer 11.20.10586.0
Propriètaire :: LAPTOP-BUREAU-1 [administrator]

29.12.2015 21:50:30
mbar-log-2015-12-29 (21-50-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 427531
Time elapsed: 23 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

Edited by wingardiumleviosa50, 29 December 2015 - 08:28 PM.


#6 wingardiumleviosa50

wingardiumleviosa50
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 29 December 2015 - 08:30 PM

AdwCleaner Log




# AdwCleaner v5.026 - Rapport créé le 29/12/2015 à 23:22:46
# Mis à jour le 21/12/2015 par Xplode
# Base de données : 2015-12-21.2 [Locale]
# Système d'exploitation : Windows 10 Pro  (x64)
# Nom d'utilisateur : Propriètaire - LAPTOP-BUREAU-1
# Exécuté depuis : C:\Users\Internet\Downloads\AdwCleaner.exe
# Option : Scanner
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Dossiers ] *****


***** [ Fichiers ] *****

Fichier Trouvé : C:\Users\Public\Desktop\eBay.lnk

***** [ DLL ] *****


***** [ Raccourcis ] *****


***** [ Tâches planifiées ] *****


***** [ Registre ] *****

Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Clé Trouvée : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Clé Trouvée : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Clé Trouvée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Navigateurs ] *****


########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [1196 octets] ##########


#7 wingardiumleviosa50

wingardiumleviosa50
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 29 December 2015 - 08:32 PM

MiniToolBox Log



MiniToolBox by Farbar  Version: 02-11-2015
Ran by Internet (ATTENTION: The logged in user is not administrator) on 29-12-2015 at 23:30:30
Running from "C:\Users\Internet\Downloads"
Microsoft Windows 10 Professionnel  (X64)
Model: SATELLITE P70-A Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configuration IP de Windows

Cache de r�solution DNS vid�.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel(R) Wireless-N 7260 = Wi-Fi (Media disconnected)
Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)


# ----------------------------------
# Configuration du protocole IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Connexion r�seau Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connexion au r�seau local* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connexion au r�seau local* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connexion au r�seau local* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connexion au r�seau local* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# Fin de la configuration du protocole IPv4



Configuration IP de Windows

   Nom de l'h�te . . . . . . . . . . : Laptop-bureau-1
   Suffixe DNS principal . . . . . . : 
   Type de noeud. . . . . . . . . .  : Hybride
   Routage IP activ� . . . . . . . . : Non
   Proxy WINS activ� . . . . . . . . : Non

Carte Ethernet Ethernet :

   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : home
   Description. . . . . . . . . . . . . . : Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
   Adresse physique . . . . . . . . . . . : 08-9E-01-F3-77-42
   DHCP activ�. . . . . . . . . . . . . . : Oui
   Configuration automatique activ�e. . . : Oui

Carte r�seau sans fil Wi-Fi�:

   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Intel(R) Wireless-N 7260
   Adresse physique . . . . . . . . . . . : 0C-8B-FD-B8-74-8C
   DHCP activ�. . . . . . . . . . . . . . : Oui
   Configuration automatique activ�e. . . : Oui

Carte r�seau sans fil Connexion au r�seau local* 3�:

   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Adresse physique . . . . . . . . . . . : 0E-8B-FD-B8-74-8C
   DHCP activ�. . . . . . . . . . . . . . : Oui
   Configuration automatique activ�e. . . : Oui

Carte r�seau sans fil Connexion au r�seau local* 4�:

   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Carte virtuelle directe Wi-Fi Microsoft
   Adresse physique . . . . . . . . . . . : 0C-8B-FD-B8-74-8D
   DHCP activ�. . . . . . . . . . . . . . : Oui
   Configuration automatique activ�e. . . : Oui
Serveur :   UnKnown
Address:  127.0.0.1

La requ�te Ping n'a pas pu trouver l'h�te google.com. V�rifiez le nom et essayez � nouveau.
Serveur :   UnKnown
Address:  127.0.0.1

La requ�te Ping n'a pas pu trouver l'h�te yahoo.com. V�rifiez le nom et essayez � nouveau.

Envoi d'une requ�te 'Ping'  127.0.0.1 avec 32 octets de donn�es�:
PING�: �chec de la transmission. D�faillance g�n�rale. 
PING�: �chec de la transmission. D�faillance g�n�rale. 

Statistiques Ping pour 127.0.0.1:
    Paquets�: envoy�s = 2, re�us = 0, perdus = 2 (perte 100%),
===========================================================================
Liste d'Interfaces
  7...08 9e 01 f3 77 42 ......Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  4...0c 8b fd b8 74 8c ......Intel(R) Wireless-N 7260
  5...0e 8b fd b8 74 8c ......Microsoft Hosted Network Virtual Adapter
  9...0c 8b fd b8 74 8d ......Carte virtuelle directe Wi-Fi Microsoft
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Table de routage
===========================================================================
Itin�raires actifs�:
Destination r�seau    Masque r�seau  Adr. passerelle   Adr. interface M�trique
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Itin�raires persistants�:
  Aucun

IPv6 Table de routage
===========================================================================
Itin�raires actifs�:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Itin�raires persistants�:
  Aucun
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/29/2015 11:14:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Laptop-bureau-1)
Description: Échec de l’activation de l’application Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 avec l’erreur : -2147023169 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (12/29/2015 11:14:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Laptop-bureau-1)
Description: Échec de l’activation de l’application Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 avec l’erreur : -2147023169 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (12/29/2015 08:45:45 PM) (Source: Application Hang) (User: )
Description: Le programme SnippingTool.exe version 10.0.10586.0 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 2ae4

Heure de début : 01d142713396cd9a

Heure de fin : 0

Chemin d'accès de l'application : C:\Windows\System32\SnippingTool.exe

ID de rapport : bde7775c-ae64-11e5-8305-089e01f37742

Nom complet du package défaillant : 

ID de l'application relative au package défaillant :

Error: (12/29/2015 08:36:06 PM) (Source: Application Hang) (User: )
Description: Le programme notepad.exe version 10.0.10586.0 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 492c

Heure de début : 01d1426fc4b888e9

Heure de fin : 12

Chemin d'accès de l'application : C:\Windows\SysWOW64\notepad.exe

ID de rapport : 64f4d294-ae63-11e5-8305-089e01f37742

Nom complet du package défaillant : 

ID de l'application relative au package défaillant :

Error: (12/29/2015 08:05:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Laptop-bureau-1)
Description: Échec de l’activation de l’application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge avec l’erreur : -2147023636 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (12/29/2015 08:04:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Laptop-bureau-1)
Description: Échec de l’activation de l’application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge avec l’erreur : -2147023636 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (12/29/2015 08:04:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Laptop-bureau-1)
Description: Échec de l’activation de l’application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge avec l’erreur : -2147023636 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (12/29/2015 07:58:26 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.10586.0, horodatage : 0x5632d899
Nom du module défaillant : combase.dll, version : 10.0.10586.0, horodatage : 0x5632d304
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00166cf1
ID du processus défaillant : 0x4530
Heure de début de l’application défaillante : 0xbackgroundTaskHost.exe0
Chemin d’accès de l’application défaillante : backgroundTaskHost.exe1
Chemin d’accès du module défaillant: backgroundTaskHost.exe2
ID de rapport : backgroundTaskHost.exe3
Nom complet du package défaillant : backgroundTaskHost.exe4
ID de l’application relative au package défaillant : backgroundTaskHost.exe5

Error: (12/29/2015 07:58:16 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.10586.0, horodatage : 0x5632d8f0
Nom du module défaillant : combase.dll, version : 10.0.10586.0, horodatage : 0x5632d3ca
Code d’exception : 0xc0000602
Décalage d’erreur : 0x000000000018db3b
ID du processus défaillant : 0x4a04
Heure de début de l’application défaillante : 0xbackgroundTaskHost.exe0
Chemin d’accès de l’application défaillante : backgroundTaskHost.exe1
Chemin d’accès du module défaillant: backgroundTaskHost.exe2
ID de rapport : backgroundTaskHost.exe3
Nom complet du package défaillant : backgroundTaskHost.exe4
ID de l’application relative au package défaillant : backgroundTaskHost.exe5

Error: (12/29/2015 01:05:33 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante SynTPEnh.exe, version : 19.0.16.3, horodatage : 0x55ae97ad
Nom du module défaillant : SynCOM.dll, version : 19.0.16.3, horodatage : 0x55ae939d
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000032e53
ID du processus défaillant : 0x3adc
Heure de début de l’application défaillante : 0xSynTPEnh.exe0
Chemin d’accès de l’application défaillante : SynTPEnh.exe1
Chemin d’accès du module défaillant: SynTPEnh.exe2
ID de rapport : SynTPEnh.exe3
Nom complet du package défaillant : SynTPEnh.exe4
ID de l’application relative au package défaillant : SynTPEnh.exe5


System errors:
=============
Error: (12/29/2015 11:22:21 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (12/29/2015 11:20:12 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (12/29/2015 11:14:48 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (12/29/2015 10:42:42 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (12/29/2015 10:18:51 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (12/29/2015 08:54:15 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (12/29/2015 08:37:13 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (12/29/2015 08:35:18 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (12/29/2015 08:32:03 PM) (Source: DCOM) (User: AUTORITE NT)
Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible

Error: (12/29/2015 08:28:34 PM) (Source: DCOM) (User: Laptop-bureau-1)
Description: par défaut de l’ordinateurLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Laptop-bureau-1InternetS-1-5-21-3219801020-819653454-2207323919-1005LocalHost (avec LRPC)Non disponibleNon disponible


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-12-23 20:43:30.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-23 20:19:56.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-23 20:18:46.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-23 20:07:25.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Aloha TriPeaks (HKLM-x32\...\WTA-71fd3ed6-03d7-4525-94b7-74a06c8fa61e) (Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-e68b4ff0-c741-4940-b889-4c8fcf7324fb) (Version: 2.2.0.98 - WildTangent) Hidden
Britannica DVD 2000 (HKLM-x32\...\Britannica DVD 2000) (Version:  - )
Brother MFL-Pro Suite MFC-J6910DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.3.0.6 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.9 (HKLM-x32\...\DPP) (Version: 3.9.1.0 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.1.0.4 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)
Centre Souris et Claviers Microsoft (HKLM\...\{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}) (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Centre Souris et Claviers Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Chuzzle Deluxe (HKLM-x32\...\WTA-fafc683f-edf4-4494-bc3d-6deeaa77fe72) (Version: 2.2.0.95 - WildTangent) Hidden
Complément Microsoft Enregistrer en tant que PDF pour programmes Microsoft Office 2007 (HKLM-x32\...\{90120000-00B0-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
Désinstaller Le Petit Robert de la langue française (HKLM-x32\...\Le Petit Robert) (Version:  - )
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Elements 10 Organizer (HKLM-x32\...\{22D3A614-482C-444A-932C-9DA1B8ECDFD2}) (Version: 10.0 - Nom de votre société) Hidden
Elements 9 Organizer (HKLM-x32\...\{433EACD8-4747-4A6A-826A-FFA9F39B0D40}) (Version: 9.0 - Nom de votre société) Hidden
Elements STI Installer (HKLM-x32\...\{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Empress of the Deep - The Darkest Secret (HKLM-x32\...\WTA-346607bc-89a7-4625-943f-c4063fd25b94) (Version: 2.2.0.98 - WildTangent) Hidden
Étude pour l'amélioration du produit HP Officejet Pro 8600 (HKLM\...\{562D25FD-5778-4631-B733-0EC21968E37F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Aide (HKLM-x32\...\{20033B23-1270-4E9C-92DC-2E167A367C73}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Incomedia WebSite X5 Evolution (HKLM-x32\...\Incomedia WebSite X5 Evolution) (Version:  - )
Incomedia WebSite X5 v10 - Evolution (HKLM-x32\...\{0A53AC6C-9E9D-451D-AB28-F5D1427C4D56}_is1) (Version: 10.1.4.45 - Incomedia s.r.l.)
Incomedia WebSite X5 v8 - Evolution (HKLM-x32\...\Incomedia WebSite X5 v8 - Evolution) (Version:  - )
Incomedia WebSite X5 v9 - Evolution (HKLM-x32\...\{64392EEB-38EF-45FD-822D-5C75CA136860}_is1) (Version: 9.1.12.1975 - Incomedia s.r.l.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{01FE8E22-F9DA-4EB7-9A95-80A8D1236DEB}) (Version: 17.1.1512.0771 - Intel Corporation)
IPIX ActiveX Viewer (HKLM-x32\...\IPIX ActiveX Viewer) (Version:  - )
IRIScan™ Direct (HKLM-x32\...\IRIScanDirect_is1) (Version: 3.9.1.3 - IRIScanDirect)
Island Tribe (HKLM-x32\...\WTA-9df84f50-9ed1-4b1b-8d63-50d983f026b4) (Version: 2.2.0.98 - WildTangent) Hidden
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Quest Solitaire 2 (HKLM-x32\...\WTA-de6eb157-a82d-45e4-b994-d8f9eca23ebe) (Version: 2.2.0.98 - WildTangent) Hidden
Kaspersky Internet Security (HKLM-x32\...\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Le Grand Robert & Collins (HKLM\...\GRCDVD) (Version:  - Le Robert)
Logiciel de base du périphérique HP Officejet Pro 8600 (HKLM\...\{E588CA1D-AD74-4E04-8C53-AD9735C4CA54}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Logiciel Intel® PROSet/Wireless (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
Magic Academy (HKLM-x32\...\WTA-0ae694b9-38db-4f47-a90c-8c5c451dcf59) (Version: 2.2.0.98 - WildTangent) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Famille et Etudiant 2013 - fr-fr (HKLM\...\HomeStudentRetail - fr-fr) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
Mises à jour NVIDIA 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 fr)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 fr)) (Version: 38.4.0 - Mozilla)
Nuance Cloud Connector (HKLM-x32\...\{4C99EAAA-A846-4029-B500-312C5937D714}) (Version: 3.2.1026 - Nuance Communications, Inc.)
Nuance OmniPage Ultimate (HKLM-x32\...\{419512F9-D5E7-4ED2-BF99-E7F2C0176B6A}) (Version: 19.00.0000 - Nuance Communications, Inc.)
Nuance PDF Create 8 (HKLM\...\{D8AD8411-A273-4560-B756-A418ED4910AD}) (Version: 8.10.6293 - Nuance Communications, Inc.)
Nuance PDF Create 8 (HKLM-x32\...\{D8AD8411-A273-4560-B756-A418ED4910AD}) (Version: 8.10.6293 - Nuance Communications, Inc.)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Pilote graphique 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-040C-0000-0000000FF1CE}) (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Panneau de configuration NVIDIA 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 353.54 - NVIDIA Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-e05eeee7-cfba-4113-a46a-794e429f05d9) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-8190eac8-2fe6-4f84-8ff5-b36c762ed950) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-218e749d-097c-4f6f-afeb-c661be7db7f8) (Version: 2.2.0.97 - WildTangent) Hidden
PRE10STI64Installer (HKLM-x32\...\{9F06F464-479A-403E-AF92-70CBB8D674A1}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Readiris Pro 14 (HKLM-x32\...\{253FD6A5-CE77-4FBC-A937-202D15808D0C}) (Version: 14.00.2753 - I.R.I.S.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
telinfo 11/06 (HKLM-x32\...\{44591AF0-E852-426B-A291-4D6F0A071A3E}) (Version: 21.00.000 - Swisscom Directories SA)
TOSHIBA Addendum (HKLM-x32\...\{CE0374A6-B204-4336-8293-63FBB1DADBF4}) (Version: 1.00 - TOSHIBA)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 1.0.5.214  - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Gesture Controller (HKLM-x32\...\{D2484156-5F50-46CA-994A-3EC35F891950}) (Version: 4.0.110.0 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.9.2 - Toshiba Europe GmbH)
Universalis 10 (HKLM-x32\...\Encyclopædia Universalis) (Version:  - )
Universalis 12 (HKLM-x32\...\Encyclopædia Universalis12) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-ade11a0e-ceb7-48e1-af1d-9cd5166240d4) (Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.9.7 - WildTangent) Hidden
WinBIZ 8.0 Evaluation (HKLM-x32\...\{9CF45395-D513-4DFD-8B70-3933FF5A2DD6}) (Version: 8.00.1266             - La Gestion Electronique SA)

========================= Devices: ================================

Name: 
Description: 
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Device ID: ROOT\MULTIFUNCTION\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 16308.09 MB
Available physical RAM: 12931.08 MB
Total Virtual: 18740.09 MB
Available Virtual: 11798.73 MB

========================= Partitions: =====================================

1 Drive c: (TI31201100A) (Fixed) (Total:226.85 GB) (Free:94.82 GB) NTFS
2 Drive d: () (Fixed) (Total:931.51 GB) (Free:723.4 GB) NTFS

========================= Users: ========================================

comptes d'utilisateurs de \\LAPTOP-BUREAU-1

Administrateur           DefaultAccount           Internet                 
Invit‚                   PropriŠtaire             
La commande s'est termin‚e correctement.

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================


**** End of log ****


#8 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:35 PM

Posted 30 December 2015 - 03:10 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 wingardiumleviosa50

wingardiumleviosa50
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 30 December 2015 - 03:53 PM

Hello again. :hello: :hello:

I have a question to ask for clarification.

Your Malwarebytes Anti-Rootkit instructions say to scan, and then to clean-up if malware is found.
But yesterday Malwarebytes told me it had found a registry value probably related to a rootkit. This window appeared before and not after the scan.


Here is the window I am talking about.

 

 

94C3cx5.jpg
 

 

 

Reading your instructions, I am unsure if I should remove thid valie or not, because it was detected before the scan, but when I read your instructions it looks like it says to clean-up malware found after doing the scan.

Should I press yes before the scan to remove this registry value, or press no? :question: :)
 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:35 PM

Posted 30 December 2015 - 04:09 PM

press yes before the scan to remove this registry value.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 wingardiumleviosa50

wingardiumleviosa50
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 31 December 2015 - 01:33 AM

Hello again. Here's what happened today.

 

Malwarebytes Anti Rootkit

-scan got slow when scanning file ending in .ini in Kaspersky folder

-No malware found

 

AdwCleaner

The AdwCleaner screen froze soon after lauching for maybe 1-2 minute at most. I did not know what to keep or not, so I unchechk all checked options : the registry values,ebay.ink etc

 

Jrt

-Scan finished with no problems.

 

 

Malwarebytes Anti-Rootkit BETA Log

 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2015.12.30.06
  rootkit: v2015.12.26.01
 
Windows 10 x64 NTFS
Internet Explorer 11.20.10586.0
Propriètaire :: LAPTOP-BUREAU-1 [administrator]
 
31.12.2015 04:51:39
mbar-log-2015-12-31 (04-51-39).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 428633
Time elapsed: 10 minute(s), 22 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
AdwCleaner Log
 
 
# AdwCleaner v5.026 - Logfile created 31/12/2015 at 05:12:22
# Updated 21/12/2015 by Xplode
# Database : 2015-12-21.2 [Local]
# Operating system : Windows 10 Pro  (x64)
# Username : Propriètaire - LAPTOP-BUREAU-1
# Running from : C:\Users\Internet\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
File Found : C:\Users\Public\Desktop\eBay.lnk
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
 
########## EOF - \AdwCleaner\AdwCleaner[S3].txt - [1121 bytes] ##########
 
 
Junkare Removal Tool Log
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64
Ran by PropriŠtaire (Administrator) on 31.12.2015 at  6:11:02,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1
 
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut)
 
 
 
Registry: 1
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{73E0EEB1-54E3-4715-886E-ABC88FFAD9B6} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.12.2015 at  6:12:02,20
End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by wingardiumleviosa50, 31 December 2015 - 01:39 AM.


#12 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:35 PM

Posted 31 December 2015 - 02:04 AM


Run AdwCleaner again, let it run for 10 minutes
Do no not uncheck items
This time, click on the Clean button.
 

:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***



***


:step4: How the computer is running now?

 


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 wingardiumleviosa50

wingardiumleviosa50
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 31 December 2015 - 03:51 PM

Hello again.

 

I ran AdwCleaner again and this time, I did not uncheck any of the things it found. I clicked on clean-up, then the computer rebooted. But no log opened after rebooting, although a log was created in AdwCleaner's folder, but I do not know if it was created before or after rebooting. There are still mentions of registry keys etc in that log.

 

 

I left the computer for maybe an hour running, but no text file opened, so I wondered if something went wrong. I launched AdwCleaner one more time, and this time it found no malware and the log is clean.

Also the Kasperky Real-Time Protection module in Firefox works again.

 

Here are the logs.

 

# AdwCleaner v5.026 - Logfile created 31/12/2015 at 18:52:16
# Updated 21/12/2015 by Xplode
# Database : 2015-12-21.2 [Local]
# Operating system : Windows 10 Pro  (x64)
# Username : Propriètaire - LAPTOP-BUREAU-1
# Running from : C:\Users\Internet\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Web browsers ] *****


########## EOF - \AdwCleaner\AdwCleaner[S5].txt - [1074 bytes] ##########
 

 

 

-------------------------------------------------------------

 

 

 

# AdwCleaner v5.026 - Logfile created 31/12/2015 at 20:39:44
# Updated 21/12/2015 by Xplode
# Database : 2015-12-21.2 [Local]
# Operating system : Windows 10 Pro  (x64)
# Username : Propriètaire - LAPTOP-BUREAU-1
# Running from : C:\Users\Internet\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - \AdwCleaner\AdwCleaner[S6].txt - [579 bytes] ##########
 



#14 Jo*

Jo*

  • Malware Response Team
  • 3,408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:35 PM

Posted 01 January 2016 - 03:16 AM

How the computer is running now?

Do you still get a virus alarm?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 wingardiumleviosa50

wingardiumleviosa50
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 01 January 2016 - 04:07 PM

Hello.

 

I did scans with MalwareBytes again before shutting down the computer yesterday. Yesterday it found no malware.

 

After I booted it up today, I did a scan with MallwareBytes again and it's telling me it found Malware again. But it didn't say before starting the scan that there was possible rootkit activity like it did before you told me to use the clean up function of MBAR.

 

 

YeDuk0m.jpg

 

 

OhyO1pB.jpg

 

 

3tkHam2.jpg

 

 

Also, earlier, something strange happened, but I do not know it it is malware related. Before I uploaded the schreenshots, I tried to double click the pictures to look at what was written on them once more. The cursor selected all the pictures in the same folder, and I could not do what I wanted to do, until I used the back and forward arrows to leave the folder and open it again, several times. Also, I had Firefox open, and when I clicked on Firefox's icon in the toolbar, it would bring up a screen about Windows can't reach Smartscreen etc, as if it was trying to launch Firefox, but Firefox was already launched in the background.

 

 

Are these false positives or real malware? Also, was there bad malware in the previous scans? Is the App_Init thing stillt here, and is it/was it really rootkit/trojan related?


Edited by wingardiumleviosa50, 01 January 2016 - 04:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users