Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

requested search for a possible malware infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 andreapi5317

andreapi5317

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 28 April 2016 - 06:40 AM

Hello,

 

My bank asked me to proceed to  a search for a possible malware infection on my pc, as my online account had been subject to an attempted hack. Could you help me do that? the only thing I have noticed is sometimes a slow web connection and a high CPU rate when using Chrome browser.

with gratitude...

André Apicella

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x86) Version:27-04-2016
Exécuté par numerouno (administrateur) sur NUMEROUNO-PC (27-04-2016 13:28:20)
Exécuté depuis C:\Users\andré.numerouno-PC\Desktop
Profils chargés: numerouno & andré (Profils disponibles: numerouno & andré & DefaultAppPool)
Platform: Microsoft Windows 10 Professionnel Version 1511 (X86) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Edge)
Mode d'amorçage: Normal
 
==================== Processus (Avec liste blanche) =================
 
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Privax) C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Azureus Software, Inc) C:\Program Files\Vuze\Azureus.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
() C:\Program Files\GNU\GnuPG\bin\dbus-daemon.exe
() C:\Program Files\GNU\GnuPG\bin\kleopatra.exe
(g10 Code GmbH) C:\Program Files\GNU\GnuPG\gpg-agent.exe
(g10 Code GmbH) C:\Program Files\GNU\GnuPG\scdaemon.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x86__8wekyb3d8bbwe\Calculator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\PDF Architect.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
 
 
==================== Registre (Avec liste blanche) ===========================
 
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
 
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE [484760 2009-12-15] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5089480 2015-07-08] (ESET)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-08-18] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)
HKU\S-1-5-21-2093125429-631953171-4251856079-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2398024 2015-11-09] (Link64 GmbH)
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\RunOnce: [Uninstall C:\Users\andr .numerouno-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\andré.numerouno-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\MountPoints2: {a7853a00-a46a-11e4-b731-001372d8d7a5} - "E:\SETUP.EXE" 
 
==================== Internet (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\..\Interfaces\{d84a42b5-15e0-47b8-aeba-00592313b53e}: [DhcpNameServer] 212.27.40.240 212.27.40.241
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2093125429-631953171-4251856079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2093125429-631953171-4251856079-1003 -> {C5FA2044-DB2C-4B45-ABEA-64737280FD00} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll [2014-01-23] (pdfforge GmbH)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  Pas de fichier
 
FireFox:
========
FF ProfilePath: C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-07-26] [non signé]
FF HKLM\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => non trouvé(e)
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox Developer Edition\firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-03-14]
 
Chrome: 
=======
CHR Profile: C:\Users\numerouno\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\numerouno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-03]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\numerouno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-12]
 
==================== Services (Avec liste blanche) ========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Fichier non signé]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1353720 2015-07-08] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2015-08-18] (NVIDIA Corporation)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [Fichier non signé]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-08-18] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2015-08-18] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2015-03-17] (The OpenVPN Project)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
S2 HuaweiHiSuiteService.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
 
===================== Pilotes (Avec liste blanche) ==========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2015-01-25] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [199608 2015-07-14] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET)
R2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [185176 2015-07-14] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [46656 2015-07-14] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [60552 2015-07-14] (ESET)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [97560 2015-10-01] (Zemana Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2015-05-07] (Huawei Technologies Co., Ltd.)
U3 idsvc; pas de ImagePath
 
==================== NetSvcs (Avec liste blanche) ===================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
 
==================== Un mois - Créés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2016-04-27 13:28 - 2016-04-27 13:28 - 00017093 _____ C:\Users\andré.numerouno-PC\Desktop\FRST.txt
2016-04-27 13:10 - 2016-04-27 13:10 - 01728000 _____ (Farbar) C:\Users\andré.numerouno-PC\Desktop\FRST.exe
2016-04-27 00:36 - 2016-04-27 00:36 - 00000022 _____ C:\WINDOWS\S.dirmngr
2016-04-26 21:35 - 2016-04-26 21:35 - 01315464 _____ C:\Users\andré.numerouno-PC\Desktop\New Portable Document 1 Copy.pdf
2016-04-25 23:31 - 2016-04-25 23:31 - 00000000 ____D C:\Users\numerouno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\winMd5Sum
2016-04-25 23:31 - 2016-04-25 23:31 - 00000000 ____D C:\Program Files\winMd5Sum
2016-04-25 23:30 - 2016-04-25 23:31 - 00184707 _____ C:\Users\andré.numerouno-PC\Downloads\Install-winMd5Sum.exe
2016-04-25 23:14 - 2016-04-25 23:40 - 00000000 ____D C:\Program Files\LiveUSB Creator
2016-04-25 23:14 - 2016-04-25 23:14 - 00000000 ____D C:\Users\numerouno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LiveUSB Creator
2016-04-25 23:02 - 2016-04-25 23:13 - 13083032 _____ C:\Users\andré.numerouno-PC\Downloads\liveusb-creator-3.12.0-setup.exe
2016-04-22 22:01 - 2016-04-24 14:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-21 13:12 - 2016-04-21 13:12 - 00054537 _____ C:\Users\numerouno\Desktop\Addition.txt
2016-04-21 13:12 - 2016-04-21 13:12 - 00053481 _____ C:\Users\numerouno\Desktop\FRST.txt
2016-04-21 13:06 - 2016-04-21 13:07 - 00054537 _____ C:\Users\andré.numerouno-PC\Downloads\Addition.txt
2016-04-21 13:04 - 2016-04-27 13:28 - 00000000 ____D C:\FRST
2016-04-17 18:21 - 2016-04-17 18:21 - 00001919 _____ C:\Users\Public\Desktop\Web Cartoon Maker.lnk
2016-04-17 18:21 - 2016-04-17 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Cartoon Maker
2016-04-17 18:21 - 2011-04-01 23:07 - 00354304 _____ C:\WINDOWS\system32\QtSvg4.dll
2016-04-17 18:21 - 2011-04-01 23:03 - 08423936 _____ C:\WINDOWS\system32\QtGui4.dll
2016-04-17 18:21 - 2011-04-01 22:54 - 02454528 _____ C:\WINDOWS\system32\QtCore4.dll
2016-04-17 18:20 - 2016-04-17 18:21 - 00000000 ____D C:\Program Files\Web Cartoon Maker
2016-04-17 18:19 - 2016-04-17 18:20 - 06779351 _____ (Web Cartoon Maker ) C:\Users\andré.numerouno-PC\Downloads\wcm_desktop_setup.exe
2016-04-17 13:38 - 2016-04-17 13:40 - 66013863 _____ C:\Users\andré.numerouno-PC\Downloads\lartsite-com-default-1-complete-2016-04-17-05-03-42.zip
2016-04-15 16:39 - 2016-04-15 16:39 - 00013603 _____ C:\Users\andré.numerouno-PC\Documents\dimensions_porte_sall-a-manger.pdf
2016-04-15 11:49 - 2016-04-15 11:49 - 00256847 _____ C:\Users\andré.numerouno-PC\Desktop\CO17 Etablir des devis conformes Copy.pdf
2016-04-13 02:08 - 2016-03-29 11:38 - 05797216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 02:08 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 02:08 - 2016-03-29 11:36 - 01820512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 02:08 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 02:08 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 02:08 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 02:08 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 02:08 - 2016-03-29 08:53 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 02:08 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 02:08 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 02:08 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 02:08 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 02:08 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 02:08 - 2016-03-29 08:14 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 02:08 - 2016-03-29 08:05 - 01894912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 02:08 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 02:08 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 02:08 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 02:08 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 02:08 - 2016-03-29 07:49 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 02:08 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 02:08 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 02:08 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 02:07 - 2016-04-02 06:17 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 02:07 - 2016-04-02 06:14 - 00757192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 02:07 - 2016-04-02 06:14 - 00613112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 02:07 - 2016-04-02 06:14 - 00305296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 02:07 - 2016-04-02 05:30 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 02:07 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 02:07 - 2016-04-02 05:26 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 02:07 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 02:07 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 02:07 - 2016-04-02 05:22 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 02:07 - 2016-04-02 05:20 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 02:07 - 2016-04-02 05:20 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 02:07 - 2016-04-02 05:17 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 02:07 - 2016-04-02 05:14 - 03197440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 02:07 - 2016-04-02 05:12 - 01887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 02:07 - 2016-04-02 05:11 - 01524736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 02:07 - 2016-04-02 05:10 - 02871296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 02:07 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 02:07 - 2016-04-02 05:05 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 02:07 - 2016-03-29 11:41 - 00875992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 02:07 - 2016-03-29 11:41 - 00771120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 02:07 - 2016-03-29 11:41 - 00228696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 02:07 - 2016-03-29 11:38 - 01051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 02:07 - 2016-03-29 11:38 - 00927072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 02:07 - 2016-03-29 11:33 - 00084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 02:07 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 02:07 - 2016-03-29 11:21 - 00922456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 02:07 - 2016-03-29 11:20 - 00856928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 02:07 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 02:07 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 02:07 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 02:07 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 02:07 - 2016-03-29 10:41 - 00203104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 02:07 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 02:07 - 2016-03-29 10:34 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 02:07 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 02:07 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 02:07 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 02:07 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 02:07 - 2016-03-29 10:24 - 00063008 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 02:07 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 02:07 - 2016-03-29 09:46 - 01861984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 02:07 - 2016-03-29 09:46 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 02:07 - 2016-03-29 09:42 - 00287072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 02:07 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-04-13 02:07 - 2016-03-29 09:30 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 02:07 - 2016-03-29 09:28 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 02:07 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 02:07 - 2016-03-29 09:20 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 02:07 - 2016-03-29 09:20 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 02:07 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 02:07 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 02:07 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 02:07 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 02:07 - 2016-03-29 09:14 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 02:07 - 2016-03-29 09:14 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 02:07 - 2016-03-29 09:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 02:07 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 02:07 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 02:07 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 02:07 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 02:07 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 02:07 - 2016-03-29 09:09 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 02:07 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 02:07 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 02:07 - 2016-03-29 09:08 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 02:07 - 2016-03-29 09:06 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 02:07 - 2016-03-29 09:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 02:07 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 02:07 - 2016-03-29 09:05 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 02:07 - 2016-03-29 09:05 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 02:07 - 2016-03-29 09:05 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 02:07 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 02:07 - 2016-03-29 09:05 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 02:07 - 2016-03-29 09:05 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 02:07 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 02:07 - 2016-03-29 09:03 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 02:07 - 2016-03-29 09:02 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 02:07 - 2016-03-29 09:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 02:07 - 2016-03-29 08:59 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 02:07 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 02:07 - 2016-03-29 08:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 02:07 - 2016-03-29 08:54 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 02:07 - 2016-03-29 08:53 - 00424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 02:07 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 02:07 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 02:07 - 2016-03-29 08:52 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 02:07 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 02:07 - 2016-03-29 08:52 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 02:07 - 2016-03-29 08:52 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 02:07 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 02:07 - 2016-03-29 08:51 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 02:07 - 2016-03-29 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 02:07 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 02:07 - 2016-03-29 08:47 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 02:07 - 2016-03-29 08:46 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 02:07 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 02:07 - 2016-03-29 08:44 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 02:07 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 02:07 - 2016-03-29 08:43 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 02:07 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 02:07 - 2016-03-29 08:41 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 02:07 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 02:07 - 2016-03-29 08:40 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 02:07 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 02:07 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 02:07 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 02:07 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 02:07 - 2016-03-29 08:38 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 02:07 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 02:07 - 2016-03-29 08:36 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 02:07 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 02:07 - 2016-03-29 08:34 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 02:07 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 02:07 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 02:07 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 02:07 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 02:07 - 2016-03-29 08:32 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 02:07 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 02:07 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 02:07 - 2016-03-29 08:32 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 02:07 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 02:07 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 02:07 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 02:07 - 2016-03-29 08:29 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 02:07 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 02:07 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 02:07 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 02:07 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 02:07 - 2016-03-29 08:26 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 02:07 - 2016-03-29 08:26 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 02:07 - 2016-03-29 08:25 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 02:07 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 02:07 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 02:07 - 2016-03-29 08:18 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 02:07 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 02:07 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 02:07 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 02:07 - 2016-03-29 08:07 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 02:07 - 2016-03-29 08:06 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 02:07 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 02:07 - 2016-03-29 08:06 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 02:07 - 2016-03-29 08:06 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 02:07 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 02:07 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 02:07 - 2016-03-29 08:04 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 02:07 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 02:07 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 02:07 - 2016-03-29 07:55 - 00614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 02:07 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 02:07 - 2016-03-29 07:46 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 02:07 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 02:07 - 2016-03-29 07:42 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 02:07 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 02:07 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 02:07 - 2016-03-29 07:36 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 02:07 - 2016-03-29 07:32 - 00742400 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 02:07 - 2016-03-29 07:30 - 00782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 02:07 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 02:07 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 02:07 - 2016-03-29 07:25 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 02:07 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 02:07 - 2016-03-29 07:24 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 02:07 - 2016-03-29 07:21 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-09 17:49 - 2016-04-09 17:49 - 00001409 _____ C:\WINDOWS\system32\PGTEXTJE.FOT
2016-04-09 17:49 - 2016-04-09 17:49 - 00001409 _____ C:\WINDOWS\system32\PGTEXTJ_.FOT
2016-04-09 17:49 - 2016-04-09 17:49 - 00001409 _____ C:\WINDOWS\system32\PGTEXT.FOT
2016-04-09 17:49 - 2016-04-09 17:49 - 00001409 _____ C:\WINDOWS\system32\PGChords.FOT
2016-04-08 14:56 - 2016-04-08 14:56 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-04-06 14:29 - 2016-04-06 14:29 - 00000017 _____ C:\Users\andré.numerouno-PC\AppData\Local\resmon.resmoncfg
2016-04-05 16:40 - 2016-04-05 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-05 16:39 - 2016-04-05 16:40 - 00000000 ____D C:\Program Files\iTunes
2016-04-05 16:39 - 2016-04-05 16:39 - 00000000 ____D C:\Program Files\iPod
2016-04-05 16:33 - 2016-04-05 16:33 - 00000000 ____D C:\Program Files\Apple Software Update
2016-04-04 15:26 - 2016-04-26 14:21 - 00005638 _____ C:\Users\andré.numerouno-PC\Desktop\log.txt.asc
2016-04-04 12:12 - 2015-05-07 13:40 - 00249856 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2016-04-04 12:12 - 2015-05-07 13:40 - 00195200 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2016-04-04 12:12 - 2015-05-07 13:40 - 00102272 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2016-04-03 23:20 - 2016-04-03 23:20 - 03857498 _____ C:\Users\andré.numerouno-PC\Desktop\gpg4win-compendium-en Copy.pdf
2016-04-03 23:18 - 2016-04-27 12:40 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Roaming\gnupg
2016-04-03 23:18 - 2016-04-04 14:43 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Roaming\.kde
2016-04-03 23:18 - 2016-04-03 23:18 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Local\GNU
2016-04-03 23:16 - 2016-04-03 23:16 - 00000000 ____D C:\Users\numerouno\AppData\Roaming\gnupg
2016-04-03 23:16 - 2016-04-03 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2016-04-03 23:16 - 2016-04-03 23:16 - 00000000 ____D C:\ProgramData\GNU
2016-04-03 23:15 - 2016-04-03 23:15 - 00000000 ____D C:\Program Files\GNU
2016-04-03 20:35 - 2016-04-03 23:14 - 26557472 _____ (g10 Code GmbH) C:\Users\andré.numerouno-PC\Downloads\gpg4win-2.3.0.exe
2016-03-28 19:03 - 2016-04-24 16:08 - 00000000 ____D C:\Users\andré.numerouno-PC\Desktop\sauv_raw
2016-03-28 12:13 - 2016-03-28 12:13 - 01055724 _____ C:\Users\andré.numerouno-PC\Desktop\FORMATION_1.pdf
 
==================== Un mois - Modifiés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2016-04-27 13:27 - 2014-07-09 15:23 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Roaming\Azureus
2016-04-27 13:25 - 2014-02-07 20:22 - 00001062 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-27 13:22 - 2014-02-04 12:37 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Roaming\vlc
2016-04-27 13:22 - 2006-04-16 12:24 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\Fichiers Outlook
2016-04-27 12:56 - 2015-02-15 19:25 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-27 12:32 - 2015-03-20 00:20 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d06292f92056f5.job
2016-04-27 11:58 - 2015-12-16 00:16 - 00000000 ____D C:\Users\andré.numerouno-PC
2016-04-27 10:31 - 2014-02-04 20:26 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\bancotélécargo
2016-04-27 09:45 - 2014-06-06 00:49 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\Vuze Downloads
2016-04-27 02:00 - 2006-04-16 10:23 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Local\Adobe
2016-04-27 00:36 - 2015-12-16 00:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-27 00:36 - 2015-12-16 00:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-27 00:36 - 2014-06-25 12:33 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-04-27 00:36 - 2014-02-07 20:22 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-26 23:41 - 2015-10-30 07:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-26 21:58 - 2015-10-30 07:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-26 21:58 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-26 12:59 - 2015-08-18 18:37 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Local\CrashDumps
2016-04-25 13:47 - 2014-02-12 19:03 - 00001456 _____ C:\Users\andré.numerouno-PC\AppData\Local\Adobe Enregistrer pour le Web 13.0 Prefs
2016-04-25 12:21 - 2016-02-10 16:16 - 00000000 ____D C:\Users\andré.numerouno-PC\Desktop\EDF
2016-04-24 14:54 - 2006-04-15 10:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-24 14:23 - 2015-08-22 14:00 - 00000000 ____D C:\Users\numerouno\AppData\Local\CrashDumps
2016-04-24 14:23 - 2015-08-18 23:04 - 00000000 ____D C:\Users\numerouno\AppData\Local\Packages
2016-04-24 14:09 - 2015-12-23 19:41 - 00000000 ____D C:\Users\andré.numerouno-PC\Downloads\Nouveau dossier
2016-04-23 23:19 - 2014-02-14 16:50 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Roaming\foobar2000
2016-04-23 13:10 - 2015-12-16 00:15 - 02085388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-23 13:10 - 2015-10-30 17:07 - 00915232 _____ C:\WINDOWS\system32\perfh00C.dat
2016-04-23 13:10 - 2015-10-30 17:07 - 00190670 _____ C:\WINDOWS\system32\perfc00C.dat
2016-04-23 13:10 - 2015-10-30 07:47 - 00000000 ____D C:\WINDOWS\INF
2016-04-23 12:04 - 2014-02-04 18:12 - 00001154 _____ C:\Users\andré.numerouno-PC\Desktop\alexandra_hana_alliez.txt
2016-04-22 11:50 - 2015-09-04 17:10 - 00000034 _____ C:\Users\andré.numerouno-PC\AppData\Roaming\AdobeWLCMCache.dat
2016-04-21 01:18 - 2015-10-30 07:48 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-04-20 21:25 - 2015-10-02 17:03 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 21:18 - 2016-02-16 17:42 - 00001089 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-20 21:18 - 2016-02-16 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-20 21:18 - 2016-02-16 17:41 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-04-20 13:39 - 2015-12-16 11:35 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-20 13:39 - 2014-10-31 14:05 - 00116841 ____N C:\WINDOWS\Minidump\042016-22156-01.dmp
2016-04-17 19:10 - 2014-12-20 20:05 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\AI
2016-04-17 15:23 - 2016-01-16 16:07 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\KL
2016-04-17 15:21 - 2015-05-01 00:12 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\textes_doc
2016-04-17 14:13 - 2014-02-13 00:46 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Roaming\FileZilla
2016-04-17 11:50 - 2015-08-26 16:17 - 00607232 ___SH C:\Users\andré.numerouno-PC\Desktop\Thumbs.db
2016-04-16 17:52 - 2015-08-18 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-04-16 17:52 - 2014-02-12 16:35 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-04-16 11:55 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 16:21 - 2015-12-16 00:16 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-15 16:15 - 2014-02-04 20:28 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\médical
2016-04-15 14:02 - 2014-02-04 20:46 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\textes
2016-04-15 00:52 - 2015-12-16 00:09 - 03862112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 23:34 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 23:34 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 23:34 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 23:34 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 16:03 - 2015-08-13 14:56 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Local\Packages
2016-04-13 02:35 - 2015-10-30 07:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 02:32 - 2014-02-01 16:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 02:16 - 2014-02-01 16:32 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 01:28 - 2014-02-07 20:22 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 18:43 - 2014-02-12 15:07 - 00000000 ____D C:\Users\andré.numerouno-PC\dwhelper
2016-04-11 18:41 - 2015-12-16 00:16 - 00000000 ____D C:\Users\numerouno
2016-04-09 19:58 - 2014-10-31 14:05 - 00112777 ____N C:\WINDOWS\Minidump\040916-18812-01.dmp
2016-04-09 17:38 - 2014-05-10 16:22 - 00000066 _____ C:\WINDOWS\BBW_INFO.INI
2016-04-09 17:38 - 2014-05-10 16:21 - 00000000 ____D C:\Program Files\PowerTracks DirectX Plugins
2016-04-09 17:37 - 2015-10-30 07:48 - 00000000 ____D C:\WINDOWS\System
2016-04-09 17:37 - 2014-05-10 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Band-in-a-Box
2016-04-09 17:33 - 2014-05-10 16:19 - 00000000 ____D C:\bb
2016-04-08 15:46 - 2015-04-25 01:24 - 00000000 ____D C:\Program Files\HiSuite
2016-04-08 15:38 - 2014-07-02 14:45 - 00000000 ____D C:\Users\andré.numerouno-PC\Desktop\horaires-bibli
2016-04-06 20:32 - 2015-10-30 07:49 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-10-30 07:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-04-06 15:12 - 2014-03-18 09:33 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\PDF Architect Files
2016-04-06 12:58 - 2014-05-29 00:00 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Local\HiSuite
2016-04-05 16:39 - 2014-07-15 00:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-05 16:33 - 2014-04-15 23:54 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-31 18:54 - 2014-08-04 00:00 - 00000000 ____D C:\Users\andré.numerouno-PC\AppData\Roaming\dvdcss
2016-03-31 08:41 - 2014-02-04 20:48 - 00000000 ____D C:\Users\andré.numerouno-PC\Documents\Bédé
2016-03-29 19:17 - 2006-04-15 14:26 - 00000000 ____D C:\Users\numerouno\AppData\Local\Adobe
 
==================== Fichiers à la racine de certains dossiers =======
 
2014-02-04 19:10 - 2014-02-04 19:10 - 0000132 _____ () C:\Users\numerouno\AppData\Roaming\Adobe PNG Format CC Prefs
2014-02-06 19:57 - 2014-02-06 19:58 - 0001456 _____ () C:\Users\numerouno\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-02-05 22:08 - 2014-02-05 22:08 - 0193744 _____ () C:\Users\numerouno\AppData\Local\lateral1.bmp
2010-11-12 11:10 - 2010-11-12 11:10 - 0193744 _____ () C:\Users\numerouno\AppData\Local\lateral2.bmp
2014-02-05 22:10 - 2014-02-05 22:10 - 0195108 _____ () C:\Users\numerouno\AppData\Local\lateral3.bmp
2014-02-12 20:22 - 2014-02-12 20:22 - 0000218 _____ () C:\Users\numerouno\AppData\Local\recently-used.xbel
2014-09-01 00:00 - 2015-06-28 17:56 - 0007598 _____ () C:\Users\numerouno\AppData\Local\Resmon.ResmonCfg
2014-02-05 23:50 - 2014-02-05 23:50 - 0043976 _____ () C:\Users\numerouno\AppData\Local\save_en.bmp
2014-02-05 23:49 - 2014-02-05 23:49 - 0043976 _____ () C:\Users\numerouno\AppData\Local\save_es.bmp
2015-09-09 19:22 - 2015-09-10 00:01 - 0000705 _____ () C:\ProgramData\hpzinstall.log
 
Fichiers à déplacer ou supprimer:
====================
C:\Users\Public\AlexaNSISPlugin.4032.dll
 
 
Certains fichiers dans TEMP:
====================
C:\Users\andré.numerouno-PC\AppData\Local\Temp\i4jdel0.exe
C:\Users\andré.numerouno-PC\AppData\Local\Temp\npp.6.8.8.Installer.exe
C:\Users\andré.numerouno-PC\AppData\Local\Temp\npp.6.9.Installer.exe
C:\Users\numerouno\AppData\Local\Temp\Uni000.exe
C:\Users\numerouno\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
 
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
 
 
LastRegBack: 2016-04-18 11:52
 
==================== Fin de FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 28 April 2016 - 07:14 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 andreapi5317

andreapi5317
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 28 April 2016 - 04:04 PM

Hi,

As requested, I send you  the report files from  Security Check  and AdwareCleaner. No malware was found by Malwarebytes Anti-Rootkit.

 

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
ESET Smart Security 8.0   
Windows Defender          
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 51  
 Java SE Development Kit 8 Update 20 
 Java version 32-bit out of Date! 
 Adobe Flash Player 21.0.0.213  
 Mozilla Firefox (46.0) 
 Mozilla Thunderbird (45.0.) 
 Google Chrome (49.0.2623.110) 
 Google Chrome (49.0.2623.112) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log`````````````````````` 
 
 

# AdwCleaner v4.112 - Rapport créé le 17/03/2015 à 23:05:50
# Mis à jour le 09/03/2015 par Xplode
# Base de données : 2015-03-15.1 [Serveur]
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (x86)
# Nom d'utilisateur : numerouno - NUMEROUNO-PC
# Exécuté depuis : C:\Users\numerouno\Downloads\adwcleaner_4.112.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
 
***** [ Fichiers / Dossiers ] *****
 
Dossier Supprimé : C:\Users\andré.numerouno-PC\Documents\ProPCCleaner
Dossier Supprimé : C:\Users\numerouno\AppData\Local\Rainmaker_Software_Group_
Dossier Supprimé : C:\Users\numerouno\AppData\Roaming\Rainmaker Software Group LLC.?
Dossier Supprimé : C:\Users\numerouno\Documents\ProPCCleaner
Dossier Supprimé : C:\Users\andré.numerouno-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ookcommfdhjlndngjeppjcolccnkjgho
Fichier Supprimé : C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default\user.js
 
***** [ Tâches planifiées ] *****
 
Tâche Supprimée : Run_Bobby_Browser
Tâche Supprimée : ProPCCleaner_Start
Tâche Supprimée : ProPCCleaner_Popup
 
***** [ Raccourcis ] *****
 
 
***** [ Registre ] *****
 
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Clé Supprimée : HKCU\Software\ProPCCleanerLanguage
Clé Supprimée : HKCU\Software\ProPCCleanerConfig
Clé Supprimée : HKLM\SOFTWARE\SupDp
Clé Supprimée : HKLM\SOFTWARE\Clara
Clé Supprimée : HKLM\SOFTWARE\Taronja
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Search [CustomizeSearch]
 
-\\ Mozilla Firefox v36.0.1 (x86 fr)
 
[dvw4lxry.default\prefs.js] - Ligne Supprimée : user_pref("browser.search.searchengine.alias", "mystartsearch");
[dvw4lxry.default\prefs.js] - Ligne Supprimée : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[dvw4lxry.default\prefs.js] - Ligne Supprimée : user_pref("browser.search.searchengine.name", "mystartsearch");
[dvw4lxry.default\prefs.js] - Ligne Supprimée : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1422174744&from=smt&uid=ST500DM002-1BD142_W2AV21F0XXXXW2AV21F0&q={searchTerms}");
[dvw4lxry.default\prefs.js] - Ligne Supprimée : user_pref("browser.search.selectedEngine", "mystartsearch");
[dvw4lxry.default\prefs.js] - Ligne Supprimée : user_pref("extensions.quick_start.enable_search1", false);
[dvw4lxry.default\prefs.js] - Ligne Supprimée : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [1764 octets] - [11/11/2014 12:28:17]
AdwCleaner[R1].txt - [3840 octets] - [17/03/2015 23:00:08]
AdwCleaner[S0].txt - [1834 octets] - [11/11/2014 17:31:29]
AdwCleaner[S1].txt - [3479 octets] - [17/03/2015 23:05:50]
 
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [3539  octets] ##########
# AdwCleaner v5.114 - Rapport créé le 28/04/2016 à 20:34:29
# Mis à jour le 27/04/2016 par Xplode
# Base de données : 2016-04-27.1 [Serveur]
# Système d'exploitation : Windows 10 Pro  (X86)
# Nom d'utilisateur : numerouno - NUMEROUNO-PC
# Exécuté depuis : C:\Users\andré.numerouno-PC\Desktop\AdwCleaner.exe
# Option : Scanner
 
***** [ Services ] *****
 
 
***** [ Dossiers ] *****
 
Dossier trouvé : C:\ProgramData\VideoDownloaderUltimateWinApp
Dossier trouvé : C:\ProgramData\Application Data\VideoDownloaderUltimateWinApp
Dossier trouvé : C:\Users\numerouno\AppData\Local\Downloaded Installers
Dossier trouvé : C:\Users\numerouno\Documents\Add-in Express
 
***** [ Fichiers ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Tâches planifiées ] *****
 
 
***** [ Registre ] *****
 
Clé trouvée : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Clé trouvée : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Clé trouvée : HKCU\Software\TeleCharger
Clé trouvée : HKU\S-1-5-21-2093125429-631953171-4251856079-1001\Software\TeleCharger
Clé trouvée : HKU\S-1-5-21-2093125429-631953171-4251856079-1003\Software\TeleCharger
Valeur trouvée : HKU\S-1-5-21-2093125429-631953171-4251856079-1003\Software\Microsoft\Windows\CurrentVersion\Run [VideoDownloaderUltimate]
Valeur trouvée : HKU\S-1-5-21-2093125429-631953171-4251856079-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [VideoDownloaderUltimate]
 
***** [ Navigateurs ] *****
 
[C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default\prefs.js] trouvée : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
[C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default\prefs.js] trouvée : user_pref("browser.search.searchengine.ptid", "smt");
[C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default\prefs.js] trouvée : user_pref("browser.search.searchengine.uid", "ST500DM002-1BD142_W2AV21F0XXXXW2AV21F0");
[C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default\prefs.js] trouvée : user_pref("extensions.APN_TB.first-previous-keyword-url", "");
[C:\Users\andré\AppData\Roaming\Mozilla\Firefox\Profiles\xuenq584.default-1354117616122\prefs.js] trouvée : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1384423459212");
 
*************************
 
C:\AdwCleaner\AdwCleaner[C7].txt - [1012 octets] - [07/09/2015 19:30:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [1764 octets] - [11/11/2014 13:28:17]
C:\AdwCleaner\AdwCleaner[R1].txt - [3840 octets] - [18/03/2015 00:00:08]
C:\AdwCleaner\AdwCleaner[R2].txt - [1367 octets] - [04/05/2015 01:07:15]
C:\AdwCleaner\AdwCleaner[R3].txt - [1509 octets] - [07/06/2015 00:15:20]
C:\AdwCleaner\AdwCleaner[R4].txt - [1788 octets] - [28/06/2015 14:46:10]
C:\AdwCleaner\AdwCleaner[R5].txt - [1860 octets] - [28/07/2015 22:49:50]
C:\AdwCleaner\AdwCleaner[S0].txt - [1834 octets] - [11/11/2014 18:31:29]
C:\AdwCleaner\AdwCleaner[S1].txt - [6730 octets] - [18/03/2015 00:05:50]
C:\AdwCleaner\AdwCleaner[S2].txt - [1433 octets] - [04/05/2015 01:11:35]
C:\AdwCleaner\AdwCleaner[S3].txt - [1577 octets] - [07/06/2015 00:20:23]
C:\AdwCleaner\AdwCleaner[S4].txt - [1856 octets] - [28/06/2015 14:51:00]
C:\AdwCleaner\AdwCleaner[S5].txt - [1934 octets] - [28/07/2015 23:11:34]
C:\AdwCleaner\AdwCleaner[S9].txt - [931 octets] - [07/09/2015 19:23:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7173 octets] ##########
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 28 April 2016 - 05:04 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2398024 2015-11-09] (Link64 GmbH)
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\MountPoints2: {a7853a00-a46a-11e4-b731-001372d8d7a5} - "E:\SETUP.EXE" 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2093125429-631953171-4251856079-1003 -> {C5FA2044-DB2C-4B45-ABEA-64737280FD00} URL = 
S2 HuaweiHiSuiteService.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
Task: {0DDD18BE-BDA5-48EA-8CD4-7FC2BAE2E179} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {1421A7C0-4558-48DE-B481-528AA2AFA20D} - System32\Tasks\{C008076C-7868-4D9B-BE97-2CB3B07AB43B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12002
Task: {1A0B598F-5B3E-4FE2-A17E-355F2AB1444F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {37F62B21-275A-4ABD-A0F3-9D99319D39A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {3B1CF667-CE4F-438A-827A-EA1A72BF9ED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {5059C0FE-C2BF-48F3-A4BA-7C34B5F9CC4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {807250E5-C220-4484-A68B-3D4FCED04E24} - System32\Tasks\{F1833381-19D6-46C8-9230-20AAD98C8A11} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=-3
Task: {8F59E8E0-2ADA-4B3D-B3A9-5A46148DE9E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {A12F544E-709A-4CE7-B3FC-8143D2207ED3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {A4EB3156-02F8-4A3C-9795-29E8A5FA8943} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {AD44F924-2F68-44BE-A34D-A60D0F1EBBB9} - System32\Tasks\{8E10A446-B4E0-49BC-A842-DD321FE4945B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=-9
Task: {B200A0C3-00AA-4DA4-BF50-152C5BF5D9DA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {BFA5C115-70B1-488D-8C68-7A535E3D9240} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {CA279D2C-3D7D-484E-BBB6-D2963981060F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
U3 idsvc; pas de ImagePath
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 andreapi5317

andreapi5317
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 29 April 2016 - 06:51 AM

Hi,

 

I have to apologize... I did what you told me with the fix.list but then I ran FRST  and when I realized you had told me to press the fix button instead I tried to stop the program which I could not do since I ran it an administrator from a simple user connection, then  when it was done I pressed the fix button but at one point the program stopped (program does not respond), and I was about to do another try when I noticed that a fix.log had ben edited...and I don't know if it completed the task.

Anyway  very sorry for turning a rather simple process into a complicated one

 

Résultats de correction de Farbar Recovery Scan Tool (x86) Version:27-04-2016
Exécuté par andré (2016-04-29 12:33:16) Run:1
Exécuté depuis C:\Users\andré.numerouno-PC\Desktop
Profils chargés: numerouno & andré (Profils disponibles: numerouno & andré & DefaultAppPool)
Mode d'amorçage: Normal
 
==============================================
 
fixlist contenu:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2398024 2015-11-09] (Link64 GmbH)
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\MountPoints2: {a7853a00-a46a-11e4-b731-001372d8d7a5} - "E:\SETUP.EXE" 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2093125429-631953171-4251856079-1003 -> {C5FA2044-DB2C-4B45-ABEA-64737280FD00} URL = 
S2 HuaweiHiSuiteService.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
Task: {0DDD18BE-BDA5-48EA-8CD4-7FC2BAE2E179} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {1421A7C0-4558-48DE-B481-528AA2AFA20D} - System32\Tasks\{C008076C-7868-4D9B-BE97-2CB3B07AB43B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12002
Task: {1A0B598F-5B3E-4FE2-A17E-355F2AB1444F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {37F62B21-275A-4ABD-A0F3-9D99319D39A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {3B1CF667-CE4F-438A-827A-EA1A72BF9ED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {5059C0FE-C2BF-48F3-A4BA-7C34B5F9CC4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {807250E5-C220-4484-A68B-3D4FCED04E24} - System32\Tasks\{F1833381-19D6-46C8-9230-20AAD98C8A11} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=-3
Task: {8F59E8E0-2ADA-4B3D-B3A9-5A46148DE9E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {A12F544E-709A-4CE7-B3FC-8143D2207ED3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {A4EB3156-02F8-4A3C-9795-29E8A5FA8943} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {AD44F924-2F68-44BE-A34D-A60D0F1EBBB9} - System32\Tasks\{8E10A446-B4E0-49BC-A842-DD321FE4945B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=-9
Task: {B200A0C3-00AA-4DA4-BF50-152C5BF5D9DA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {BFA5C115-70B1-488D-8C68-7A535E3D9240} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {CA279D2C-3D7D-484E-BBB6-D2963981060F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
U3 idsvc; pas de ImagePath
EmptyTemp:
End
*****************
 
Error: (0) Impossible de créer un point de restauration.
Processus fermé avec succès.
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloaderUltimate => valeur supprimé(es) avec succès
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7853a00-a46a-11e4-b731-001372d8d7a5} => clé impossible à supprimer. Accès refusé.
HKCR\CLSID\{a7853a00-a46a-11e4-b731-001372d8d7a5} => clé non trouvé(e). 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur impossible à supprimer.
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C5FA2044-DB2C-4B45-ABEA-64737280FD00} => clé impossible à supprimer. Accès refusé.
HKCR\CLSID\{C5FA2044-DB2C-4B45-ABEA-64737280FD00} => clé non trouvé(e). 
HuaweiHiSuiteService.exe => service impossible à supprimer
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DDD18BE-BDA5-48EA-8CD4-7FC2BAE2E179} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1421A7C0-4558-48DE-B481-528AA2AFA20D} => clé impossible à supprimer. Accès refusé.
Impossible de déplacer "C:\Windows\System32\Tasks\{C008076C-7868-4D9B-BE97-2CB3B07AB43B}" => Planifié pour déplacement au redémarrage.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C008076C-7868-4D9B-BE97-2CB3B07AB43B} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A0B598F-5B3E-4FE2-A17E-355F2AB1444F} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37F62B21-275A-4ABD-A0F3-9D99319D39A3} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B1CF667-CE4F-438A-827A-EA1A72BF9ED8} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5059C0FE-C2BF-48F3-A4BA-7C34B5F9CC4D} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{807250E5-C220-4484-A68B-3D4FCED04E24} => clé impossible à supprimer. Accès refusé.
Impossible de déplacer "C:\Windows\System32\Tasks\{F1833381-19D6-46C8-9230-20AAD98C8A11}" => Planifié pour déplacement au redémarrage.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F1833381-19D6-46C8-9230-20AAD98C8A11} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F59E8E0-2ADA-4B3D-B3A9-5A46148DE9E0} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A12F544E-709A-4CE7-B3FC-8143D2207ED3} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4EB3156-02F8-4A3C-9795-29E8A5FA8943} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD44F924-2F68-44BE-A34D-A60D0F1EBBB9} => clé impossible à supprimer. Accès refusé.
Impossible de déplacer "C:\Windows\System32\Tasks\{8E10A446-B4E0-49BC-A842-DD321FE4945B}" => Planifié pour déplacement au redémarrage.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E10A446-B4E0-49BC-A842-DD321FE4945B} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B200A0C3-00AA-4DA4-BF50-152C5BF5D9DA} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA5C115-70B1-488D-8C68-7A535E3D9240} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA279D2C-3D7D-484E-BBB6-D2963981060F} => clé impossible à supprimer. Accès refusé.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => clé impossible à supprimer. Accès refusé.
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe => déplacé(es) avec succès
idsvc => service impossible à supprimer


#6 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 29 April 2016 - 08:08 AM

It did not work...

Log on to all your user accounts now - without restarting !
Switch to your admin account!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2398024 2015-11-09] (Link64 GmbH)
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\MountPoints2: {a7853a00-a46a-11e4-b731-001372d8d7a5} - "E:\SETUP.EXE" 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2093125429-631953171-4251856079-1003 -> {C5FA2044-DB2C-4B45-ABEA-64737280FD00} URL = 
S2 HuaweiHiSuiteService.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
Task: {0DDD18BE-BDA5-48EA-8CD4-7FC2BAE2E179} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {1421A7C0-4558-48DE-B481-528AA2AFA20D} - System32\Tasks\{C008076C-7868-4D9B-BE97-2CB3B07AB43B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12002
Task: {1A0B598F-5B3E-4FE2-A17E-355F2AB1444F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {37F62B21-275A-4ABD-A0F3-9D99319D39A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {3B1CF667-CE4F-438A-827A-EA1A72BF9ED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {5059C0FE-C2BF-48F3-A4BA-7C34B5F9CC4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {807250E5-C220-4484-A68B-3D4FCED04E24} - System32\Tasks\{F1833381-19D6-46C8-9230-20AAD98C8A11} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=-3
Task: {8F59E8E0-2ADA-4B3D-B3A9-5A46148DE9E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {A12F544E-709A-4CE7-B3FC-8143D2207ED3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {A4EB3156-02F8-4A3C-9795-29E8A5FA8943} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {AD44F924-2F68-44BE-A34D-A60D0F1EBBB9} - System32\Tasks\{8E10A446-B4E0-49BC-A842-DD321FE4945B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=-9
Task: {B200A0C3-00AA-4DA4-BF50-152C5BF5D9DA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {BFA5C115-70B1-488D-8C68-7A535E3D9240} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {CA279D2C-3D7D-484E-BBB6-D2963981060F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
U3 idsvc; pas de ImagePath
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
But this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 andreapi5317

andreapi5317
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 29 April 2016 - 09:48 AM

I hope this is better.

 

 

Résultats de correction de Farbar Recovery Scan Tool (x86) Version:27-04-2016

Exécuté par numerouno (2016-04-29 16:28:20) Run:2
Exécuté depuis C:\Users\andré.numerouno-PC\Desktop
Profils chargés: numerouno & andré (Profils disponibles: numerouno & andré & DefaultAppPool)
Mode d'amorçage: Normal
 
==============================================
 
fixlist contenu:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [2398024 2015-11-09] (Link64 GmbH)
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\...\MountPoints2: {a7853a00-a46a-11e4-b731-001372d8d7a5} - "E:\SETUP.EXE" 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2093125429-631953171-4251856079-1003 -> {C5FA2044-DB2C-4B45-ABEA-64737280FD00} URL = 
S2 HuaweiHiSuiteService.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
Task: {0DDD18BE-BDA5-48EA-8CD4-7FC2BAE2E179} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {1421A7C0-4558-48DE-B481-528AA2AFA20D} - System32\Tasks\{C008076C-7868-4D9B-BE97-2CB3B07AB43B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12002
Task: {1A0B598F-5B3E-4FE2-A17E-355F2AB1444F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {37F62B21-275A-4ABD-A0F3-9D99319D39A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {3B1CF667-CE4F-438A-827A-EA1A72BF9ED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {5059C0FE-C2BF-48F3-A4BA-7C34B5F9CC4D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {807250E5-C220-4484-A68B-3D4FCED04E24} - System32\Tasks\{F1833381-19D6-46C8-9230-20AAD98C8A11} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=-3
Task: {8F59E8E0-2ADA-4B3D-B3A9-5A46148DE9E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {A12F544E-709A-4CE7-B3FC-8143D2207ED3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {A4EB3156-02F8-4A3C-9795-29E8A5FA8943} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {AD44F924-2F68-44BE-A34D-A60D0F1EBBB9} - System32\Tasks\{8E10A446-B4E0-49BC-A842-DD321FE4945B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=-9
Task: {B200A0C3-00AA-4DA4-BF50-152C5BF5D9DA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {BFA5C115-70B1-488D-8C68-7A535E3D9240} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {CA279D2C-3D7D-484E-BBB6-D2963981060F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
U3 idsvc; pas de ImagePath
EmptyTemp:
End
*****************
 
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
HKU\S-1-5-21-2093125429-631953171-4251856079-1003\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloaderUltimate => valeur non trouvé(e).
"HKU\S-1-5-21-2093125429-631953171-4251856079-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7853a00-a46a-11e4-b731-001372d8d7a5}" => clé supprimé(es) avec succès
HKCR\CLSID\{a7853a00-a46a-11e4-b731-001372d8d7a5} => clé non trouvé(e). 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur supprimé(es) avec succès
"HKU\S-1-5-21-2093125429-631953171-4251856079-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C5FA2044-DB2C-4B45-ABEA-64737280FD00}" => clé supprimé(es) avec succès
HKCR\CLSID\{C5FA2044-DB2C-4B45-ABEA-64737280FD00} => clé non trouvé(e). 
HuaweiHiSuiteService.exe => service supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DDD18BE-BDA5-48EA-8CD4-7FC2BAE2E179}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DDD18BE-BDA5-48EA-8CD4-7FC2BAE2E179}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1421A7C0-4558-48DE-B481-528AA2AFA20D}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1421A7C0-4558-48DE-B481-528AA2AFA20D}" => clé supprimé(es) avec succès
C:\Windows\System32\Tasks\{C008076C-7868-4D9B-BE97-2CB3B07AB43B} => non trouvé(e).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C008076C-7868-4D9B-BE97-2CB3B07AB43B}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A0B598F-5B3E-4FE2-A17E-355F2AB1444F}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A0B598F-5B3E-4FE2-A17E-355F2AB1444F}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37F62B21-275A-4ABD-A0F3-9D99319D39A3}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37F62B21-275A-4ABD-A0F3-9D99319D39A3}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B1CF667-CE4F-438A-827A-EA1A72BF9ED8}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B1CF667-CE4F-438A-827A-EA1A72BF9ED8}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5059C0FE-C2BF-48F3-A4BA-7C34B5F9CC4D}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5059C0FE-C2BF-48F3-A4BA-7C34B5F9CC4D}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{807250E5-C220-4484-A68B-3D4FCED04E24}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{807250E5-C220-4484-A68B-3D4FCED04E24}" => clé supprimé(es) avec succès
C:\Windows\System32\Tasks\{F1833381-19D6-46C8-9230-20AAD98C8A11} => non trouvé(e).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F1833381-19D6-46C8-9230-20AAD98C8A11}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F59E8E0-2ADA-4B3D-B3A9-5A46148DE9E0}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F59E8E0-2ADA-4B3D-B3A9-5A46148DE9E0}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A12F544E-709A-4CE7-B3FC-8143D2207ED3}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A12F544E-709A-4CE7-B3FC-8143D2207ED3}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4EB3156-02F8-4A3C-9795-29E8A5FA8943}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4EB3156-02F8-4A3C-9795-29E8A5FA8943}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD44F924-2F68-44BE-A34D-A60D0F1EBBB9}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD44F924-2F68-44BE-A34D-A60D0F1EBBB9}" => clé supprimé(es) avec succès
C:\Windows\System32\Tasks\{8E10A446-B4E0-49BC-A842-DD321FE4945B} => non trouvé(e).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8E10A446-B4E0-49BC-A842-DD321FE4945B}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B200A0C3-00AA-4DA4-BF50-152C5BF5D9DA}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B200A0C3-00AA-4DA4-BF50-152C5BF5D9DA}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFA5C115-70B1-488D-8C68-7A535E3D9240}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA5C115-70B1-488D-8C68-7A535E3D9240}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA279D2C-3D7D-484E-BBB6-D2963981060F}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA279D2C-3D7D-484E-BBB6-D2963981060F}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => clé supprimé(es) avec succès
"C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe" => non trouvé(e).
idsvc => service supprimé(es) avec succès
EmptyTemp: => 2.9 GB données temporaires supprimées.
 
 
Le système a dû redémarrer.
 
==== Fin de Fixlog 16:31:25 ====


#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 29 April 2016 - 10:18 AM

yes, this was better:
avec succès > erfolgreich !

:step1: Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 andreapi5317

andreapi5317
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 29 April 2016 - 01:04 PM

no malware were found by  mbar.exe

 

# AdwCleaner v5.114 - Rapport créé le 29/04/2016 à  19:25:44
# Mis à  jour le 27/04/2016 par Xplode
# Base de données : 2016-04-27.1 [Serveur]
# Système d'exploitation : Windows 10 Pro  (X86)
# Nom d'utilisateur : numerouno - NUMEROUNO-PC
# Exécuté depuis : C:\Users\andré.numerouno-PC\Desktop\AdwCleaner.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
 
***** [ Dossiers ] *****
 
[+] Dossier supprimé : C:\ProgramData\VideoDownloaderUltimateWinApp
[#] Dossier supprimé : C:\ProgramData\Application Data\VideoDownloaderUltimateWinApp
[-] Dossier supprimé : C:\Users\numerouno\AppData\Local\Downloaded Installers
[-] Dossier supprimé : C:\Users\numerouno\Documents\Add-in Express
 
***** [ Fichiers ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Tâches planifiées ] *****
 
 
***** [ Registre ] *****
 
[-] Clé supprimée : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Clé supprimée : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Clé supprimée : HKCU\Software\TeleCharger
[-] Clé supprimée : HKU\S-1-5-21-2093125429-631953171-4251856079-1003\Software\TeleCharger
[-] Valeur supprimée : HKU\S-1-5-21-2093125429-631953171-4251856079-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [VideoDownloaderUltimate]
 
***** [ Navigateurs ] *****
 
[-] [C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default\prefs.js] supprimée : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
[-] [C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default\prefs.js] supprimée : user_pref("browser.search.searchengine.ptid", "smt");
[-] [C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default\prefs.js] supprimée : user_pref("browser.search.searchengine.uid", "ST500DM002-1BD142_W2AV21F0XXXXW2AV21F0");
[-] [C:\Users\numerouno\AppData\Roaming\Mozilla\Firefox\Profiles\dvw4lxry.default\prefs.js] supprimée : user_pref("extensions.APN_TB.first-previous-keyword-url", "");
[-] [C:\Users\andré\AppData\Roaming\Mozilla\Firefox\Profiles\xuenq584.default-1354117616122\prefs.js] supprimée : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1384423459212");
 
*************************
 
:: Clés "Tracing" supprimées
:: Paramètres Winsock réinitialisés
 
*************************
 
\AdwCleaner\AdwCleaner[C1].txt - [2513 octets] - [29/04/2016 19:25:44]
\AdwCleaner\AdwCleaner[C7].txt - [1012 octets] - [07/09/2015 19:30:46]
\AdwCleaner\AdwCleaner[R0].txt - [1764 octets] - [11/11/2014 13:28:17]
\AdwCleaner\AdwCleaner[R1].txt - [3840 octets] - [18/03/2015 00:00:08]
\AdwCleaner\AdwCleaner[R2].txt - [1367 octets] - [04/05/2015 01:07:15]
\AdwCleaner\AdwCleaner[R3].txt - [1509 octets] - [07/06/2015 00:15:20]
\AdwCleaner\AdwCleaner[R4].txt - [1788 octets] - [28/06/2015 14:46:10]
\AdwCleaner\AdwCleaner[R5].txt - [1860 octets] - [28/07/2015 22:49:50]
\AdwCleaner\AdwCleaner[S0].txt - [1834 octets] - [11/11/2014 18:31:29]
\AdwCleaner\AdwCleaner[S1].txt - [7253 octets] - [18/03/2015 00:05:50]
\AdwCleaner\AdwCleaner[S2].txt - [4898 octets] - [04/05/2015 01:11:35]
\AdwCleaner\AdwCleaner[S3].txt - [1577 octets] - [07/06/2015 00:20:23]
\AdwCleaner\AdwCleaner[S4].txt - [1856 octets] - [28/06/2015 14:51:00]
\AdwCleaner\AdwCleaner[S5].txt - [1934 octets] - [28/07/2015 23:11:34]
\AdwCleaner\AdwCleaner[S9].txt - [931 octets] - [07/09/2015 19:23:41]
 
########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [3592 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x86 
Ran by numerouno (Administrator) on 29/04/2016 at 19:47:05,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Program Files\hamster soft (Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/04/2016 at 19:49:50,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ( good evening!)


#10 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 29 April 2016 - 01:36 PM

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 andreapi5317

andreapi5317
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 29 April 2016 - 06:39 PM

Good morning !  I ran the rkill.exe and here is the last malwarebytes report...
  •  
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 29/04/2016
Scan Time: 23:13
Logfile: 
Administrator: No
 
Version: 2.2.1.1043
Malware Database: v2016.04.29.07
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x86
File System: NTFS
User: andré
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389404
Time Elapsed: 17 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 30 April 2016 - 12:22 AM

Good morning !

Your pc had NO malware infection.
We removed only some adware and minor issues!


Here are the last scans to do:

:step1: We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here:
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/



***


:step2: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


:step3: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 andreapi5317

andreapi5317
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 01 May 2016 - 09:39 AM

Hello,

 

Thank you for your help (I am sure my bank will be thrilled to learn that my pc was not infected  after all...). I hope you dont feel I  wasted your time,

amicalement,

André Apicella



#14 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 01 May 2016 - 10:53 AM


***


It Appears That Your Pc Is Now Clean!

***


Clean up:

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 PM

Posted 06 May 2016 - 06:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users