Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le dia


  • This topic is locked This topic is locked
22 replies to this topic

#1 joelar81

joelar81

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 28 April 2016 - 09:54 AM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:39:46, on 2016-04-28
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)
 
 
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
B:\TÉLÉCHARGEMENTS\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
B:\Applications\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://un-stop.org/wpad.dat?565fbce50bc06e34f59c3081a29ed3758398975
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office15\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Default user')
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CF46CF3-B78F-4DB0-BAB7-9A81E295EDB7}: NameServer = 82.163.143.171,82.163.142.173
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CF46CF3-B78F-4DB0-BAB7-9A81E295EDB7}: NameServer = 82.163.143.171,82.163.142.173
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.143.171 82.163.142.173
O17 - HKLM\System\CS2\Services\Tcpip\..\{1CF46CF3-B78F-4DB0-BAB7-9A81E295EDB7}: NameServer = 82.163.143.171,82.163.142.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.171 82.163.142.173
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\UtcResources.dll,-3001 (DiagTrack) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
 
--
End of file - 24895 bytes
 


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:00 PM

Posted 28 April 2016 - 01:09 PM

Hello joelar81, and    :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.   :heart: Please be courteous and appreciative for the assistance provided!

 

  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

 

==========

 

Could you give a brief description of what is going on with your computer that led you to post for assistance.  After that, please follow the next set of instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop (If it goes into your "Downloads" folder, drag and drop it to the Desktop).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


Best Regards,
oneof4.


#3 joelar81

joelar81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 29 April 2016 - 10:50 AM

Hello and first of all a big thank you for your help.
 
Note 1: To answer your first question, I had to install a program by not paying attention to the options during installation. So I have plenty of advertising on my browser (Chrome) dns unlocker I am not able to get rid of. When I click on a page in an open place, a new page opens and it can last 5-6 times and I lost patience and finally all close.
 
Note 2: I copy and paste the 2 files as requested. Everything went well and you can be certain that I will follow all your instructions.
 
FRST.txt
==========
Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Exécuté par Sylvie & Rémi (administrateur) sur ASUS (22-04-2016 17:01:58)
Exécuté depuis C:\Users\Sylvie & Rémi\Desktop
Profils chargés: Sylvie & Rémi (Profils disponibles: Sylvie & Rémi)
Platform: Microsoft Windows 7 Édition Intégrale  Service Pack 1 (X86) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
 
==================== Processus (Avec liste blanche) =================
 
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
 
 
==================== Registre (Avec liste blanche) ===========================
 
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2015-10-18] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\Run: [WebcamMaxAutoRun] => C:\Program Files\WebcamMax\WebcamMax.exe [1561232 2010-12-07] (CoolwareMax)
HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\Run: [iCloudPhotos] => C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2015-10-18]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Avec liste blanche) ====================
 
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{1CF46CF3-B78F-4DB0-BAB7-9A81E295EDB7}: [NameServer] 82.163.143.171,82.163.142.173
Tcpip\..\Interfaces\{1CF46CF3-B78F-4DB0-BAB7-9A81E295EDB7}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://un-stop.org/wpad.dat?565fbce50bc06e34f59c3081a29ed3758398975
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-07] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-07] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxps://www.google.ca/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.ca/"
CHR Profile: C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-18]
CHR Extension: (Google Docs) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-18]
CHR Extension: (Google Drive) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
CHR Extension: (Adblock Plus) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-09]
CHR Extension: (Recherche Google) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Google Sheets) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-18]
CHR Extension: (Google Docs hors connexion) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-24]
CHR Extension: (Skype) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-24]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-18]
CHR Extension: (Gmail) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-18]
CHR Profile: C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-07]
CHR Extension: (Google Docs) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-07]
CHR Extension: (Google Drive) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
CHR Extension: (YouTube) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-07]
CHR Extension: (Adblock Plus) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-12]
CHR Extension: (Recherche Google) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
CHR Extension: (Google Sheets) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-07]
CHR Extension: (Google Docs hors connexion) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16]
CHR Extension: (Skype) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-22]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Sylvie & Rémi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-07]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Avec liste blanche) ========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-08-01] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-08-01] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Pilotes (Avec liste blanche) ==========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [94208 2015-10-18] (ELAN Microelectronic Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 catchme; \??\C:\Users\SYLVIE~1\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Avec liste blanche) ===================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
 
==================== Un mois - Créés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2016-04-22 17:01 - 2016-04-22 17:02 - 00016645 _____ C:\Users\Sylvie & Rémi\Desktop\FRST.txt
2016-04-22 16:57 - 2016-04-22 16:57 - 00000000 _____ C:\Users\Sylvie & Rémi\Desktop\Nouveau document texte.txt
2016-04-22 16:56 - 2016-04-22 16:54 - 01726464 _____ (Farbar) C:\Users\Sylvie & Rémi\Desktop\FRST.exe
2016-04-22 16:55 - 2016-04-22 17:01 - 00000000 ____D C:\FRST
2016-04-22 16:49 - 2016-04-22 16:50 - 00000000 ____D C:\AdwCleaner
2016-04-16 17:22 - 2016-04-05 09:36 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20160416-172238.backup
2016-04-12 18:17 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-04-12 18:17 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 18:17 - 2016-03-17 18:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-12 18:17 - 2016-03-17 18:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-12 18:17 - 2016-03-17 18:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-12 18:17 - 2016-03-17 18:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-12 18:17 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-12 18:17 - 2016-03-17 18:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-12 18:17 - 2016-03-17 18:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-12 18:17 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-12 18:17 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-12 18:17 - 2016-03-17 18:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-12 18:17 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-12 18:17 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-12 18:17 - 2016-03-17 18:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-12 18:17 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-12 18:17 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-12 18:17 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 18:17 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-12 18:17 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-12 18:17 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-12 18:17 - 2016-03-17 18:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 18:17 - 2016-03-17 18:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-12 18:17 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 18:17 - 2016-03-17 18:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-12 18:17 - 2016-03-17 18:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-12 18:17 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 17:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-12 18:17 - 2016-03-17 17:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-12 18:17 - 2016-03-17 17:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-12 18:17 - 2016-03-17 17:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-12 18:17 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-12 18:17 - 2016-03-17 17:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-12 18:17 - 2016-03-17 17:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-12 18:17 - 2016-03-17 17:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-12 18:17 - 2016-03-17 17:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-12 18:17 - 2016-03-17 17:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-12 18:17 - 2016-03-17 17:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-12 18:17 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-12 18:17 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-12 18:17 - 2016-03-17 17:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-12 18:17 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 18:17 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-12 18:17 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-04-12 18:17 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 18:17 - 2016-02-02 14:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-12 18:15 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-12 18:15 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 18:15 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-12 18:15 - 2016-03-30 20:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-12 18:15 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-12 18:15 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-12 18:15 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-12 18:15 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-12 18:15 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-12 18:15 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 18:15 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-12 18:15 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-12 18:15 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-12 18:15 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-12 18:15 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-12 18:15 - 2016-03-30 19:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-12 18:15 - 2016-03-30 19:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-12 18:15 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-12 18:15 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-12 18:15 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-12 18:15 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-12 18:15 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-12 18:15 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-12 18:15 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-12 18:15 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-12 18:15 - 2016-03-30 19:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-12 18:15 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-12 18:15 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 18:15 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 18:15 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-12 18:14 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-12 18:14 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-12 18:14 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-12 18:14 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-12 18:14 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 18:14 - 2016-03-15 19:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 18:14 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 18:13 - 2016-04-04 13:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-12 18:13 - 2016-04-04 13:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-12 18:13 - 2016-04-02 09:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-12 18:13 - 2016-03-29 13:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 18:13 - 2016-03-23 10:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-12 18:13 - 2016-03-17 14:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-12 18:13 - 2016-03-17 14:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-12 18:13 - 2016-03-17 14:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-12 18:13 - 2016-03-17 14:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 18:13 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 18:13 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 18:13 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 18:13 - 2016-02-05 14:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 18:13 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-12 18:13 - 2016-01-20 20:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-12 18:13 - 2015-06-03 16:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-11 20:02 - 2016-04-11 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-04-10 22:23 - 2016-04-10 22:23 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-07 11:25 - 2016-04-07 11:25 - 00000000 ____D C:\Program Files\Common Files\Java
2016-04-05 11:21 - 2016-04-05 11:21 - 00001760 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-05 11:21 - 2016-04-05 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-05 11:21 - 2016-04-05 11:21 - 00000000 ____D C:\Program Files\iTunes
2016-04-05 11:21 - 2016-04-05 11:21 - 00000000 ____D C:\Program Files\iPod
2016-04-03 22:11 - 2016-04-16 11:10 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-04-03 22:00 - 2016-04-03 22:00 - 00002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sim-Emu 6.02 Configurator v2.2.lnk
2016-04-03 22:00 - 2016-04-03 22:00 - 00002011 _____ C:\Users\Public\Desktop\Sim-Emu 6.02 Configurator v2.2.lnk
2016-04-03 22:00 - 2016-04-03 22:00 - 00000000 ____D C:\Program Files\Sim-Emu 6.02 Configurator
2016-04-03 21:50 - 2016-04-03 21:50 - 00000000 ____D C:\Users\Sylvie & Rémi\AppData\Roaming\SpringFiles
2016-04-03 20:58 - 2016-04-06 10:59 - 00000205 _____ C:\Users\Sylvie & Rémi\Desktop\Shopping.txt
2016-04-03 20:26 - 2016-04-03 20:26 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-03 20:05 - 2016-04-16 19:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-03 20:05 - 2016-04-03 20:05 - 00002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-04-03 20:05 - 2016-04-03 20:05 - 00002130 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-04-03 20:05 - 2016-04-03 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-04-03 20:05 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2016-04-03 20:04 - 2016-04-03 20:50 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-03-30 21:17 - 2016-03-30 21:18 - 00000000 ____D C:\ProgramData\71f70411-1605-1
2016-03-30 21:17 - 2016-03-30 21:18 - 00000000 ____D C:\ProgramData\71f70411-0825-0
2016-03-29 18:17 - 2016-03-29 18:17 - 00000000 ____D C:\ProgramData\71f70411-7063-0
2016-03-29 18:17 - 2016-03-29 18:17 - 00000000 ____D C:\ProgramData\71f70411-0ae3-1
2016-03-28 21:27 - 2016-03-28 21:27 - 00000000 ____D C:\ProgramData\71f70411-3ab1-1
2016-03-28 21:27 - 2016-03-28 21:27 - 00000000 ____D C:\ProgramData\71f70411-25f3-0
2016-03-28 12:50 - 2016-03-28 12:50 - 00000000 ____D C:\ProgramData\71f70411-4a87-0
2016-03-28 12:50 - 2016-03-28 12:50 - 00000000 ____D C:\ProgramData\71f70411-2a13-1
2016-03-28 06:50 - 2016-03-28 06:50 - 00000000 ____D C:\ProgramData\71f70411-2e27-1
2016-03-28 06:50 - 2016-03-28 06:50 - 00000000 ____D C:\ProgramData\71f70411-0c13-0
2016-03-28 00:50 - 2016-03-28 00:50 - 00000000 ____D C:\ProgramData\71f70411-7cb1-1
2016-03-28 00:50 - 2016-03-28 00:50 - 00000000 ____D C:\ProgramData\71f70411-02a7-0
2016-03-28 00:45 - 2016-03-30 21:18 - 00000000 ____D C:\ProgramData\{390847ff-412c-1}
2016-03-28 00:45 - 2016-03-30 21:18 - 00000000 ____D C:\ProgramData\{0b6c5dc4-612c-0}
2016-03-28 00:45 - 2016-03-30 21:18 - 00000000 ____D C:\ProgramData\{08bbe235-612c-0}
2016-03-28 00:45 - 2016-03-28 00:45 - 00000000 ____D C:\ProgramData\71f70411-3205-0
 
==================== Un mois - Modifiés - fichiers et dossiers ========
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
 
2016-04-22 16:56 - 2009-07-14 00:34 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-22 16:56 - 2009-07-14 00:34 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-22 16:44 - 2016-03-15 10:40 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-22 16:41 - 2015-10-18 10:21 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-22 11:39 - 2011-04-11 21:35 - 00747154 _____ C:\Windows\system32\perfh00C.dat
2016-04-22 11:39 - 2011-04-11 21:35 - 00149646 _____ C:\Windows\system32\perfc00C.dat
2016-04-22 11:39 - 2010-11-20 17:01 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-22 11:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-04-22 11:32 - 2016-03-13 17:25 - 00000000 ___RD C:\Users\Sylvie & Rémi\iCloudDrive
2016-04-22 11:32 - 2015-10-18 10:21 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-22 11:31 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-22 03:57 - 2015-10-18 13:13 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-16 11:22 - 2015-10-18 14:28 - 00000000 ____D C:\Program Files\TeamViewer
2016-04-16 11:13 - 2015-12-16 12:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-14 03:01 - 2016-02-22 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-13 11:01 - 2009-07-14 00:33 - 00434368 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 10:59 - 2015-12-08 18:19 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-11 20:10 - 2015-12-18 16:18 - 00000000 ____D C:\Users\Sylvie & Rémi\AppData\Roaming\qBittorrent
2016-04-11 20:02 - 2015-12-18 16:18 - 00000000 ____D C:\Users\Sylvie & Rémi\AppData\Local\qBittorrent
2016-04-11 20:02 - 2015-12-18 16:18 - 00000000 ____D C:\Program Files\qBittorrent
2016-04-11 15:38 - 2015-10-18 10:22 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 15:38 - 2015-10-18 10:22 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-10 22:47 - 2015-12-22 23:02 - 00000000 ____D C:\Users\Sylvie & Rémi\AppData\Roaming\vlc
2016-04-10 22:44 - 2016-03-15 10:40 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-10 22:44 - 2016-03-15 10:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-10 22:23 - 2016-03-22 16:47 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-04-07 13:55 - 2015-12-21 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-07 13:55 - 2015-12-21 10:17 - 00000000 ____D C:\Program Files\Java
2016-04-07 11:25 - 2015-12-21 10:35 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-04-07 11:25 - 2015-12-21 10:18 - 00000000 ____D C:\Users\Sylvie & Rémi\.oracle_jre_usage
2016-04-05 11:21 - 2015-12-19 14:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-03 21:49 - 2015-10-18 10:03 - 00001635 _____ C:\Users\Sylvie & Rémi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-31 19:41 - 2016-03-14 19:05 - 00000000 ____D C:\ProgramData\a2ad5047
2016-03-30 15:19 - 2016-03-15 10:38 - 00000000 ____D C:\ProgramData\WebcamMax
2016-03-28 00:45 - 2016-03-21 06:18 - 00000000 ____D C:\ProgramData\71f70411-6f97-1
2016-03-28 00:45 - 2016-03-21 06:18 - 00000000 ____D C:\ProgramData\71f70411-60a1-0
2016-03-25 03:00 - 2015-12-09 11:58 - 00000000 ___SD C:\Windows\system32\GWX
 
==================== Fichiers à la racine de certains dossiers =======
 
2015-12-21 10:27 - 2015-12-21 10:27 - 0000036 _____ () C:\Users\Sylvie & Rémi\AppData\Roaming\SuYZkvrV.tmp
 
Certains fichiers dans TEMP:
====================
C:\Users\Sylvie & Rémi\AppData\Local\temp\jre-8u77-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
 
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
 
 
LastRegBack: 2016-04-18 09:58
 
==================== End FRST.txt ============================
 
 
 
Addition.txt
===========
Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x86) Version:18-04-2016
Exécuté par Sylvie & Rémi (2016-04-22 17:03:09)
Exécuté depuis C:\Users\Sylvie & Rémi\Desktop
Microsoft Windows 7 Édition Intégrale  Service Pack 1 (X86) (2015-10-18 14:03:05)
Mode d'amorçage: Normal
==========================================================
 
 
==================== Comptes: =============================
 
Administrateur (S-1-5-21-2719286028-2732615489-1206259057-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2719286028-2732615489-1206259057-1005 - Limited - Enabled)
Invité (S-1-5-21-2719286028-2732615489-1206259057-501 - Limited - Disabled)
Sylvie & Rémi (S-1-5-21-2719286028-2732615489-1206259057-1000 - Administrator - Enabled) => C:\Users\Sylvie & Rémi
 
==================== Centre de sécurité ========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Programmes installés ======================
 
(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)
 
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Apple Application Support (32 bits) (HKLM\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.18.64 - Conexant)
DVDFab 9.2.2.8 (02/02/2016) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
iCloud (HKLM\...\{C3867553-D9F8-416E-8F14-EFF234A48577}) (Version: 5.1.0.34 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{3079C5C8-325A-4354-A733-456BACA1E5FB}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x86) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.4.0 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 fr) (HKLM\...\Mozilla Thunderbird 38.5.0 (x86 fr)) (Version: 38.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{38B96E8B-8A5E-4B10-A8B3-4F5DF4CBA439}) (Version: 9.5.3.8 - Nitro)
Office 2016  KMS Activator Ultimate v1.1 Final (HKLM\...\Office 2016  KMS Activator Ultimate v1.1 Final_is1) (Version: v1.1 Final - )
Office 2016  KMS Activator Ultimate v1.2 Final (HKLM\...\Office 2016  KMS Activator Ultimate v1.2 Final_is1) (Version: v1.2 Final - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
qBittorrent 3.3.4 (HKLM\...\qBittorrent) (Version: 3.3.4 - The qBittorrent project)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Sim-Emu 6.02 Configurator - Version 2.2 (HKLM\...\{549CF99F-4548-4FCE-B50D-B83264D280A1}) (Version: 1.00.0000 - Sim_Emu)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{8D97B9A2-D73D-4CB6-9D1F-D25178AC4EDE}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebcamMax (HKLM\...\WebcamMax) (Version: 7.2.0.6.MultiLanguage - )
WinRAR 5.30 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
 
==================== Personnalisé CLSID (Avec liste blanche): ==========================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
 
==================== Tâches planifiées (Avec liste blanche) =============
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
Task: {2A3514D6-3846-4399-9192-2A17822FFE58} - System32\Tasks\{D4461F0E-04CC-239C-1104-F77110CFE60B} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\a2ad5047\cc2e4a1b.dll" <==== ATTENTION
Task: {37A9B78C-D201-44CA-A323-068C15E6C13B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {3CFFCCF3-799B-4E80-AEF9-A6611BBA92D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)
Task: {40F636E9-7054-4592-ADC1-53A0B40A857A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {468179AB-29E8-4CEB-BB39-09E0A250D249} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {48850C81-8CB9-4582-91A6-B48B87E39919} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {50677EA2-2660-453B-A6DA-F0D02D744E5F} - System32\Tasks\{719F6D2C-B07C-413F-82CF-3E848DA74817} => pcalua.exe -a C:\Users\SYLVIE~1\AppData\Local\Temp\jre-8u77-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {5AB67A8D-CD95-4A43-BEB0-71F55619E867} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5D71A4CF-1D17-4627-8FB8-EB3B53FD5F85} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CA6332BA-B694-434A-B670-560461AE465B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CD8A2F06-54AA-47DC-9160-6E2805D4F94D} - System32\Tasks\AutoPico Daily Restart => C:\Users\SYLVIE~1\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION
Task: {D2AE55D4-B9A4-41DF-88C7-5BD3136E6139} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-18] (Google Inc.)
Task: {F0D8E201-B453-457B-8E94-89AD4D357771} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F2506F64-9590-4A5B-8E57-C1460B117995} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-10] (Adobe Systems Incorporated)
 
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Raccourcis =============================
 
(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)
 
ShortcutWithArgument: C:\Users\Sylvie & Rémi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1459734542&a=1003081&src=sh&uuid=ade2fb93-1237-433a-97c6-93d9b8aa6974"
ShortcutWithArgument: C:\Users\Sylvie & Rémi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1459734542&a=1003081&src=sh&uuid=ade2fb93-1237-433a-97c6-93d9b8aa6974"
ShortcutWithArgument: C:\Users\Sylvie & Rémi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1459734542&a=1003081&src=sh&uuid=ade2fb93-1237-433a-97c6-93d9b8aa6974"
ShortcutWithArgument: C:\Users\Sylvie & Rémi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1459734542&a=1003081&src=sh&uuid=ade2fb93-1237-433a-97c6-93d9b8aa6974"
ShortcutWithArgument: C:\Users\Sylvie & Rémi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1459734542&a=1003081&src=sh&uuid=ade2fb93-1237-433a-97c6-93d9b8aa6974"
ShortcutWithArgument: C:\Users\Sylvie & Rémi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1459734542&a=1003081&src=sh&uuid=ade2fb93-1237-433a-97c6-93d9b8aa6974"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1459734542&a=1003081&src=sh&uuid=ade2fb93-1237-433a-97c6-93d9b8aa6974"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1459734542&a=1003081&src=sh&uuid=ade2fb93-1237-433a-97c6-93d9b8aa6974"
 
==================== Modules chargés (Avec liste blanche) ==============
 
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-01 17:20 - 2014-08-01 17:20 - 00392712 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2016-04-03 20:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-03 20:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-03 20:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-03 20:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-04-03 20:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00237328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
 
==================== Alternate Data Streams (Avec liste blanche) =========
 
(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Mode sans échec (Avec liste blanche) ===================
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)
 
 
==================== EXE Association (Avec liste blanche) ===============
 
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)
 
 
==================== Internet Explorer sites de confiance/sensibles ===============
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
Il y a 7887 plus de sites.
 
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\...\123simsen.com -> www.123simsen.com
 
Il y a 7887 plus de sites.
 
 
==================== Hosts contenu: ==========================
 
(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)
 
2009-07-13 22:04 - 2016-04-16 17:22 - 00450997 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
Il y a 15500 plus de lignes.
 
 
==================== Autres zones ============================
 
(Actuellement, il n'y a pas de correction automatique pour cette section.)
 
HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sylvie & Rémi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.171 - 82.163.142.173
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu is disabled.
 
==================== MSCONFIG/TASK MANAGER éléments désactivés ==
 
(Actuellement, il n'y a pas de correction automatique pour cette section.)
 
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== RèglesPare-feu (Avec liste blanche) ===============
 
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
 
FirewallRules: [{39373347-21DB-4D67-A3DE-95FEFA9D7482}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D84F49F1-F629-404B-A8AB-52AB7E1B5998}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{71E5826A-3C01-491F-8647-CCAFA7D85878}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85C225BE-E195-43FF-AFC2-307A29913DE3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2F1E67CA-4A71-44E8-B4AC-C49CD6D1681A}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{73D295D7-1DFD-407D-B626-A04DA948E052}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{E13DE343-0B43-4BAE-8A69-B9CD50DA7100}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{FE56A2D7-06E7-456C-A7E5-B8DD1BCAE3D2}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [{0E75230C-DD9D-4872-9511-41CBCFA0A7A6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{2426B3A2-2656-4347-9FE4-38D5C2CF01C3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{9EC9365E-6E95-4A5C-B1B0-228B0035200A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D98E67A8-A469-4029-B092-26AA2F38F86C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0EF816D2-12F2-47BA-8D8C-6A812E290918}] => (Allow) C:\Program Files\KMS Activator Ultimate\Office 2016  KMS Activator Ultimate v1.1.exe
FirewallRules: [{74939BEC-0071-4C6D-AEA0-270DA2DCC619}] => (Allow) C:\Program Files\KMS Activator Ultimate\Office 2016  KMS Activator Ultimate v1.1.exe
FirewallRules: [{6F49B572-B1CA-4A0C-9D33-934C66A7A342}] => (Allow) C:\Program Files\KMS Activator Ultimate\Office 2016  KMS Activator Ultimate v1.1.exe
FirewallRules: [{F951B7C0-503C-44B0-BD20-8940FA661EC5}] => (Allow) C:\Program Files\KMS Activator Ultimate\Office 2016  KMS Activator Ultimate v1.1.exe
FirewallRules: [{5596EA9F-60CD-4832-A391-91BCE24B450C}] => (Allow) C:\Program Files\KMS Activator Ultimate\Advanced Tokens Manager.exe
FirewallRules: [{51B92415-4BB8-4E48-A5A5-8E51C1167B0C}] => (Allow) C:\Program Files\KMS Activator Ultimate\Advanced Tokens Manager.exe
FirewallRules: [{6FCF5FD7-0B65-4D34-96C3-7E11007954B1}] => (Allow) C:\Program Files\KMS Activator Ultimate\Advanced Tokens Manager.exe
FirewallRules: [{367C80A4-BACE-4123-8E64-DEAA222710E9}] => (Allow) C:\Program Files\KMS Activator Ultimate\Advanced Tokens Manager.exe
FirewallRules: [{9660E04F-9F78-4C9D-B0EC-038BF482ACE2}] => (Allow) C:\Program Files\KMS Activator Ultimate\Advanced Tokens Manager.exe
FirewallRules: [{EA9A27F6-D90B-45B6-A99E-5269F27F7515}] => (Allow) C:\Program Files\KMS Activator Ultimate\Advanced Tokens Manager.exe
FirewallRules: [{04E5DC71-BEE5-4C0A-901B-76ACBADEE259}] => (Allow) C:\Program Files\KMS Activator Ultimate\Office 2016  KMS Activator Ultimate v1.1.exe
FirewallRules: [{10968B27-4E0C-4549-A22E-A357ABAF23D2}] => (Allow) C:\Program Files\KMS Activator Ultimate\Office 2016  KMS Activator Ultimate v1.1.exe
FirewallRules: [{09AACC9E-9A29-49F6-873E-3AAB089D6B30}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C89A40F7-772D-4DF4-83AF-866738830CE9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E427F4B4-6D85-46BD-8489-D11086DD495B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{12258440-6C40-4FF4-B37C-A0F31A83771B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5DE3FB4C-0B22-4D94-8C35-2F35BEBD85AB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{80B66BCF-A2C2-486D-AD84-C649FB8ABA99}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{CF3C5197-24E4-432A-A6CA-9F7F58C024E3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EB8A4175-1A83-4330-A5F2-F5B23F888CA1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{20CF5D93-07A8-48BA-A62C-88AB634D6853}] => (Allow) C:\Program Files\SrpnFiles\SrpnFiles.exe
FirewallRules: [{B240FA92-32B1-407B-8C05-FC9EDB0BED98}] => (Allow) C:\Program Files\SrpnFiles\SrpnFiles.exe
FirewallRules: [{A6B0BD0F-249B-495F-B860-ABC9827C36AD}] => (Allow) C:\Program Files\SrpnFiles\downloader.exe
FirewallRules: [{288643AC-7D7D-4566-AF96-6538F278EAF3}] => (Allow) C:\Program Files\SrpnFiles\downloader.exe
FirewallRules: [{4F3EC655-A7A4-4900-9796-8CF49EF0ADB0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C44EDC99-27A8-40CE-9CC2-D242C68D1FA9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2BEBFA4B-91DD-4E2C-917D-D13166E7CAB9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{35BD3F3D-CA8E-41EF-BCD7-25C603941F9D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CF02740E-0D73-45C5-B6EF-E3966551CC2D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7B81D6AB-5EFB-4E69-B5E7-7763320D2C8E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{800A6FA8-144F-4DD4-8D6D-A92D78DE3FBD}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{CF8D74D5-B7CD-4C71-91F7-7277EA9B5BF7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Points de restauration =========================
 
13-04-2016 09:07:05 Windows Update
14-04-2016 03:00:12 Windows Update
16-04-2016 17:36:30 Microsoft Antimalware Checkpoint
18-04-2016 09:21:35 Windows Update
22-04-2016 11:43:43 Windows Update
 
==================== Éléments en erreur du Gestionnaire de périphériques =============
 
Name: Périphérique système de base
Description: Périphérique système de base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Périphérique Bluetooth
Description: Périphérique Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Contrôleur Ethernet
Description: Contrôleur Ethernet
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Périphérique Bluetooth
Description: Périphérique Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Souris Microsoft PS/2
Description: Souris Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Périphérique Bluetooth
Description: Périphérique Bluetooth
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Périphérique système de base
Description: Périphérique système de base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Périphérique système de base
Description: Périphérique système de base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Erreurs du Journal des événements: =========================
 
Erreurs Application:
==================
Error: (04/22/2016 04:41:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 953930
 
Error: (04/22/2016 04:41:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 953930
 
Error: (04/22/2016 04:41:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/22/2016 04:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 552743
 
Error: (04/22/2016 04:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 552743
 
Error: (04/22/2016 04:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/22/2016 03:44:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11943311
 
Error: (04/22/2016 03:44:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11943311
 
Error: (04/22/2016 03:44:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/22/2016 12:17:33 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
 
Erreurs système:
=============
Error: (04/22/2016 04:41:21 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Le pilote Bluetooth attendait un événement HCI d'une certaine taille mais ne l'a pas reçu.
 
Error: (04/22/2016 04:41:20 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique.
 
Error: (04/22/2016 04:41:20 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique.
 
Error: (04/22/2016 04:17:20 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Le pilote Bluetooth attendait un événement HCI d'une certaine taille mais ne l'a pas reçu.
 
Error: (04/22/2016 04:17:19 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique.
 
Error: (04/22/2016 04:17:19 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique.
 
Error: (04/22/2016 03:58:16 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Le pilote Bluetooth attendait un événement HCI d'une certaine taille mais ne l'a pas reçu.
 
Error: (04/22/2016 03:58:15 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique.
 
Error: (04/22/2016 03:58:15 PM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique.
 
Error: (04/22/2016 03:50:15 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Le pilote Bluetooth attendait un événement HCI d'une certaine taille mais ne l'a pas reçu.
 
 
==================== Infos Mémoire =========================== 
 
Processeur: Intel® Pentium® CPU P6200 @ 2.13GHz
Pourcentage de mémoire utilisée: 35%
Mémoire physique - RAM - totale: 2988.38 MB
Mémoire physique - RAM - disponible: 1921.15 MB
Mémoire virtuelle totale: 5975.08 MB
Mémoire virtuelle disponible: 4593.13 MB
 
==================== Lecteurs ================================
 
Drive b: (DONNEES) (Fixed) (Total:232.28 GB) (Free:143.07 GB) NTFS
Drive c: (WINDOWS) (Fixed) (Total:233.38 GB) (Free:2.46 GB) NTFS
Drive d: (BACK_TO_THE_FUTURE) (CDROM) (Total:7.94 GB) (Free:0 GB) UDF
 
==================== MBR & Table des partitions ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C5AC089A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
 
==================== Fin de Addition.txt ============================
 
Thank you again Oneof4


#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:00 PM

Posted 29 April 2016 - 04:33 PM

Hello joelar81, :)

 

I have a question: Are you located in Israel?

 

Please follow the next set of instructions:

 

Download attached fixlist.txt file and save it to the Desktop.

 


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, please update me on how your computer is doing after running the fix.

<script src="safari-extension://com.ebay.safari.myebaymanager-QYHMMGCMJR/b808c38a/background/helpers/prefilterHelper.js" type="text/javascript"> </script>

Attached Files


Best Regards,
oneof4.


#5 joelar81

joelar81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 02 May 2016 - 10:45 AM

Hello, sorry for being so late. The weekend is booked with my family you understand? No, I'm not in Israel but Canada :) especially Quebec. I am ready to finalize it with you today.
 
I did what you asked. If I do not open my browser, everything goes fine. I also have an audio alert in a blue page that often appears indicating a critical condition.
 
========================
Here is the file fixlog.txt
========================
 
Résultats de correction de Farbar Recovery Scan Tool (x86) Version:18-04-2016
Exécuté par Sylvie & Rémi (2016-05-02 11:30:04) Run:1
Exécuté depuis C:\Users\Sylvie & Rémi\Desktop
Profils chargés: Sylvie & Rémi (Profils disponibles: Sylvie & Rémi)
Mode d'amorçage: Normal
 
==============================================
 
fixlist contenu:
*****************
CreateRestorePoint:
 
CloseProcesses:
 
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
C:\Users\Sylvie & Rémi\AppData\Local\temp\jre-8u77-windows-au.exe
Task: {2A3514D6-3846-4399-9192-2A17822FFE58} - System32\Tasks\{D4461F0E-04CC-239C-1104-F77110CFE60B} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\a2ad5047\cc2e4a1b.dll" <==== ATTENTION
Task: {CD8A2F06-54AA-47DC-9160-6E2805D4F94D} - System32\Tasks\AutoPico Daily Restart => C:\Users\SYLVIE~1\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
 
 
*****************
 
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => clé supprimé(es) avec succès
"HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => clé supprimé(es) avec succès
C:\Users\Sylvie & Rémi\AppData\Local\temp\jre-8u77-windows-au.exe => déplacé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A3514D6-3846-4399-9192-2A17822FFE58}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A3514D6-3846-4399-9192-2A17822FFE58}" => clé supprimé(es) avec succès
C:\Windows\System32\Tasks\{D4461F0E-04CC-239C-1104-F77110CFE60B} => déplacé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D4461F0E-04CC-239C-1104-F77110CFE60B}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD8A2F06-54AA-47DC-9160-6E2805D4F94D}" => clé supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD8A2F06-54AA-47DC-9160-6E2805D4F94D}" => clé supprimé(es) avec succès
C:\Windows\System32\Tasks\AutoPico Daily Restart => déplacé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => clé supprimé(es) avec succès
C:\Windows => ":nlsPreferences" ADS supprimé(es) avec succès.
 
 
Le système a dû redémarrer.
 
==== Fin de Fixlog 11:30:19 ====
 
 
 
Thanks again
 
joelar


#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:00 PM

Posted 02 May 2016 - 09:22 PM

Hey, :)

 

Good job with the first fix, now let's run another one.  Your confirmation that you are not in Israel leads me to believe that your router has been compromised.  You have ip addresses in your internet Tcpip that point to servers located in Tel Aviv Israel.

After applying this fix, I would encourage you to do a complete reset of your router and change its default name and password.

 

First, let's run the fix:

 

Download attached fixlist.txt file and save it to the Desktop.

 


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, please update me on how your computer is doing after running the fix and resetting your router.

<script src="safari-extension://com.ebay.safari.myebaymanager-QYHMMGCMJR/145f1a52/background/helpers/prefilterHelper.js" type="text/javascript"> </script>

Attached Files


Best Regards,
oneof4.


#7 joelar81

joelar81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 03 May 2016 - 07:50 AM

Hi

 

Résultats de correction de Farbar Recovery Scan Tool (x86) Version:18-04-2016
Exécuté par Sylvie & Rémi (2016-05-03 08:45:51) Run:2
Exécuté depuis C:\Users\Sylvie & Rémi\Desktop
Profils chargés: Sylvie & Rémi (Profils disponibles: Sylvie & Rémi)
Mode d'amorçage: Normal
 
==============================================
 
fixlist contenu:
*****************
CreateRestorePoint:
 
CloseProcesses:
 
 
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{1CF46CF3-B78F-4DB0-BAB7-9A81E295EDB7}: [NameServer] 82.163.143.171,82.163.142.173
ManualProxies: 0hxxp://un-stop.org/wpad.dat?565fbce50bc06e34f59c3081a29ed3758398975
 
 
 
 
*****************
 
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => clé supprimé(es) avec succès
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => valeur supprimé(es) avec succès
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CF46CF3-B78F-4DB0-BAB7-9A81E295EDB7}\\NameServer => valeur supprimé(es) avec succès
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => valeur supprimé(es) avec succès
 
 
Le système a dû redémarrer.
 
==== Fin de Fixlog 08:46:10 ====


#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:00 PM

Posted 03 May 2016 - 10:38 AM

Did you successfully reset your router?
 
How is your computer behaving now?
 
Please run the following:
 

Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List Devices
  • List Users, Partitions and Memory size.
  • List Restore Points

Click Go and post the result (mtb.txt). A copy of mtb.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Edited by oneof4, 03 May 2016 - 10:39 AM.

Best Regards,
oneof4.


#9 joelar81

joelar81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 03 May 2016 - 10:57 AM

Hi,

 

Yes my router is reset

 

===============

Result of mtb.txt

===============

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Sylvie & Rémi (administrator) on 03-05-2016 at 11:55:52
Running from "C:\Users\Sylvie & Rémi\Desktop"
Microsoft Windows 7 Édition Intégrale  Service Pack 1 (X86)
Model: K52F Manufacturer: ASUSTeK Computer Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configuration IP de Windows
 
Cache de r�solution DNS vid�.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15500 entries.
 
========================= IP Configuration: ================================
 
Carte réseau sans fil Atheros AR9285 = Connexion réseau sans fil (Connected)
 
 
# ----------------------------------
# Configuration du protocole IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# Fin de la configuration du protocole IPv4
 
 
 
Configuration IP de Windows
 
   Nom de l'h“te . . . . . . . . . . : ASUS
   Suffixe DNS principal . . . . . . : 
   Type de noeud. . . . . . . . . .  : Hybride
   Routage IP activ‚ . . . . . . . . : Non
   Proxy WINS activ‚ . . . . . . . . : Non
   Liste de recherche du suffixe DNS.: local
 
Carte r‚seau sans fil Connexion r‚seau sans filÿ:
 
   Suffixe DNS propre … la connexion. . . : local
   Description. . . . . . . . . . . . . . : Carte r‚seau sans fil Atheros AR9285
   Adresse physique . . . . . . . . . . . : 48-5D-60-C4-D2-BA
   DHCP activ‚. . . . . . . . . . . . . . : Oui
   Configuration automatique activ‚e. . . : Oui
   Adresse IPv6 de liaison locale. . . . .: fe80::7875:62fa:3300:c76%11(pr‚f‚r‚) 
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.0.126(pr‚f‚r‚) 
   Masque de sous-r‚seau. . . .ÿ. . . . . : 255.255.255.0
   Bail obtenu. . . . . . . . .ÿ. . . . . : 3 mai 2016 08:47:21
   Bail expirant. . . . . . . . .ÿ. . . . : 3 mai 2016 23:53:45
   Passerelle par d‚faut. . . .ÿ. . . . . : 192.168.0.1
   Serveur DHCP . . . . . . . . . . . . . : 192.168.0.1
   IAID DHCPv6 . . . . . . . . . . . : 189291872
   DUID de client DHCPv6. . . . . . . . : 00-01-00-01-1D-B5-61-28-48-5D-60-C4-D2-BA
   Serveurs DNS. . .  . . . . . . . . . . : 192.168.0.1
                              96.22.246.145
                              24.200.228.113
   NetBIOS sur Tcpip. . . . . . . . . . . : Activ‚
 
Carte Tunnel isatap.local :
 
   Statut du m‚dia. . . . . . . . . . . . : M‚dia d‚connect‚
   Suffixe DNS propre … la connexion. . . : local
   Description. . . . . . . . . . . . . . : Carte Microsoft ISATAP
   Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP activ‚. . . . . . . . . . . . . . : Non
   Configuration automatique activ‚e. . . : Oui
Serveur :   EMG2926.local
Address:  192.168.0.1
 
Nom :    google.com
Addresses:  2607:f8b0:400b:806::200e
 172.217.2.142
 
 
Envoi d'une requˆte 'ping' sur google.com [172.217.2.142] avec 32 octets de donn‚esÿ:
R‚ponse de 172.217.2.142ÿ: octets=32 temps=45 ms TTL=54
R‚ponse de 172.217.2.142ÿ: octets=32 temps=45 ms TTL=54
 
Statistiques Ping pour 172.217.2.142:
    Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
    Minimum = 45ms, Maximum = 45ms, Moyenne = 45ms
Serveur :   EMG2926.local
Address:  192.168.0.1
 
Nom :    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Envoi d'une requˆte 'ping' sur yahoo.com [98.139.183.24] avec 32 octets de donn‚esÿ:
R‚ponse de 98.139.183.24ÿ: octets=32 temps=35 ms TTL=54
R‚ponse de 98.139.183.24ÿ: octets=32 temps=34 ms TTL=54
 
Statistiques Ping pour 98.139.183.24:
    Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
    Minimum = 34ms, Maximum = 35ms, Moyenne = 34ms
 
Envoi d'une requˆte 'Ping'  127.0.0.1 avec 32 octets de donn‚esÿ:
R‚ponse de 127.0.0.1ÿ: octets=32 temps<1ms TTL=128
R‚ponse de 127.0.0.1ÿ: octets=32 temps<1ms TTL=128
 
Statistiques Ping pour 127.0.0.1:
    Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
    Minimum = 0ms, Maximum = 0ms, Moyenne = 0ms
===========================================================================
Liste d'Interfaces
 11...48 5d 60 c4 d2 ba ......Carte r‚seau sans fil Atheros AR9285
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Carte Microsoft ISATAP
===========================================================================
 
IPv4 Table de routage
===========================================================================
Itin‚raires actifsÿ:
Destination r‚seau    Masque r‚seau  Adr. passerelle   Adr. interface M‚trique
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.126     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.126    281
    192.168.0.126  255.255.255.255         On-link     192.168.0.126    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.126    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.126    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.126    281
===========================================================================
Itin‚raires persistantsÿ:
  Aucun
 
IPv6 Table de routage
===========================================================================
Itin‚raires actifsÿ:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::7875:62fa:3300:c76/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Itin‚raires persistantsÿ:
  Aucun
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog5 08 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
 
========================= Devices: ================================
 
Name: Périphérique système de base
Description: Périphérique système de base
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_1A071043&REV_80\4&6A4A70B&0&04E5
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Contrôleur Ethernet
Description: Contrôleur Ethernet
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_197B&DEV_0250&SUBSYS_19051043&REV_03\4&6A4A70B&0&05E5
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Souris Microsoft PS/2
Description: Souris Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Device ID: ACPI\SYN0A06\4&24FBDFD&0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Périphérique système de base
Description: Périphérique système de base
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_1A071043&REV_80\4&6A4A70B&0&00E5
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Périphérique système de base
Description: Périphérique système de base
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_1A071043&REV_80\4&6A4A70B&0&03E5
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 60%
Total physical RAM: 2988.38 MB
Available physical RAM: 1166.7 MB
Total Virtual: 5698.57 MB
Available Virtual: 3513.2 MB
 
========================= Partitions: =====================================
 
1 Drive b: (DONNEES) (Fixed) (Total:232.28 GB) (Free:138.07 GB) NTFS
2 Drive c: (WINDOWS) (Fixed) (Total:233.38 GB) (Free:0.95 GB) NTFS
3 Drive d: (BACK_TO_THE_FUTURE) (CDROM) (Total:7.94 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
comptes d'utilisateurs de \\ASUS
 
Administrateur           Invit‚                   Sylvie & R‚mi            
La commande s'est termin‚e correctement.
 
========================= Restore Points ==================================
 
18-04-2016 13:21:35 Windows Update
22-04-2016 15:43:43 Windows Update
26-04-2016 17:47:50 Windows Update
28-04-2016 14:05:56 Windows Update
02-05-2016 14:04:10 Windows Update
02-05-2016 15:30:05 Restore Point Created by FRST
03-05-2016 12:45:52 Restore Point Created by FRST
 
**** End of log ****
 
 
Thanks again


#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:00 PM

Posted 04 May 2016 - 06:14 PM

Your DNS servers make sense now.  :cool:

 

Let's run a couple of scans to check for left-overs:

 

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on YesFailure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 
 
==========
 
 
ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using another browser, please stop here and let me know!
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Click this link to open ESET OnlineScan.
  • Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
  • When prompted allow the Add-On/Active X to install.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

 

 

==========

 

Please give me an update on how your computer is behaving after running the scans.


Best Regards,
oneof4.


#11 joelar81

joelar81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 05 May 2016 - 02:46 PM

Hi,

 

I use Google Chrome as navigator.

 

===================

Result of mbam.txt

===================

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/05/05 10:14:58 -0400</date>
<logfile>mbam-log-2016-05-05 (10-14-53).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.05.05.03</malware-database>
<rootkit-database>v2016.04.17.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>ASUS</hostname>
<ip>192.168.0.126</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>Sylvie &amp; Rémi</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>318834</objects>
<time>847</time>
<processes>0</processes>
<modules>0</modules>
<keys>3</keys>
<values>3</values>
<datas>0</datas>
<folders>26</folders>
<files>10</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>2225884a712806303ffb36855ca86a96</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A2AD5047}</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>6bdc51814f4aa98d1c2176454bb937c9</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>96b1ddf52d6ca6900a354e6d3bc9ac54</hash></key>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{a2ad5047}</path><valuename>1</valuename><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><valuedata>1459140301</valuedata><hash>6bdc51814f4aa98d1c2176454bb937c9</hash></value>
<value><path>HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES</path><valuename></valuename><vendor>Hijack.AutoConfigURL.PrxySvrRST</vendor><action></action><valuedata>0http://un-stop.org/wpad.dat?565fbce50bc06e34f59c3081a29ed3758398975</valuedata><hash>c681587a62377db9a4117d385da7a858</hash></value>
<value><path>HKU\S-1-5-21-2719286028-2732615489-1206259057-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path><valuename>AutoConfigUrl</valuename><vendor>Hijack.AutoConfigURL.PrxySvrRST</vendor><action></action><valuedata>http://un-stop.org/wpad.dat?565fbce50bc06e34f59c3081a29ed3758398975</valuedata><hash>0443d5fd0a8f3bfbfcb82f86ce369070</hash></value>
<folder><path>C:\Users\Sylvie &amp; Rémi\AppData\Roaming\SpringFiles</path><vendor>PUP.Optional.SpringFiles</vendor><action></action><hash>cf78e1f14059181e47eb91ad6f948d73</hash></folder>
<folder><path>C:\ProgramData\43bc3739-3a51-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>24232fa3b8e1cd699be5a79d2ed5669a</hash></folder>
<folder><path>C:\ProgramData\43bc3739-3e75-1</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>9baccf036a2f81b56a1698ac28db23dd</hash></folder>
<folder><path>C:\ProgramData\71f70411-02a7-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>f0573b97adec5dd92759b094a162768a</hash></folder>
<folder><path>C:\ProgramData\71f70411-0825-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>de697959a0f92313a7d982c23ac97b85</hash></folder>
<folder><path>C:\ProgramData\71f70411-0ae3-1</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>3a0d04ced1c8fe38c4bc54f03dc643bd</hash></folder>
<folder><path>C:\ProgramData\71f70411-0c13-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>9aadc30f58416bcb4739360e21e2d729</hash></folder>
<folder><path>C:\ProgramData\71f70411-1605-1</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>3a0d21b1fe9b1d193f41350fa75c956b</hash></folder>
<folder><path>C:\ProgramData\71f70411-2321-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>5aedac265247ce68344c5aeafd06f10f</hash></folder>
<folder><path>C:\ProgramData\71f70411-25f3-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>a1a624aeebae8caa364acd77ca398f71</hash></folder>
<folder><path>C:\ProgramData\71f70411-2a13-1</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>e76001d1cfcacc6a99e7ad97cb386e92</hash></folder>
<folder><path>C:\ProgramData\71f70411-2e27-1</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>90b78c461d7ccb6bceb2261edf24e51b</hash></folder>
<folder><path>C:\ProgramData\71f70411-3205-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>55f2745ed3c6a096235da4a0748fd22e</hash></folder>
<folder><path>C:\ProgramData\71f70411-3ab1-1</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>390e359dc8d1ab8bd8a8162e8b78847c</hash></folder>
<folder><path>C:\ProgramData\71f70411-4a87-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>70d7a52d9900d066f38d76ce3ac9a060</hash></folder>
<folder><path>C:\ProgramData\71f70411-60a1-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>5fe8fcd6f8a1a393a6da5ee6867d817f</hash></folder>
<folder><path>C:\ProgramData\71f70411-6245-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>400731a1cacfae88651b8cb81ae99a66</hash></folder>
<folder><path>C:\ProgramData\71f70411-6f97-1</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>d473b2200b8eba7ced93152fb94abd43</hash></folder>
<folder><path>C:\ProgramData\71f70411-7063-0</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>291e468c7029bc7a5b25bf85729116ea</hash></folder>
<folder><path>C:\ProgramData\71f70411-7cb1-1</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>2c1bd00227726bcb037d103432d12dd3</hash></folder>
<folder><path>C:\ProgramData\{0074737e-512c-1}</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>05427c561d7c84b22c555de78d7646ba</hash></folder>
<folder><path>C:\ProgramData\{07930c63-412c-0}</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>4bfcd4fe3069f73ffd84c38158abe21e</hash></folder>
<folder><path>C:\ProgramData\{08bbe235-612c-0}</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>8abd943e70296fc7d0b1c87c8281ef11</hash></folder>
<folder><path>C:\ProgramData\{0a672332-112c-0}</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>a3a423af74250531c2bfb68e59aa857b</hash></folder>
<folder><path>C:\ProgramData\{0b6c5dc4-612c-0}</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>5ceb7a589ffa989ef58c172d61a22dd3</hash></folder>
<folder><path>C:\ProgramData\{390847ff-412c-1}</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>d4737a58d9c01a1c7f02f94b07fc10f0</hash></folder>
<file><path>C:\Program Files\KMS Activator Ultimate\Office 2016  KMS Activator Ultimate v1.1.exe</path><vendor>CrackTool.Agent</vendor><action></action><hash>7ccbf5ddd8c1d85ef49a85ed1bea12ee</hash></file>
<file><path>C:\Program Files\KMS Activator Ultimate\upgrade.exe</path><vendor>PUP.Optional.Amonetize</vendor><action></action><hash>f6513b973861c373031a3c3b47ba26da</hash></file>
<file><path>C:\ProgramData\71f70411-0825-0\71f70411-0825-0.d</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>de697959a0f92313a7d982c23ac97b85</hash></file>
<file><path>C:\ProgramData\71f70411-1605-1\71f70411-1605-1.d</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>3a0d21b1fe9b1d193f41350fa75c956b</hash></file>
<file><path>C:\ProgramData\{0074737e-512c-1}\BITE5C5.tmp</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>05427c561d7c84b22c555de78d7646ba</hash></file>
<file><path>C:\ProgramData\{07930c63-412c-0}\BITE643.tmp</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>4bfcd4fe3069f73ffd84c38158abe21e</hash></file>
<file><path>C:\ProgramData\{08bbe235-612c-0}\{08bbe235-612c-0}.d</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>8abd943e70296fc7d0b1c87c8281ef11</hash></file>
<file><path>C:\ProgramData\{0a672332-112c-0}\BITE7D9.tmp</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>a3a423af74250531c2bfb68e59aa857b</hash></file>
<file><path>C:\ProgramData\{0b6c5dc4-612c-0}\{0b6c5dc4-612c-0}.d</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>5ceb7a589ffa989ef58c172d61a22dd3</hash></file>
<file><path>C:\ProgramData\{390847ff-412c-1}\{390847ff-412c-1}.d</path><vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor><action></action><hash>d4737a58d9c01a1c7f02f94b07fc10f0</hash></file>
</items>
</mbam-log>
 
Thanks
 
joelar


#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:00 PM

Posted 05 May 2016 - 04:33 PM

Ok, use the following for ESET online scanner:

 

 

ESET Online Scanner:


Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.

  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished! <script src="safari-extension://com.ebay.safari.myebaymanager-QYHMMGCMJR/5499774b/background/helpers/prefilterHelper.js" type="text/javascript"> </script>


Best Regards,
oneof4.


#13 joelar81

joelar81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 05 May 2016 - 07:21 PM

Hi

 

========================

Eset Online Scanner Results

========================

 

B:\Applications\DVDFab.v9.2.2.8.Multilingual.Cracked-BRD\Crack\Patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting
B:\Applications\NitroPDF_Pro_v.9.5.3.8_FR\keygen_1.exe a variant of Win32/Keygen.AN potentially unsafe application cleaned by deleting
B:\Applications\WapCAMserver\WebcamMax 7.2.0.6\WebcamMax-7.2.0.6.MultiLanguage.Setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
B:\SAUVEGARDES\Sylvie & Rémi\Documents\Formulaires\Setup (1).exe a variant of Win32/Adware.iBryte.C application cleaned by deleting
B:\SAUVEGARDES\Sylvie & Rémi\Documents\Formulaires\Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting
B:\SAUVEGARDES\Sylvie & Rémi\Gravure\Slysoft.exe a variant of Win32/HackTool.Patcher.CL potentially unsafe application cleaned by deleting
B:\SAUVEGARDES\Sylvie & Rémi\Téléchargements\Retrogamer.exe Win32/AdInstaller potentially unwanted application cleaned by deleting
B:\SAUVEGARDES\Sylvie & Rémi\Téléchargements\ESET Smart.Security & Nod32 & ESET Fix\Eset fix.exe Win32/RiskWare.HackAV.KU application cleaned by deleting
B:\TORRENTS\NCH Debut Video Capture v1.49.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted
B:\TÉLÉCHARGEMENTS\debutpsetup.exe a variant of Win32/Bundled.Toolbar.Google.F potentially unsafe application deleted
B:\TÉLÉCHARGEMENTS\Non confirmé 800802.crdownload a variant of Generik.EMRBBRJ trojan cleaned by deleting
B:\TÉLÉCHARGEMENTS\Sim_Emu_6.02_Cfg_V2.2_downloader.exe a variant of Win32/ExpressDownloader.K potentially unwanted application cleaned by deleting
C:\Program Files\DVDFab 9\BRD.dll a variant of Win32/HackTool.Crack.EC potentially unsafe application cleaned by deleting
C:\Program Files\KMS Activator Ultimate\Office 2016  KMS Activator Ultimate v1.1.exe a variant of MSIL/Riskware.HackAV.S application cleaned by deleting
C:\Program Files\KMS Activator Ultimate\Office 2016  KMS Activator Ultimate v1.2 Final\Office 2016  KMS Activator Ultimate v1.2.exe a variant of MSIL/Riskware.HackAV.S application cleaned by deleting
C:\Program Files\Sim-Emu 6.02 Configurator\SIM_EMU_6.02_CFG.exe a variant of Generik.KWTGRWF trojan cleaned by deleting
C:\SAUVEGARDE\Lise\AppData\Roaming\OpenCandy\4ACBCE18E4E94F38B6C28E9B5CF2BBEF\pcspeedup_oc.exe a variant of Win32/Speedchecker.A potentially unwanted application deleted
C:\SAUVEGARDE\Lise\Desktop\iTunes-64b.exe a variant of Win32/InstallCore.AW potentially unwanted application cleaned by deleting
C:\SAUVEGARDE\Lise\Downloads\Elf_1.12.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted
C:\Windows\Installer\ff22c15.msi a variant of Generik.KWTGRWF trojan deleted
 
Thanks


#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:00 PM

Posted 06 May 2016 - 05:48 AM

How is your computer running now?


Best Regards,
oneof4.


#15 joelar81

joelar81
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 06 May 2016 - 07:47 AM

It seems some better but my Antimalware is still open with the detected threat and you never told me to delete always open selection. I do not think apply no correction since it seems to have only perform a scan.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users