Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware infection, tried everything I could to no avail


  • This topic is locked This topic is locked
15 replies to this topic

#1 lotusflow3r

lotusflow3r

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 11 November 2016 - 01:09 AM

Hi :)

 

I have reasons to believe I have a malware but I'm not certain.

 

My system :

- Windows 10 (legal)

- Avast Antivirus

- Windows Firewall

- Chrome

 

My connection :

- I'm in China and my connection is awful, totally unstable with cuts and a speed that goes to unusable to quite fast depending on the time.

- I'm using ExpressVPN (one has to in China), which makes it even harder to know whether connection is slow due to the connection or the server.

 

HOWEVER...

 

The symptoms :

- For the last few weeks my connection is progressively getting slower and slower.

- I have occasional spontaneous tabs that opens by themselves, leading to suspicious random commercial sites. It's really super rare but still it shouldn't happen at all.

- Might be unrelated but it also happens sometimes that after a cut my PC doesn't realize that the internet is working again (it's connected to the modem by wifi but says no network) and I have to reboot the PC for it to realize that the internet is, in fact, working.

 

One possible cause for contamination :

- About a week ago, while trying to solve connection issues that seemed to come from ExpressVPN, on the advice of an ExpressVPN conselor thru their online help service, I've disconnected my Antivirus first, then my Firewall for about 10 to 20 minutes to see if cuts would still occur (the consellor suspected Avast or the FW may be responsible). I was unprotected for a short while. Connection problems were there before but the commercial pop-ups weren't, and the connection kept getting worse and worse ever since.

 

The steps I've taken so far (to no avail) :

- Full Avast scan (no results)

- Cccleaner (I do it routinely)

- Reinitialised Chrome and checked extensions (none suspect or unknown found)

- Malwarebytes scan (found some things, cleaned them)

- Another antimalware scan with a soft I've deleted since and forgotten the name of (sorry)

- Restoration of system to an earlier date from before the expressVNP chat incident

 

Conclusions :

I cannot say for sure that I have a malware but at least the occasional commercial pop-ups seem to say so, though they're oddly rare for a contamination (it's usually all day long, not once a day or so). I've attempted all I could do save for reinstalling Windows, which I'd like to avoid because it's a lot of work to then put the whole computer back in shape, reinstall everything and so on.

 

I know you guys can usually find out vicious malwares, so thank you very much for letting me know what sort of scans I must run for you to find out.

 

Your help is deeply appreciated.



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:39 PM

Posted 12 November 2016 - 10:34 AM

Hi lotusflow3r

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.


Step 1

Malwarebytes scan (found some things, cleaned them)

Could you let me have the scan report so that I can see what was found.

Restart MBAM
  • Click on the History tab >> Application Logs.
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.

    mbamlog_zpsa7413aad.png
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
Step 2
Let's see if FRST can give us a better idea of what is happening here.

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Earlier MBAM scan report
Both reports from FRST


Thanks.

Edited by Starbuck, 12 November 2016 - 10:36 AM.

BBPP6nz.png


#3 lotusflow3r

lotusflow3r
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 15 November 2016 - 03:33 AM

Hi and thanks a lot Brudiwr.

 

Unfortunately I had uninstalled MalwareByte after use (I usually never use it and I tend to delete softs that I don't use on a regular basis), I'm sorry :(

 

Here are the 2 FRST logs attached.

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Exécuté par Shaomi (administrateur) sur R2D2 (15-11-2016 16:29:44)
Exécuté depuis C:\Users\Shaomi\Desktop
Profils chargés: Shaomi (Profils disponibles: Shaomi)
Platform: Windows 10 Home Version 1511 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
(The OpenVPN Project) C:\Program Files (x86)\ExpressVPN\xvpnd\windows\openvpn.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\SoulseekNS\slsk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-10] (AVAST Software)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-07-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2012-07-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\Run: [Amazon Music] => C:\Users\Shaomi\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-23] ()
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [806904 2016-06-24] (ExpressVPN)
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\Run: [Azureus] => C:\Program Files\Vuze\Azureus.exe [381096 2016-01-05] (Azureus Software, Inc)
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\RunOnce: [Uninstall C:\Users\Shaomi\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shaomi\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\MountPoints2: {89923d3d-270c-11e6-80a2-606c665b3b36} - "E:\Setup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-08-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-09] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  Pas de fichier

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 218.104.111.122 218.104.111.114
Tcpip\..\Interfaces\{21ba68ca-0ea6-4a40-b153-402ad2205b08}: [NameServer] 156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{21ba68ca-0ea6-4a40-b153-402ad2205b08}: [DhcpNameServer] 218.104.111.122 218.104.111.114
Tcpip\..\Interfaces\{43a64268-501a-4734-bcbc-573b8b416c1c}: [DhcpNameServer] 10.10.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-3457565236-1511229669-2340543116-1001 -> {E579D424-C1BE-4C30-891C-47DFAA7AB220} URL = hxxps://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=201117&p={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Shaomi\AppData\Roaming\Mozilla\Firefox\Profiles\ku12e81s.default [2016-11-13]
FF Homepage: Mozilla\Firefox\Profiles\ku12e81s.default -> hxxps://www.facebook.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\ku12e81s.default -> hxxps://in.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=201117&p=
FF NetworkProxy: Mozilla\Firefox\Profiles\ku12e81s.default -> http", "202.131.114.196"
FF NetworkProxy: Mozilla\Firefox\Profiles\ku12e81s.default -> http_port", 34002
FF NetworkProxy: Mozilla\Firefox\Profiles\ku12e81s.default -> socks_remote_dns", true
FF NetworkProxy: Mozilla\Firefox\Profiles\ku12e81s.default -> type", 0
FF Extension: (Firefox Hotfix) - C:\Users\Shaomi\AppData\Roaming\Mozilla\Firefox\Profiles\ku12e81s.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-27]
FF Extension: (FoxyProxy Standard) - C:\Users\Shaomi\AppData\Roaming\Mozilla\Firefox\Profiles\ku12e81s.default\Extensions\foxyproxy@eric.h.jung [2016-09-29]
FF Extension: (Hootsuite Hootlet) - C:\Users\Shaomi\AppData\Roaming\Mozilla\Firefox\Profiles\ku12e81s.default\Extensions\hootsuite@hootsuite.com.xpi [2016-05-31]
FF Extension: (Adblock Plus) - C:\Users\Shaomi\AppData\Roaming\Mozilla\Firefox\Profiles\ku12e81s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-10]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://search.conduit.com/?SearchSource=10&ctid=CT2613520
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll => Pas de fichier
CHR Profile: C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-11-13]
CHR Profile: C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-11-15]
CHR Extension: (Facebook Video Downloader) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2016-10-12]
CHR Extension: (Hootsuite Hootlet) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2016-09-21]
CHR Extension: (YouTube) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Recherche Google) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast Online Security) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-09]
CHR Extension: (Tampermonkey) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-10-17]
CHR Extension: (Invite All (for Facebook)) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2016-06-16]
CHR Extension: (Readium) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2016-08-17]
CHR Extension: (AdBlock) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-11]
CHR Extension: (Invite All Friends on Facebook) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-11-10]
CHR Extension: (Video Recorder) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\janpabomenbggihohponfklipffjhlfb [2016-02-07]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR Extension: (Chrome Media Router) - C:\Users\Shaomi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <non trouvé(e)>

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2016-06-24] () [Fichier non signé]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [Fichier non signé]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Fichier non signé]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [179712 2010-11-01] (Airytec) [Fichier non signé]
S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [179712 2010-11-01] (Airytec) [Fichier non signé]
S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [Fichier non signé]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-11-15 16:29 - 2016-11-15 16:29 - 02411520 _____ (Farbar) C:\Users\Shaomi\Desktop\FRST64.exe
2016-11-15 16:29 - 2016-11-15 16:29 - 00020786 _____ C:\Users\Shaomi\Desktop\FRST.txt
2016-11-15 16:29 - 2016-11-15 16:29 - 00000000 ____D C:\FRST
2016-11-15 15:14 - 2016-11-15 15:14 - 00000000 ___HD C:\OneDriveTemp
2016-11-13 03:54 - 2016-11-13 06:11 - 733058501 _____ C:\Users\Shaomi\Desktop\The.Ladykillers.2004.720p.HD-TV-Rip.x264.aac.mp4-anoXmous.mp4
2016-11-12 20:03 - 2016-11-12 20:03 - 00006450 _____ C:\Users\Shaomi\.recently-used.xbel
2016-11-10 15:43 - 2016-11-10 15:43 - 00001984 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-11-10 15:39 - 2016-09-09 17:55 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-11-08 18:20 - 2016-11-08 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-08 18:04 - 2016-11-10 15:39 - 00000000 ____D C:\AdwCleaner
2016-11-08 15:14 - 2016-11-08 22:56 - 00000000 ____D C:\Users\Shaomi\Desktop\2003 - so stylistic
2016-11-05 18:09 - 2016-11-05 18:09 - 00000000 ____D C:\Users\Shaomi\Desktop\2003 - Xpectation
2016-11-05 16:20 - 2016-11-05 16:20 - 00000000 ____D C:\Users\Shaomi\Desktop\2003 - C-NOTE
2016-11-05 16:19 - 2016-11-05 16:19 - 00000000 ____D C:\Users\Shaomi\Desktop\2003 - The War [Tidal]
2016-11-03 10:24 - 2016-11-03 10:24 - 00000000 ____D C:\Users\Shaomi\Desktop\THIRD WORLD - 1980 - Prisoner In The Street
2016-11-03 10:21 - 2016-11-03 17:44 - 00000000 ____D C:\Users\Shaomi\Desktop\Erotica (1992)
2016-10-29 01:44 - 2016-10-29 01:44 - 04737128 _____ C:\Users\Shaomi\Desktop\RM07_4h30-5h30_v1.pdf
2016-10-26 02:57 - 2016-10-26 06:26 - 00024140 _____ C:\Users\Shaomi\Desktop\ENG translation.txt
2016-10-21 07:56 - 2016-10-21 07:56 - 23024897 _____ C:\Users\Shaomi\Desktop\The Making of 'No Stranger Here' - Business Class Refugees, Ursula Rucker & Shubha Mudgal.mp4
2016-10-20 15:08 - 2016-10-20 15:53 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\avidemux
2016-10-20 15:07 - 2016-10-20 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits)
2016-10-20 15:07 - 2016-10-20 15:07 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 64 bits
2016-10-20 14:45 - 2016-10-20 14:45 - 00000000 ____D C:\Users\Shaomi\.MCTranscodingSDK
2016-10-20 14:42 - 2016-10-20 14:56 - 00000000 ____D C:\Users\Public\Documents\Lightworks
2016-10-20 14:42 - 2016-10-20 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2016-10-20 14:42 - 2016-10-20 14:42 - 00000000 ____D C:\ProgramData\Geevs
2016-10-20 14:42 - 2016-10-20 14:42 - 00000000 ____D C:\Program Files\Lightworks
2016-10-20 14:22 - 2016-10-20 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool MP4 To FLV Converter
2016-10-20 14:22 - 2016-10-20 14:22 - 00000000 ____D C:\Program Files (x86)\Cool MP4 To FLV Converter
2016-10-20 13:29 - 2016-10-20 13:29 - 00000000 ____D C:\Users\Shaomi\Documents\FlashIntegro
2016-10-20 13:29 - 2016-10-20 13:29 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\VideoEditor
2016-10-20 13:29 - 2016-10-20 13:29 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\FlashIntegro
2016-10-20 13:28 - 2016-10-20 13:29 - 00000000 ____D C:\Program Files (x86)\FlashIntegro
2016-10-20 13:28 - 2016-10-20 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2016-10-20 13:28 - 2016-07-25 17:41 - 00071480 _____ (Flash-Integro LLC) C:\WINDOWS\SysWOW64\mslvddsfilter3.ax
2016-10-20 13:28 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\Lagarith.dll
2016-10-20 13:28 - 2005-08-01 18:43 - 00245760 _____ () C:\WINDOWS\SysWOW64\lame.ax
2016-10-20 13:28 - 2004-12-10 09:03 - 00438272 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2016-10-20 13:28 - 2004-07-03 20:08 - 00139264 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2016-10-20 13:28 - 2004-07-03 19:59 - 00524288 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2016-10-20 13:28 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) C:\WINDOWS\SysWOW64\AC3ACM.acm
2016-10-20 13:28 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divx.dll
2016-10-20 13:28 - 2003-05-22 11:26 - 00221215 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divxdec.ax
2016-10-20 13:28 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) C:\WINDOWS\SysWOW64\mcdvd_32.dll
2016-10-20 13:28 - 2003-05-21 22:50 - 00156910 _____ C:\WINDOWS\WMSysPr8.prx
2016-10-20 13:28 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) C:\WINDOWS\SysWOW64\vct3216.acm
2016-10-20 13:28 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) C:\WINDOWS\SysWOW64\alf2cd.acm
2016-10-20 13:28 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\L3CODECX.AX
2016-10-20 13:28 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) C:\WINDOWS\SysWOW64\Scg726.acm
2016-10-20 12:27 - 2016-10-20 12:27 - 00000000 ____D C:\Users\Shaomi\Documents\Emicsoft Studio
2016-10-20 12:27 - 2016-10-20 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emicsoft
2016-10-20 12:27 - 2016-10-20 12:27 - 00000000 ____D C:\ProgramData\Emicsoft Studio
2016-10-20 12:27 - 2016-10-20 12:27 - 00000000 ____D C:\Program Files (x86)\Emicsoft Studio
2016-10-20 12:25 - 2016-10-20 13:10 - 00000000 ____D C:\Users\Shaomi\AppData\Local\WMTools Downloaded Files
2016-10-20 12:24 - 2016-10-20 12:24 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
2016-10-20 12:24 - 2016-10-20 12:24 - 00000000 ____D C:\Program Files (x86)\Movie Maker 2.6
2016-10-17 18:37 - 2016-10-17 18:37 - 28011469 _____ C:\Users\Shaomi\Desktop\PMW.mp4

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-11-15 16:26 - 2014-10-16 17:31 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-15 16:26 - 2014-04-12 16:06 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\Skype
2016-11-15 16:24 - 2016-08-30 22:48 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\Azureus
2016-11-15 16:19 - 2015-01-19 02:47 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 16:00 - 2014-04-11 19:00 - 00000000 ____D C:\ProgramData\Soulseek
2016-11-15 15:17 - 2015-05-26 14:32 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-11-15 15:17 - 2015-05-26 14:32 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-11-15 15:17 - 2015-02-02 20:28 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F238D41D-506C-4AA1-92D9-5D4CD24B149C}
2016-11-15 15:14 - 2015-10-02 22:15 - 00000000 ___RD C:\Users\Shaomi\OneDrive
2016-11-15 15:14 - 2014-04-10 01:56 - 00000062 _____ C:\Users\Shaomi\AppData\Roaming\sp_data.sys
2016-11-15 15:13 - 2015-08-01 22:56 - 00000000 __SHD C:\Users\Shaomi\IntelGraphicsProfiles
2016-11-15 15:13 - 2015-01-19 02:47 - 00001082 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-15 00:26 - 2014-04-10 03:22 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\vlc
2016-11-14 14:47 - 2015-10-31 03:00 - 00825500 _____ C:\WINDOWS\system32\perfh00C.dat
2016-11-14 14:47 - 2015-10-31 03:00 - 00155764 _____ C:\WINDOWS\system32\perfc00C.dat
2016-11-14 14:47 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF
2016-11-14 14:47 - 2015-08-01 12:51 - 01848398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-14 14:41 - 2016-01-09 14:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-14 14:40 - 2015-10-30 14:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2016-11-13 17:11 - 2015-05-13 01:01 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-13 08:43 - 2014-04-20 04:30 - 00000000 ____D C:\Users\Shaomi\Documents\Vuze Downloads
2016-11-13 04:51 - 2014-05-18 16:51 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\Audacity
2016-11-13 02:37 - 2014-04-10 00:45 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-11-13 02:27 - 2014-04-10 00:44 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\Winamp
2016-11-12 20:19 - 2015-09-26 17:16 - 00000000 ___RD C:\Users\Shaomi\Desktop\STUFF
2016-11-12 20:11 - 2014-04-12 05:16 - 00000000 ____D C:\Users\Shaomi\.gimp-2.6
2016-11-12 20:03 - 2016-01-09 14:23 - 00000000 ____D C:\Users\Shaomi
2016-11-12 19:59 - 2014-04-12 05:24 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\gtk-2.0
2016-11-12 19:30 - 2016-01-09 14:19 - 04865984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-12 16:25 - 2016-07-16 08:11 - 00004024 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1468627909
2016-11-12 16:25 - 2016-07-16 08:11 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-11-12 15:25 - 2016-08-29 14:26 - 00000000 ___RD C:\Users\Shaomi\Desktop\HUST
2016-11-11 10:40 - 2014-04-19 18:44 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\KastorAllVideoDownloader
2016-11-10 17:47 - 2016-09-29 13:45 - 00000000 ____D C:\Users\Shaomi\AppData\Local\ElevatedDiagnostics
2016-11-10 16:26 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-10 16:26 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-10 15:48 - 2016-02-15 20:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-10 15:39 - 2016-08-24 12:22 - 00000000 ____D C:\Users\Shaomi\AppData\Roaming\Tencent
2016-11-10 15:39 - 2015-08-16 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-10 15:39 - 2015-08-16 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-10 15:39 - 2014-04-10 01:49 - 00000000 ____D C:\ProgramData\P4G
2016-11-10 15:38 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-10 15:37 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\registration
2016-11-10 15:37 - 2014-04-10 00:39 - 00000000 ____D C:\Users\Shaomi\AppData\Local\Google
2016-11-08 16:43 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-26 21:47 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-10-26 00:22 - 2015-01-19 02:53 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-25 21:48 - 2014-05-24 18:28 - 00000000 ____D C:\ProgramData\Oracle
2016-10-25 21:46 - 2016-10-06 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-25 21:46 - 2016-10-06 22:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-25 21:45 - 2016-10-06 22:43 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-22 07:28 - 2014-04-12 16:06 - 00000000 ____D C:\ProgramData\Skype
2016-10-20 14:57 - 2016-09-17 17:14 - 00003584 _____ C:\Users\Shaomi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-20 14:42 - 2016-08-23 05:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-18 00:33 - 2015-09-09 09:16 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Fichiers à la racine de certains dossiers =======

2014-04-10 01:56 - 2016-11-15 15:14 - 0000062 _____ () C:\Users\Shaomi\AppData\Roaming\sp_data.sys
2016-09-17 17:14 - 2016-10-20 14:57 - 0003584 _____ () C:\Users\Shaomi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-10 01:25 - 2014-04-10 01:25 - 0009624 _____ () C:\Users\Shaomi\AppData\Local\WiDiSetupLog.20140409.192512.txt
2014-04-10 01:25 - 2014-04-10 01:25 - 0010189 _____ () C:\Users\Shaomi\AppData\Local\WiDiSetupLog.20140409.192524.txt
2014-04-10 01:25 - 2014-04-10 01:25 - 0010081 _____ () C:\Users\Shaomi\AppData\Local\WiDiSetupLog.20140409.192534.txt
2014-04-10 01:25 - 2014-04-10 01:25 - 0010141 _____ () C:\Users\Shaomi\AppData\Local\WiDiSetupLog.20140409.192544.txt
2014-04-10 01:25 - 2014-04-10 01:26 - 0010145 _____ () C:\Users\Shaomi\AppData\Local\WiDiSetupLog.20140409.192556.txt
2014-04-10 01:41 - 2014-04-10 01:41 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2014-04-10 01:29 - 2014-04-10 01:30 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-04-10 01:28 - 2014-04-10 01:29 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-04-10 01:33 - 2014-04-10 01:38 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2014-04-10 01:39 - 2014-04-10 01:41 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2014-04-10 01:31 - 2014-04-10 01:33 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Certains fichiers dans TEMP:
====================
C:\Users\Shaomi\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


LastRegBack: 2016-11-15 15:24

==================== Fin de FRST.txt ============================

 

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Exécuté par Shaomi (15-11-2016 16:30:16)
Exécuté depuis C:\Users\Shaomi\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-09 06:35:01)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-3457565236-1511229669-2340543116-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3457565236-1511229669-2340543116-503 - Limited - Disabled)
Invité (S-1-5-21-3457565236-1511229669-2340543116-501 - Limited - Disabled)
Shaomi (S-1-5-21-3457565236-1511229669-2340543116-1001 - Administrator - Enabled) => C:\Users\Shaomi

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

7-Zip 16.02 (HKLM-x32\...\{23170F69-40C1-2701-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.4 - Airytec)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.142.62248 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.9.142.62248 - Alcor Micro Corp.) Hidden
Amazon Music (HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Music Maker (HKLM-x32\...\MAGIX_{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}) (Version: 17.0.2.38 - MAGIX AG)
ASUS Music Maker (x32 Version: 17.0.2.38 - MAGIX AG) Hidden
ASUS N Series Demo (HKLM-x32\...\{246B4AFF-6540-4B72-93E8-B9EB86D37589}) (Version: 1.0.0003 - ASUS)
ASUS Photo Designer (HKLM-x32\...\MAGIX_{2B962F32-78E6-4585-AF24-073AD36B6590}) (Version: 7.0.1.3 - MAGIX AG)
ASUS Photo Designer (Version: 7.0.1.3 - MAGIX AG) Hidden
ASUS Photo Manager (HKLM-x32\...\MAGIX_{2A3A883D-B2AB-427D-B094-27D6241E0944}) (Version: 8.0.3.220 - MAGIX AG)
ASUS Photo Manager (x32 Version: 8.0.3.217 - MAGIX AG) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4712 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4712 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
AutoWebCam (HKLM-x32\...\AutoWebCam) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.14.160917 - )
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Cool MP4 To FLV Converter 1.0 (HKLM-x32\...\Cool MP4 To FLV Converter_is1) (Version:  - A Software Plus)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3019_44673 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4905d - CyberLink Corp.)
Détection de l'application Winamp (HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Directory Lister v0.9 (HKLM-x32\...\Directory Lister_is1) (Version:  - KRKSoft)
Efficient WMA MP3 Converter version 0.99.9.3 (HKLM-x32\...\Efficient WMA MP3 Converter_is1) (Version: 0.99.9.3 - )
Emicsoft MP4 WMV MPEG AVI to FLV Converter (HKLM-x32\...\Emicsoft MP4 WMV MPEG AVI to FLV Converter_is1) (Version:  - )
ExpressVPN (HKLM-x32\...\{6d7c574e-877c-47e6-bcdd-d57b859ea93f}) (Version: 5.2.0.632 - ExpressVPN)
ExpressVPN (x32 Version: 5.2.0.632 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Free FLAC to MP3 Converter 1.4 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version: 1.4 - PolySoft Solutions)
Free FLV to MP3 Converter version 1.0 (HKLM-x32\...\{8444F175-4F29-4F4F-81C1-8E624C9BD858}_is1) (Version: 1.0 - )
Free M4a to MP3 Converter 7.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free PDF to JPG Converter (HKLM-x32\...\{ECD1BC70-A5FD-42D3-AEBA-B71FE88FDBF2}) (Version: 1.0.0 - Free PDF Solutions)
GIMP 2.6.12-2 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kastor - All Video Downloader V 6.0.0 (HKLM-x32\...\{CB84FEF5-C573-4328-B9AF-B28568A4E10E}_is1) (Version: 6.0.0.0 - KastorSoft)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mises à jour NVIDIA 2.5.14.5 (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Mozilla Firefox 47.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 fr)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Pilote graphique 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}) (Version: 4.12.9782 - Apache Software Foundation)
Package de pilotes Windows - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Panneau de configuration NVIDIA 355.82 (Version: 355.82 - NVIDIA Corporation) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6828 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Search Protection (HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\Search Protection) (Version: 9.4.0.2 - Spigot, Inc.) <==== ATTENTION
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
SuperCopier2 (HKLM-x32\...\SuperCopier2) (Version:  - )
Time Adjuster STANDARD 3.1 (HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\TimeAdjuster) (Version:  - IrekSoftware.com)
Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
Trader's Little Helper 2.7.0 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.7.0 - Robert Hoffmann)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSDC Free Video Editor version 5.1.2.558 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.1.2.558 - Flash-Integro LLC)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\WinDirStat) (Version:  - )
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

CustomCLSID: HKU\S-1-5-21-3457565236-1511229669-2340543116-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Shaomi\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3457565236-1511229669-2340543116-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3457565236-1511229669-2340543116-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Shaomi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3457565236-1511229669-2340543116-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {26C95CAB-0409-47BA-8AC2-174DC2E1868B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {2D4081D4-A80F-479A-B799-2C4E3BB52820} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10] (Adobe Systems Incorporated)
Task: {30BA463B-FCEC-4210-A306-32D89591289E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {36D6701E-C6B0-4DA4-A209-415BC6B84340} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3F7E52D6-F0A4-4237-A0AC-2497FF9ABC8D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {5A00EF9E-378B-4D51-9055-70754B0F6C27} - System32\Tasks\{B952C0B0-2B46-4E11-AE68-EB34D5EA5EC6} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120.259&amp;LastError=404
Task: {614E9E58-1916-4465-ACD5-C33E24B6FED2} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {6377F0BF-D301-4F82-A32E-891B34C4C5EE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-09] (AVAST Software)
Task: {654A6941-4DB2-45B4-AFB9-686A53E16893} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {659ECB7B-EC48-4A48-BAA2-A609A1372575} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {7029B5B8-1C98-4FCD-B146-64465CA01FC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {85A36332-DDA4-430C-85A2-E34D8185BDEE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {8AB4BB3A-A74F-4B0A-9637-F82178365AB7} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {8CCEA3B9-39AB-4256-A4B9-D47BF926FD61} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {91DDB8FD-F6BD-4939-85A1-997C8186E08D} - System32\Tasks\SafeZone scheduled Autoupdate 1468627909 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {948E2F5E-4E20-48CB-966C-F783CC77D102} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {A409A09F-44E4-420B-990D-BAFF9102C5E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {A99C94E9-9071-4760-91E6-424ACABF3F13} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {AA16FEE3-4D72-4D01-82F7-9832F55F6FB5} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {ABF0048D-5E98-4B47-8A0D-330BC19EF851} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {B26A77A2-3D2D-4BC3-BCB0-0CF26DABA829} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
Task: {BA91154E-E43D-47DE-A790-F5B1C83E5416} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {CC4F6A51-78A0-43FE-B0E9-91964C19C59E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {D0E86205-EC0D-423B-BAF6-8E1C6F9EB694} - System32\Tasks\{BDAD7341-6B45-4D7F-8348-3F4032E116D7} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.120.259/fr/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=12007&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {DCD66D91-1590-4B9F-A7C2-AE820652A7D1} - System32\Tasks\{30124071-99E0-4DE2-9441-E18D41924F17} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-10-17] (Skype Technologies S.A.)
Task: {E447CB41-37BF-4BAF-ADF0-04B0F35DE7F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {F06118D6-59F2-4723-A3A4-16C68BC67780} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {F7D97CA6-BD9D-4DEB-B231-F46078596CA7} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Raccourcis =============================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

ShortcutWithArgument: C:\Users\Shaomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Readium.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=fepbnnnkkadjhjahcafoaglimekefifl
ShortcutWithArgument: C:\Users\Shaomi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\bdca94b511257a55\Hootsuite Hootlet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bjgfdlplhmndoonmofmflcbiohgbkifn
ShortcutWithArgument: C:\Users\Shaomi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\953d897ab1f114c6\Hootsuite Hootlet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=bjgfdlplhmndoonmofmflcbiohgbkifn
ShortcutWithArgument: C:\Users\Shaomi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Modules chargés (Avec liste blanche) ==============

2015-10-30 15:17 - 2015-10-30 15:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2016-06-24 22:20 - 2016-06-24 22:20 - 00331264 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2014-04-10 01:38 - 2009-04-17 18:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-06-24 22:23 - 2016-06-24 22:23 - 10629112 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2015-10-30 15:18 - 2015-10-30 15:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-09 14:20 - 2015-08-25 23:57 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-14 06:43 - 2016-09-07 13:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-08-24 23:26 - 2012-08-24 23:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-29 23:15 - 2012-11-29 23:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2016-09-14 06:43 - 2016-09-07 13:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-27 19:00 - 2016-08-27 19:00 - 01864384 _____ () C:\Users\Shaomi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2010-07-15 12:44 - 2010-07-15 12:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-01-09 18:47 - 2016-01-09 18:47 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-15 09:08 - 2016-07-01 11:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-14 06:42 - 2016-09-07 12:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-14 06:42 - 2016-09-07 12:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 06:42 - 2016-09-07 12:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-14 06:42 - 2016-09-07 12:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 19:52 - 2016-04-19 19:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2009-06-04 18:28 - 2009-06-04 18:28 - 03670016 _____ () C:\Program Files (x86)\SoulseekNS\slsk.exe
2016-09-09 17:55 - 2016-09-09 17:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-09 17:55 - 2016-09-09 17:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-15 02:44 - 2016-11-15 02:44 - 03130832 _____ () C:\Program Files\AVAST Software\Avast\defs\16111401\algo.dll
2016-06-24 22:23 - 2016-06-24 22:23 - 00445944 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2015-09-01 20:34 - 2015-08-27 08:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-08-27 19:00 - 2016-08-27 19:00 - 01383616 _____ () C:\Users\Shaomi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-27 19:00 - 2016-08-27 19:00 - 00118976 _____ () C:\Users\Shaomi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2012-03-15 16:48 - 2012-03-15 16:48 - 00221184 _____ () C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
2016-06-24 22:21 - 2016-06-24 22:21 - 00152969 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\liblzo2-2.dll
2016-06-24 22:21 - 2016-06-24 22:21 - 00103754 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\libpkcs11-helper-1.dll
2016-07-12 15:35 - 2016-07-12 15:35 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00410624 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00047616 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2016-11-15 15:14 - 2016-11-15 15:14 - 00011264 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\auth.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00062976 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\burnlib.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00014336 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\dsp_sps.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00009728 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\enc_aacplus.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00006656 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\enc_fhgaac.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004096 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\enc_flac.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004096 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\enc_flake.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00005632 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\enc_lame.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004096 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\enc_vorbis.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004096 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\enc_wav.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00006656 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\enc_wma.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00014848 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_classicart.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00007680 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_crasher.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00018944 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_dropbox.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00022016 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_ff.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004096 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_find_on_disk.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00010240 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_hotkeys.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00044544 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_jumpex.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00020480 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_ml.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00009216 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_nopro.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00007168 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_orgler.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00011776 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_skinmanager.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00009728 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_timerestore.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00007680 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_tray.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00010752 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\gen_undo.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00005120 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_avi.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00014848 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_cdda.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00007168 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_dshow.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00005632 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_flac.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00003584 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_flv.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004096 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_linein.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00020992 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_midi.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004608 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_mkv.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00018432 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_mod.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00022528 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_mp3.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004608 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_mp4.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00011776 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_nsv.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00003584 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_swf.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00011264 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_vorbis.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00006656 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_wav.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00005632 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_wave.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00014848 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\in_wm.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00003584 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_addons.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00007168 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_autotag.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00005120 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_bookmarks.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00005120 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_dash.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00008704 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_devices.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00047104 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_disc.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00009216 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_downloads.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004608 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_enqplay.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00008192 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_history.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00005120 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_impex.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00053760 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_local.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004096 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_nowplaying.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00014848 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_online.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00003584 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_orb.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00012800 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_playlists.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00012800 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_plg.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00041984 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_pmp.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00005120 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_rg.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00007680 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_transcode.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00014336 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ml_wire.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00010240 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\ombrowser.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00006656 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\out_disk.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00016384 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\out_ds.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00007680 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\out_wave.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00003072 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\playlist.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004608 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\pmp_activesync.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00011264 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\pmp_android.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00006656 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\pmp_ipod.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00003584 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\pmp_njb.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004096 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\pmp_p4s.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00010752 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\pmp_usb.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00031232 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\pmp_wifi.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00006144 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\tagz.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00159232 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\vis_milk2.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00007680 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\vis_nsfs.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00180224 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\winamp.lng
2016-11-15 15:14 - 2016-11-15 15:14 - 00004096 _____ () C:\Users\Shaomi\AppData\Local\Temp\WLZF82E.tmp\winampa.lng
2011-07-12 05:48 - 2014-04-10 00:45 - 00023040 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00103936 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00090112 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2011-07-12 05:48 - 2014-04-10 00:45 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00165376 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00285696 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00050688 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00074752 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00252416 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00340992 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2011-07-12 05:48 - 2014-04-10 00:45 - 00027648 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2010-11-11 01:29 - 2014-04-10 00:45 - 00183808 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00312832 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00293376 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00082944 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00124928 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00200192 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00240640 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00113152 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00027648 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00083456 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00031744 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
2011-07-12 05:48 - 2014-04-10 00:45 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
2016-04-19 19:52 - 2016-04-19 19:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 19:52 - 2016-04-19 19:55 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-04-27 12:54 - 2013-04-27 12:54 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2016-10-26 00:22 - 2016-10-20 16:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-26 00:22 - 2016-10-20 16:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)


==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)


==================== Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)


==================== Hosts contenu: ===============================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shaomi\Desktop\STUFF\PIX\shaomix.jpg
DNS Servers: 10.10.0.1 - 156.154.70.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\StartupApproved\Run: => "Browser Extensions"
HKU\S-1-5-21-3457565236-1511229669-2340543116-1001\...\StartupApproved\Run: => "SearchProtection"

==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8A18FB96-C6F5-478C-A785-0B6B1CF58646}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{47F8E0FE-D44C-4D2C-8183-2DD4E9ADD183}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4B8DDC54-B477-4FC7-9797-522F667431A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{70CBE4C9-95A0-416E-AF39-30D6E7E4DFC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6438B6E3-22E7-4ACA-ACDE-580F118FBF4D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D2D092D8-E27D-4620-9200-DA609E209154}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{08299F53-C7DB-4C39-B7CC-A69B941E89C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{551FB14E-3157-4ED2-9A37-3D76514DFFDB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{93D112F2-3593-4F65-9B58-1E0B0203E005}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{47E1B9D9-9640-44EA-AEA8-8DAD2A5B0A14}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [UDP Query User{1CF48074-1313-42A0-A206-9046F69C17E4}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [TCP Query User{1AB01351-7885-4980-9BE2-BFD6FF092F51}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [{92295F52-A16C-4992-B918-722D34C99992}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{56040F4A-B653-42D2-9C64-5132A449CE2C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [UDP Query User{7D9BB6F1-D478-416B-8B6F-246F51C20E70}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{E7A3CA32-33E9-4251-86CE-2331FA24D85D}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{229BD292-59A4-452C-9AA2-BDFD2FB0B8C1}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{F801E40F-45BB-4D48-AFE6-FE65DC111847}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{8E3C78E7-D450-4C28-AA74-7FDEF0381939}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A9C018C3-99EF-4E4B-BE98-FA383FE492A2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [UDP Query User{7DA18E7D-E226-44FA-92D0-C7876EE2EE5E}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{181F8C61-2C4A-47FF-B365-A712D1535FC6}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{ECF1E689-1ADB-4593-B7F1-77785662E28C}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [TCP Query User{46ED4ED9-B6FB-431D-9E99-F51250F366B2}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [{34A7E63A-DBF5-4953-B2E2-C7B276303D67}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AE0B54B1-79C8-4047-BF66-52A366A72CF5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{C235A9D0-BBAB-488D-B416-FEFB17732B14}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{A85F70D7-004A-41C0-8E25-B465752BE5D3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{C2E1365D-F686-4616-A9E7-D8E65EE36C75}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [UDP Query User{FB7F0D16-07FE-436B-AE8B-B55593DE3DC3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{8FB99776-C466-4FE4-B532-08D01FC8E8FB}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{BB78E385-B4D4-4A96-BBA3-28C22138B4AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D02E571B-BC5A-4F57-894D-655064B94B3E}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{20526C7E-B51C-494C-BAAA-7541DEFD65DE}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{B14A1D65-F90E-4661-8362-574A47BE341F}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{191EDA9B-A08F-4C90-9A17-3B96506588C0}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{D5B13230-1AB7-4EC4-88B8-CDCA84D79FA2}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{9F5FECF3-B566-4999-B297-83AD870C8470}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{5A359928-C875-4CBA-9426-A24366AC71A7}] => (Allow) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
FirewallRules: [{62E80AE2-3DC0-4633-8211-1A0507E23122}] => (Allow) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
FirewallRules: [{C65560DE-91F5-4C55-83A0-A805743FBDF1}] => (Allow) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
FirewallRules: [{0F8A1BE6-955E-4407-9CBE-BF1534950DC1}] => (Allow) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
FirewallRules: [{5DBAD756-5CCA-4A79-A56C-933309E2BA06}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{42FF54EA-87F2-4575-AE31-7BBAA8258723}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{2EF68058-CE45-41B0-9F77-4722EB04880E}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{1AFBF0C0-A3E6-4FE9-B3E7-B90A4EE241DB}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{112F6E44-A537-4924-AF75-E377A0617619}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{9D8E8385-54D3-4109-8CCA-D36E4A9E3712}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{53CFCD8D-8865-4F3E-90BC-793C21B26868}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Points de restauration =========================

28-10-2016 15:32:12 Point de contrôle planifié
06-11-2016 16:27:12 Point de contrôle planifié
10-11-2016 15:36:20 Opération de restauration

==================== Éléments en erreur du Gestionnaire de périphériques =============


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (11/14/2016 02:41:17 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Échec de l'ouverture de la valeur de registre AppDirectory:
L’opération a réussi.

Error: (11/14/2016 03:15:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante SearchUI.exe, version : 10.0.10586.589, horodatage : 0x57cf97f3
Nom du module défaillant : CortanaApi.dll, version : 0.0.0.0, horodatage : 0x57cf9452
Code d’exception : 0x80000003
Décalage d’erreur : 0x00000000000b5c6d
ID du processus défaillant : 0x13fc
Heure de début de l’application défaillante : 0x01d23dccf536c2b4
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
ID de rapport : f506a57d-3ab4-4b40-be31-064c93f87aa1
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI

Error: (11/13/2016 07:48:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante Explorer.EXE, version : 10.0.10586.589, horodatage : 0x57cf9743
Nom du module défaillant : ole32.dll, version : 10.0.10586.589, horodatage : 0x57cf9763
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000954de
ID du processus défaillant : 0xd64
Heure de début de l’application défaillante : 0x01d23d9e2db8da63
Chemin d’accès de l’application défaillante : C:\WINDOWS\Explorer.EXE
Chemin d’accès du module défaillant: C:\WINDOWS\system32\ole32.dll
ID de rapport : 51d8af85-0bce-43b2-8bdd-7ac9e39a239c
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (11/13/2016 06:03:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme explorer.exe version 10.0.10586.589 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 9a8

Heure de début : 01d23d8d647b593c

Heure de fin : 0

Chemin d'accès de l'application : C:\Windows\explorer.exe

ID de rapport : f3f2c401-a987-11e6-8108-60a44c71a002

Nom complet du package défaillant :

ID de l'application relative au package défaillant :

Error: (11/13/2016 06:01:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme explorer.exe version 10.0.10586.589 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 914

Heure de début : 01d23d94c4cddf29

Heure de fin : 0

Chemin d'accès de l'application : C:\Windows\explorer.exe

ID de rapport : 176f92b4-a988-11e6-8108-60a44c71a002

Nom complet du package défaillant :

ID de l'application relative au package défaillant :

Error: (11/13/2016 06:00:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme explorer.exe version 10.0.10586.589 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 9c

Heure de début : 01d23d94b6b4c26c

Heure de fin : 0

Chemin d'accès de l'application : C:\Windows\explorer.exe

ID de rapport : 02321806-a988-11e6-8108-60a44c71a002

Nom complet du package défaillant :

ID de l'application relative au package défaillant :

Error: (11/13/2016 05:07:41 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Échec de l'ouverture de la valeur de registre AppDirectory:
L’opération a réussi.

Error: (11/13/2016 02:28:05 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Échec de l'ouverture de la valeur de registre AppDirectory:
L’opération a réussi.

Error: (11/12/2016 07:30:07 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Échec de l'ouverture de la valeur de registre AppDirectory:
L’opération a réussi.

Error: (11/12/2016 01:31:26 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Échec de l'ouverture de la valeur de registre AppDirectory:
L’opération a réussi.


Erreurs système:
=============
Error: (11/15/2016 04:31:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Hôte de synchronisation_2b19d s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.

Error: (11/14/2016 07:21:43 PM) (Source: disk) (EventID: 154) (User: )
Description: L’opération d’E/S à l’adresse de bloc logique 0x5bdc228 pour le disque 1 (nom d’objet périphérique physique : \Device\00000051) a échoué en raison d’une erreur matérielle.

Error: (11/14/2016 07:21:43 PM) (Source: disk) (EventID: 154) (User: )
Description: L’opération d’E/S à l’adresse de bloc logique 0x5bdc228 pour le disque 1 (nom d’objet périphérique physique : \Device\00000051) a échoué en raison d’une erreur matérielle.

Error: (11/14/2016 07:21:43 PM) (Source: disk) (EventID: 154) (User: )
Description: L’opération d’E/S à l’adresse de bloc logique 0x5bdc228 pour le disque 1 (nom d’objet périphérique physique : \Device\00000051) a échoué en raison d’une erreur matérielle.

Error: (11/14/2016 07:04:34 PM) (Source: DCOM) (EventID: 10010) (User: R2D2)
Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (11/14/2016 03:48:43 PM) (Source: DCOM) (EventID: 10010) (User: R2D2)
Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (11/14/2016 03:48:11 PM) (Source: DCOM) (EventID: 10010) (User: R2D2)
Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (11/14/2016 03:47:39 PM) (Source: DCOM) (EventID: 10010) (User: R2D2)
Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (11/14/2016 02:41:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Apple Mobile Device Service n’a pas pu démarrer en raison de l’erreur :
Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle.

Error: (11/14/2016 02:41:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Apple Mobile Device Service.


CodeIntegrity:
===================================
  Date: 2016-10-06 04:03:38.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-23 14:15:37.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-23 13:23:28.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-17 04:52:46.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 22:13:12.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 12:34:50.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-12 00:16:29.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 18:06:53.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 20:52:33.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 19:54:56.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Infos Mémoire ===========================

Processeur: Intel® Core™ i5-3230M CPU @ 2.60GHz
Pourcentage de mémoire utilisée: 62%
Mémoire physique - RAM - totale: 3981.73 MB
Mémoire physique - RAM - disponible: 1488.86 MB
Mémoire virtuelle totale: 8077.73 MB
Mémoire virtuelle disponible: 5317.68 MB

==================== Lecteurs ================================

Drive c: (R2-D2) (Fixed) (Total:237.69 GB) (Free:139.3 GB) NTFS
Drive e: (CAPRICA) (Fixed) (Total:3725.99 GB) (Free:529 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 66E880FA)
Partition 1: (Active) - (Size=350 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=237.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== Fin de Addition.txt ============================

Attached Files


Edited by Starbuck, 15 November 2016 - 11:50 AM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:39 PM

Posted 15 November 2016 - 02:28 PM

Hi lotusflow3r
 

Unfortunately I had uninstalled MalwareByte after use

Ok, no problem.
It was worth a try.

P2P Warning

SoulSeek
Vuze


Please note that as long as you're using any form of Peer-to-Peer networking ( Vuze, Bearshare, uTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware and system problems to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer.
Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise.
There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software.
Hardly surprising then that many of these Downloads are being targeted to carry infections.

Having these programs run at start up, must be one of the craziest things you could do!

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


----------

I take it that you have set these....... please let me know.

FF NetworkProxy: Mozilla\Firefox\Profiles\ku12e81s.default -> http", "202.131.114.196"
FF NetworkProxy: Mozilla\Firefox\Profiles\ku12e81s.default -> http_port", 34002
FF NetworkProxy: Mozilla\Firefox\Profiles\ku12e81s.default -> socks_remote_dns", true
FF NetworkProxy: Mozilla\Firefox\Profiles\ku12e81s.default -> type", 0

and added this:

FF Extension: (FoxyProxy Standard) - C:\Users\Shaomi\AppData\Roaming\Mozilla\Firefox\Profiles\ku12e81s.default\Extensions\foxyproxy@eric.h.jung [2016-09-29]


Step 1

QuickTime 7

Please uninstall Quicktime for Windows.

It is now a security risk:
Apple is deprecating QuickTime for Microsoft Windows.
They will no longer be issuing security updates for the product on the Windows Platform and as such they recommend users uninstall it.

And because Apple is no longer providing security updates for QuickTime on Windows, the present vulnerabilities are never going to be patched.



Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


In your next reply, please submit:
Fixlog.txt
Also let me know about those proxy settings.


Thanks.

Attached Files


Edited by Starbuck, 15 November 2016 - 02:30 PM.

BBPP6nz.png


#5 lotusflow3r

lotusflow3r
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 16 November 2016 - 12:53 AM

Hi and many thanks, here's the Fixlog.

 

P2P's are too important a part of my entertainment life for me to give-up on them but I didn't know running Vuze on startup was more dangerous, I have just changed this, and I won't use either until we're done here. The last time I've had a malware (at least one that I knew of) that I couldn't get rid of without the help of a "Hijack This" board was more than 10 years ago (I came here last year but it was for my GF's computer), so hopefully even with P2P I won't bother you again before another 10 years :) But I understand the warning, fair enough ;)

 

I've uninstalled Quicktime.

 

The proxy for Firefox is something I was using last year at some point because of multiple accounts on Facebook (nothing naughty, just an artistic project that required a specific account) and as FB had already blocked 2 "fake" profiles for this project, I just wanted to use my real profile on Chrome and the other on Mozilla with a proxy to avoid FB doing the math and risking blocking mine on top of it all, but now that I'm on a VPN I don't need this anymore and I haven't used the proxy lately, nor do I plan to. Any further step I need to take regarding this?

 

Oh BTW do you recommand me reinstalling MalwareBytes (or another similar program) and run it on a regulat basis?

 

Please let me know what is next if anything, and if there was/is any malware at all (as I said I wasn't even sure).

 

Many many thanks.



#6 lotusflow3r

lotusflow3r
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 16 November 2016 - 12:57 AM

Attached file :)

Attached Files



#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:39 PM

Posted 16 November 2016 - 12:57 PM

Hi lotusflow3r

P2P's are too important a part of my entertainment life for me to give-up on them but I didn't know running Vuze on startup was more dangerous, I have just changed this, and I won't use either until we're done here.

Ok.
I appreciate your honesty and your understanding.

Oh BTW do you recommand me reinstalling MalwareBytes (or another similar program) and run it on a regulat basis?

MBAM is a handy program to keep on your system.
Just use the free version ... update it once a week and run a scan.
You can never be too careful.
There is a similar program, which we'll run now.... this will double check everything for us.

and if there was/is any malware at all (as I said I wasn't even sure).

A few orphan entries, some leftovers to clean up and some odd things going on in the Temp files.
All dealt with now.

Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    rk1_zpsn7bfbew7.png
  • Click Start Scan

    rk2_zpszu8aygv0.png

    rk4_zpsj0fwsy1w.png
  • Double check anything found and tick to select items to be removed

    rk3_zps0k0uqbtb.png
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.
Thanks

BBPP6nz.png


#8 lotusflow3r

lotusflow3r
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 November 2016 - 06:15 AM

Here we go :)
 
RogueKiller V12.8.1.0 (x64) [Nov 14 2016] (Gratuit) par Adlice Software
 
Système d'exploitation : Windows 10 (10.0.10586) 64 bits version
Démarré en  : Mode normal
Utilisateur : Shaomi [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 11/17/2016 17:36:19 (Durée : 00:20:55)
 
¤¤¤ Processus : 0 ¤¤¤
 
¤¤¤ Registre : 20 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Conduit -> Non sélectionné
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\OCS -> Non sélectionné
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\ProgSense -> Non sélectionné
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Softonic -> Non sélectionné
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\TeleCharger -> Non sélectionné
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Conduit -> Non sélectionné
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\OCS -> Non sélectionné
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\ProgSense -> Non sélectionné
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Softonic -> Non sélectionné
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\TeleCharger -> Non sélectionné
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\AppDataLow\Software\Search Protection -> Non sélectionné
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\AppDataLow\Software\Search Protection -> Non sélectionné
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection -> Non sélectionné
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{43a64268-501a-4734-bcbc-573b8b416c1c} | DhcpNameServer : 10.18.0.1 ([])  -> Non sélectionné
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{E7A3CA32-33E9-4251-86CE-2331FA24D85D}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Non sélectionné
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B14A1D65-F90E-4661-8362-574A47BE341F} : v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Non sélectionné
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {191EDA9B-A08F-4C90-9A17-3B96506588C0} : v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Non sélectionné
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Non sélectionné
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Non sélectionné
 
¤¤¤ Tâches : 0 ¤¤¤
 
¤¤¤ Fichiers : 1 ¤¤¤
[PUP][Répertoire] C:\Users\Shaomi\AppData\Roaming\Tencent -> Supprimé(e)
[PUP][Fichier] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\All Users\config\3ebffe94.ini -> Supprimé(e)
[PUP][Fichier] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\All Users\config\update.data -> Supprimé(e)
[PUP][Fichier] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\All Users\config\WeChat Files\All Users\config\c9d52eb5.ini -> Supprimé(e)
[PUP][Répertoire] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\All Users\config\WeChat Files\All Users\config -> Supprimé(e)
[PUP][Répertoire] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\All Users\config\WeChat Files\All Users -> Supprimé(e)
[PUP][Répertoire] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\All Users\config\WeChat Files -> Supprimé(e)
[PUP][Répertoire] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\All Users\config -> Supprimé(e)
[PUP][Répertoire] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\All Users -> Supprimé(e)
[PUP][Fichier] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\err_readoffset.ini -> Supprimé(e)
[PUP][Fichier] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\host\getdns.ini -> Supprimé(e)
[PUP][Répertoire] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\host -> Supprimé(e)
[PUP][Fichier] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\kvcomm\config.ini -> Supprimé(e)
[PUP][Répertoire] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat\kvcomm -> Supprimé(e)
[PUP][Répertoire] C:\Users\Shaomi\AppData\Roaming\Tencent\WeChat -> Supprimé(e)
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Fichier Hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
 
¤¤¤ Navigateurs web : 4 ¤¤¤
[PUM.Proxy][Firefox:Config] ku12e81s.default : user_pref("network.proxy.http", "202.131.114.196"); -> Non sélectionné
[PUM.Proxy][Firefox:Config] ku12e81s.default : user_pref("network.proxy.http_port", 34002); -> Non sélectionné
[PUM.HomePage][Firefox:Config] ku12e81s.default : user_pref("browser.startup.homepage", "https://www.facebook.com/"); -> Non sélectionné
[PUM.HomePage][Chrome:Config] Profile 2 [SecurePrefs] : homepage [http://search.conduit.com/?SearchSource=10&ctid=CT2613520] -> Non sélectionné
 
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Corsair Neutron SSD +++++
--- User ---
[MBR] e2d17ab30552853c1b7157970952276f
[BSP] 0f7e4b30de357b5ffa83e6aef1eecf78 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 243396 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 499193856 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WD Elements 107C USB Device +++++
Error reading User MBR! ([57] Paramètre incorrect. )
Error reading LL1 MBR! ([79] Le délai de temporisation de sémaphore a expiré. )
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
 
+++++ PhysicalDrive2: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] e7a2c070e14a0afe6575ee1f060f64c3
[BSP] 71b1071eb5161e24ec41a1508ae8a1b5 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:39 PM

Posted 17 November 2016 - 01:37 PM

Hi lotusflow3r

There are a lot of entries marked.... Non sélectionné
I don't understand why these were not selected.
A lot of those, I wouldn't want on any of my systems.

BBPP6nz.png


#10 lotusflow3r

lotusflow3r
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 November 2016 - 03:09 PM

Hi lotusflow3r

There are a lot of entries marked.... Non sélectionné
I don't understand why these were not selected.
A lot of those, I wouldn't want on any of my systems.

That's odd, I have no clue. Indeed some things were found but not selected, I wasn't sure what to do so I only deleted the selected ones. 

 

Should I scan again and check them for deletion (if possible)? Or remove them manually (again if it's even possible)?



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:39 PM

Posted 17 November 2016 - 03:22 PM

Should I scan again and check them for deletion (if possible)?

Yes run another scan and select anything found.
if that doesn't work I can write a fix to remove them.

Thanks.

BBPP6nz.png


#12 lotusflow3r

lotusflow3r
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 18 November 2016 - 02:43 AM

Thx Starbuck.

 

Here we go, I guess we're good now?

 

RogueKiller V12.8.1.0 (x64) [Nov 14 2016] (Gratuit) par Adlice Software
 
Système d'exploitation : Windows 10 (10.0.10586) 64 bits version
Démarré en  : Mode normal
Utilisateur : Shaomi [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 11/18/2016 14:56:28 (Durée : 00:19:14)
 
¤¤¤ Processus : 0 ¤¤¤
 
¤¤¤ Registre : 20 ¤¤¤
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Conduit -> Supprimé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\OCS -> Supprimé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\ProgSense -> Supprimé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Softonic -> Supprimé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\TeleCharger -> Supprimé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Conduit -> Supprimé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\OCS -> Supprimé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\ProgSense -> Supprimé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Softonic -> Supprimé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\TeleCharger -> Supprimé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\AppDataLow\Software\Search Protection -> Supprimé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\AppDataLow\Software\Search Protection -> Supprimé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection -> Supprimé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3457565236-1511229669-2340543116-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection -> Supprimé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{43a64268-501a-4734-bcbc-573b8b416c1c} | DhcpNameServer : 10.16.0.1 ([])  -> Remplacé(e) ()
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{E7A3CA32-33E9-4251-86CE-2331FA24D85D}C:\program files (x86)\orbitdownloader\orbitnet.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\orbitdownloader\orbitnet.exe|Name=P2P service of Orbit Downloader|Desc=P2P service of Orbit Downloader|Defer=User| [x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B14A1D65-F90E-4661-8362-574A47BE341F} : v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {191EDA9B-A08F-4C90-9A17-3B96506588C0} : v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Supprimé(e)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Remplacé(e) (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Remplacé(e) (2)
 
¤¤¤ Tâches : 0 ¤¤¤
 
¤¤¤ Fichiers : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Fichier Hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
 
¤¤¤ Navigateurs web : 4 ¤¤¤
[PUM.Proxy][Firefox:Config] ku12e81s.default : user_pref("network.proxy.http", "202.131.114.196"); -> Supprimé(e)
[PUM.Proxy][Firefox:Config] ku12e81s.default : user_pref("network.proxy.http_port", 34002); -> Supprimé(e)
[PUM.HomePage][Firefox:Config] ku12e81s.default : user_pref("browser.startup.homepage", "https://www.facebook.com/"); -> Remplacé(e) (about:home)
[PUM.HomePage][Chrome:Config] Profile 2 [SecurePrefs] : homepage [http://search.conduit.com/?SearchSource=10&ctid=CT2613520] -> Supprimé(e)
 
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Corsair Neutron SSD +++++
--- User ---
[MBR] e2d17ab30552853c1b7157970952276f
[BSP] 0f7e4b30de357b5ffa83e6aef1eecf78 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 243396 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 499193856 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WD Elements 107C USB Device +++++
Error reading User MBR! ([57] Paramètre incorrect. )
Error reading LL1 MBR! ([79] Le délai de temporisation de sémaphore a expiré. )
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
 
+++++ PhysicalDrive2: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] e7a2c070e14a0afe6575ee1f060f64c3
[BSP] 71b1071eb5161e24ec41a1508ae8a1b5 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

Edited by lotusflow3r, 18 November 2016 - 02:43 AM.


#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:39 PM

Posted 18 November 2016 - 03:34 AM

Hi lotusflow3r

That looks a lot better :)

How is the system running?
Are you still having the original problems?

BBPP6nz.png


#14 lotusflow3r

lotusflow3r
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 18 November 2016 - 05:13 AM

Well no it's pretty cool now. Me and some colleagues have also made a big fuss about the internet at the teachers' residence office last week and things r getting better on that front. I've also realized that it's my modem that doesn't realize that the internet is back, not my PC (but I must unplug and replug the iethernet cable, not reboot the modem like I used to).

Regarding the PC itself the loading of pages is faster regardless of the (still fluctuant) internet speed and I have no more adsites tabs/popups so I think it's clean now. I will keep MalwareBytes and Roguekiller installed and run both on a regular basis.

I thank you warmly for your time and efforts  :flowers:


Edited by lotusflow3r, 18 November 2016 - 05:14 AM.


#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:39 PM

Posted 18 November 2016 - 06:54 AM

Hi lotusflow3r

I've also realized that it's my modem that doesn't realize that the internet is back, not my PC

Regarding the PC itself the loading of pages is faster regardless of the (still fluctuant) internet speed and I have no more adsites tabs/popups

That's good to hear, thanks for letting me know.

I will keep MalwareBytes and Roguekiller installed and run both on a regular basis.

By all means keep both... they are handy to have around.

I thank you warmly for your time and efforts

You are more than welcome.

Let's finish the cleaning process and remove FRST.

Right click on the FRST icon and select delete.
Right click on any fixlog.txt, fixlist.txt and select delete.
Navigate to: C:\frst and delete the frst folder

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program at a time

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Install an AdBlocker
Firefox: uBlock Origin
Google Chrome: uBlock Origin

uBlock Origin is NOT an "ad blocker" as such: it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker".
The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites
.

Internet Explorer:
Adblock Plus for Internet Explorer

P2P programs/Torrents
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Beware of PuP's when installing 'free' software
(Potentially Unwanted Program) An application that is installed along with the desired application the user actually asked for.
In most cases, the PUP is spyware, adware or some other unwanted software.
However, what makes spyware or adware a PUP rather than pure malware is the fact that the end user license agreement (EULA) does inform the user that this additional program is being installed.
Considering hardly anyone ever reads the license agreement, the distinction is a subtle one.

Understanding PuP's (Adware)

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users